Jeff Pollard

As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]

The Facebook ecosystem outage should remind advertisers to have proactive risk mitigation plans in place.

One of the biggest challenges of being a security industry analyst is finding when and how to define new market segments. We both had to do this recently — Jeff with managed detection and response and Allie with extended detection and response (XDR). The most common question we get from security vendors confused as to […]

There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.

We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]

With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]

Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]

We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]

Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]

Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.

Are the results of a MITRE ATT&CK evaluation a good gauge of a vendor's effectiveness? Maybe. Vice President and Principal Analyst Jeff Pollard explains how to use the results in your vendor analysis.

There’s no shortage of obstacles holding back folks from finding meaningful employment in the cybersecurity sector. Some of these obstacles are imposed by human resources policies and the software used to automatically scan through resumes in a game of electronic buzzword bingo, one of the most insidious of these being the requirement of a college […]

“The Forrester Wave™: Managed Detection And Response, Q1 2021” is now live — and this is a seriously impressive group of vendors. I want to give a sincere thanks to them all for the effort and work they put into it. Vendors don’t always agree on things — especially with competitors. But one thing quite […]

A few months before I joined Forrester in 2015, I found a blog that introduced a new incident response (IR) metric written by @rickhholland: “Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA).” Rick introduced this — not exactly tongue-in-cheek metric for IR – because the playbook was so familiar. Get breached, […]

You’re probably tired of hearing about 2021 cybersecurity predictions. This is something different. We’re taking a look back to what we predicted would happen in 2020 and grading our predictions. After all, why make predictions in the first place if we’re not going to reflect and assess ourselves afterward? When we make predictions, we aim to identify what is different that we think […]

Microsoft has achieved its goal of being a mega-security vendor. For Microsoft competitors — which is almost every vendor — this also makes the company an existential threat.

The intrusion into SolarWinds, FireEye, and multiple US government agencies continues to roil the cybersecurity world. In only a few days, a slew of additional details have emerged about the scope of the intrusions, with more surely to come. Security vendors spend all their time talking about security but not in a way that’s useful […]

The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. We’ve provided immediate, actionable advice for security and risk pros and IT leaders in our report here. While security leaders guide their companies to respond, […]

It’s not that I’m not a gamer. I enjoy board games and card games: Trivial Pursuit, Settlers of Catan, SET, Hive. I’m up to level 3056 in Two Dots. As a kid, I played Super Mario Land on my brother’s Game Boy and Sonic the Hedgehog on the family Sega Genesis. But I’ve never been […]