Josh Zelonis

As I’ve continued to analyze the round 2 results from the MITRE ATT&CK evaluation, I’ve had the opportunity to speak to more and more vendors that have indicated that one of the areas they struggled with was detecting the specific methods of PowerShell invocation used in the evaluation. Spoiler: It’s bad. Consider the evolution of […]

Analyst Josh Zelonis provides a new metric for prioritizing security alerts and avoiding alert fatigue.

In January of 2020, we launched our inaugural “The Future Of The CISO” report, which identified the six types of CISOs (chief information security officers) we discovered through our research. At its release, we received copious amounts of feedback — some we had considered and some we hadn’t. While we were conducting our research, however, […]

What an amazing year it’s been for the ATT&CK evals team, going from an initial cohort of seven vendors in round 1 to 21 vendors for round 2. The industry adoption of this evaluation has been nothing short of amazing and is well deserved. With that said, I’m pleased to once again contribute my thoughts […]

It is humbling to work with a team of talented individuals like the ones I work with on Forrester’s security and risk team. This week, I’m highlighting five reports that some of these fine folks published in Q1 that I got a lot of value out of, and I think you will, too.   “Optimize […]

Following the publication of the latest Forrester Wave™ evaluation on enterprise detection and response (EDR), I published a blog with the demo script that was used in the evaluation to enable further discussion and understanding of where the market is. With this blog, I thought it would be interesting to dig into the demo script a […]

Today we published “The Forrester Wave™: Enterprise Detection And Response, Q1 2020” report to help you understand how the 12 most relevant vendors in the space are squaring off against each other, with a focus on product functionality, vendor strategy, and client experiences. I’m honestly quite excited about this evaluation and have taken the concept […]

When the endpoint detection and response (EDR, which was also referred to as endpoint threat detection and response, or ETDR, at the time) market was getting started, there was a lot of pushback, ranging from privacy concerns to what the acceptance of a second security agent on endpoints would be (apparently, it was never going […]

Forrester’s review of the top security threats in 2020 found the biggest risk is often not technology. Analyst Josh Zelonis provides some detailed insight.

From the Intel-McAfee deal to the Sony Pictures breach, VP and Principal Analyst Jeff Pollard reviews the past decade’s cybersecurity highlights and lowlights.

Cybersecurity needs to be part of every retailer's holiday strategy. Learn how to protect against one particularly menacing threat.

Cyberthreat intelligence (CTI) is an overcrowded space that is overdue for contraction. In general, we see it filled with smaller vendors with founders who come from an intel background, got enough funding to land a Fortune 100 client (not exclusively, mind you), and have put their logo into every pitch deck they use when going […]

Every once in a while, something happens that leaves you walking away feeling like you got away with murder. Today, I get to share with you one of my latest exploits. My coverage here at Forrester for the past 3-plus years has been vulnerability management, threat intelligence, detection technologies, and incident response. While each of […]

Many vulnerability risk management (VRM) solutions are limited and fail to provide meaningful metrics about the health of your VRM program. One example is the use of counting metrics such as the number of vulnerabilities identified in your organization. Counting stats don’t have any real value because they fail to provide context. These vulnerabilities could […]

Is it time we rebrand EDR as “enterprise detection and response”?

What’s interesting about ransomware is that it commoditizes an intrusion directly. There’s no sale of the data, so the valuation is based on loss — the value of the data and interrupted services to the victim organization and its constituents. I

Sorting through the smoke and mirrors surrounding the dark web to deliver the truth about what it is, what it does, and what it means.

Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]

Digital transformation has rendered traditional vulnerability management solutions insufficient. Because of this, the next vulnerability risk management wave will focus on vendors developing solutions for today’s problems.