Brian Kime
Senior Analyst

Author Insights
Blog
It’s Christmas In July For Three Threat Intelligence Startups
Christmas came early for three vendors in the threat intelligence and attack surface management space this past week. In a reported all-cash $500 million deal (no need for layaway when your market cap is north of $2 trillion), Microsoft acquired threat intelligence and attack surface management vendor RiskIQ. In Europe, Swedish vulnerability risk management firm […]
Blog
Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]
Blog
Debunking Infosec Purity And Other Security Myths In The Wake Of Recent Attacks
Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]
Blog
The Colonial Pipeline Cyberattack Is A (Another) Call For Zero Trust And Resilience In Industrial Companies
On Friday, May 7, 2021, Colonial Pipeline safely shut down its pipeline operations due to a ransomware incident in its corporate network. Colonial Pipeline transports 45 percent of the fuel along the East Coast of the United States through 5,500 miles of pipeline. To mitigate the disruption of Colonial Pipeline, the US government allowed a […]
Blog
National Poetry Month And The Case For Whimsy In Security & Risk
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]
Blog
Announcing The Forrester Wave™: External Threat Intelligence Services, Q1 2021
We are thrilled to announce the publication of “The Forrester Wave™: External Threat Intelligence Services, Q1 2021.” External threat intelligence services (ETIS) are important to security teams to fill gaps in their existing collection plans with specialized services that will enhance their existing cyber defense and reduce risk. External threat intelligence services are different in […]
Blog
Stay Vigilant Of The 2021 Threat Landscape And Help Your Org Prepare For “The Next Normal”
Earlier this month, a US State Department spokeswoman announced that the US had identified three online publications that were attempting to discredit the Pfizer and Moderna vaccines, all of which were directed by Russian intelligence. In Forrester’s annual report on top security threats, we explore the top security threats that security professionals must monitor, including […]
Blog
(Likely) First Cyberintrusion Into An American Water Treatment System
Yesterday, the city of Oldsmar, Florida conducted a press conference to disclose that an unknown person had remotely accessed the city’s water treatment system. The public was never in danger, since operators detected the breach quickly and reversed the changes made by the threat within moments. The change made to the system was “loud” — […]
Blog
Cybersecurity Lessons Learned From Snowmageddon
Social media reminded us that seven years ago, a mere two inches of snow in the middle of the day shut down Atlanta, our beloved city. It’s now affectionally referred to as Snowmageddon or Snowpocalypse. We both worked at competing security vendors then — Brian in the office at the Secureworks HQ in Sandy Springs (just […]
Blog
Voulez-Vous Parler Social Networks’ Content Moderation Policies?
My father told me once, “If you see something wrong happening in the world, you can either do nothing, or you can do something.” And I already tried nothing. — Steve Trevor, Wonder Woman Social networks, tech vendors ingesting social data, and brands running social listening practices might all be wondering the same thing right […]
Blog
The SolarWinds And US Government Breach Is Not A Marketing Opportunity
The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. We’ve provided immediate, actionable advice for security and risk pros and IT leaders in our report here. While security leaders guide their companies to respond, […]
Blog
Recent Dragos Funding Round Demonstrates Growing Demand For OT Security Solutions
Operational technology (OT) and industrial control system (ICS) security are vitally important for the safety of the people who work in critical infrastructure and manufacturing. OT security is also necessary for the consumers of the energy, drinking water, and products made in our industrial facilities. OT security is a unique security domain of growing importance, and yesterday’s announcement of Dragos’ Series C funding round of $110 million is another validation of […]
Blog
How A Password Manager Could Save Your Marriage
My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]
Blog
Rotten Phish Spoils Employee Experience
When our colleagues Claire O’Malley and Brian Kime wrote their “Point/Counterpoint: The Ethics Of COVID-19 Phishing” blog in March, it turns out they were inadvertently predicting an event that took place this week: An employee took to social media to speak out about a highly insensitive phishing simulation. Tribune Publishing Company, publisher of newspapers like […]
Blog
Oracle Sort Of Buys TikTok (But Not Really)
Larry Ellison proves that customer acquisition cost (CAC) is no barrier in Oracle’s conquest to expand its cloud credibility and market share. The announcement is murky at the moment, but the particulars indicate that Oracle and ByteDance will enter into a technology partnership to host the US operations of TikTok. This allows TikTok to escape […]
Blog
Microsoft Purchases CyberX
Today, Microsoft announced that it has acquired Waltham, Massachusetts-based internet-of-things (IoT) and industrial control system (ICS) security vendor CyberX. While the purchase price was not disclosed, media reports are speculating that the purchase price was somewhere between $150–$165 million. Founded in 2013, CyberX has raised $48 million in venture capital, so this deal provides a good return to investors. CyberX’s core solution can monitor IoT and ICS environments […]
Blog
A Small Victory For Securing The US Bulk Power System
It is long overdue to secure the United States’ bulk power system supply chain. As early as 2007, researchers demonstrated how digitization of power systems introduces vulnerabilities that can cause physical damage. In 2015, intruders, likely sponsored or directed by the Russian government and known colloquially by the name Sandworm, breached multiple Ukrainian electric utilities and shut off power for hundreds of thousands of […]
Blog
Point/Counterpoint: The Ethics Of COVID-19 Phishing
Security awareness testing for employees should be realistic. Yet those overseeing phishing drills should be careful when using coronavirus-related messaging.
Blog
RSA Conference 2020: An Intelligence Nerd’s Shopping List
RSA Conference is an incredible opportunity for vendors to showcase their products and services to the security and risk community. Vendors, my shopping list does not include vaporware or snake oil. Everyone attending knows the internet is a scary place and threats are around every digital corner. Skip the scary statistics, and tell me how […]
Blog
SANS CTI Summit Recap: It’s All About The Process
Crystal City again hosted the eighth SANS Cyber Threat Intelligence Summit, with several hundred attendees. CTI Summit cochairs Rick Holland, Rebekah Brown, and Katie Nickels again planned a fun, entertaining, and very educational two-day event for threat intelligence professionals from around the world. If you’re a cyber threat intelligence analyst or vendor, I encourage you to attend and submit a presentation idea for 2021. CTI […]
More posts