Josh Zelonis

Principal Analyst

Forrester Bio

Josh Zelonis

Author Insights

BLOG

Ransomware: The Nightmare Before Cyber Monday

Josh Zelonis October 22, 2019
Cybersecurity needs to be part of every retailer's holiday strategy. Learn how to protect against one particularly menacing threat.
Read More
BLOG

Demystifying The Information Sharing Alphabet Soup

Josh Zelonis October 21, 2019
Cyberthreat intelligence (CTI) is an overcrowded space that is overdue for contraction. In general, we see it filled with smaller vendors with founders who come from an intel background, got enough funding to land a Fortune 100 client (not exclusively, mind you), and have put their logo into every pitch deck they use when going […]
Read More
BLOG

Adventures In New And Evolving Coverage: Threat Detection And Response

Josh Zelonis October 1, 2019
Every once in a while, something happens that leaves you walking away feeling like you got away with murder. Today, I get to share with you one of my latest exploits. My coverage here at Forrester for the past 3-plus years has been vulnerability management, threat intelligence, detection technologies, and incident response. While each of […]
Read More
BLOG

Three Critical Metrics You Should Expect From A Vulnerability Risk Management Solution

Josh Zelonis September 26, 2019
Many vulnerability risk management (VRM) solutions are limited and fail to provide meaningful metrics about the health of your VRM program. One example is the use of counting metrics such as the number of vulnerabilities identified in your organization. Counting stats don’t have any real value because they fail to provide context. These vulnerabilities could […]
Read More
BLOG

VMware Signals The End Of “Endpoint” Detection And Response

Josh Zelonis August 23, 2019
Is it time we rebrand EDR as “enterprise detection and response”?
Read More
BLOG

The Rising Tide Of Ransomware Requires A Commitment To Best Practices

Josh Zelonis July 15, 2019
What’s interesting about ransomware is that it commoditizes an intrusion directly. There’s no sale of the data, so the valuation is based on loss — the value of the data and interrupted services to the victim organization and its constituents. I
Read More
BLOG

Global Warming For Iceberg Metaphors

Josh Zelonis June 13, 2019
Sorting through the smoke and mirrors surrounding the dark web to deliver the truth about what it is, what it does, and what it means.
Read More
BLOG

Unconventional Wisdom: Explore Paying The Ransom In Parallel With Other Recovery Options

Josh Zelonis June 4, 2019
Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]
Read More
BLOG

The Impact Of Digital Transformation On The Vulnerability Management Space

Josh Zelonis May 21, 2019
Digital transformation has rendered traditional vulnerability management solutions insufficient. Because of this, the next vulnerability risk management wave will focus on vendors developing solutions for today’s problems.
Read More
BLOG

Forget What You Read In “Winnie The Pooh”: The Goal Of A Honeypot Isn’t To Get The Adversary Stuck In A Tree

Josh Zelonis April 22, 2019
Deception Technologies Operate By Identifying Business Use Case Violations Deception technology comes in many different varieties, but foundational to them all is the creation of an asset that has no legitimate business use. As this asset has no legitimate business use case, any interaction with it is necessarily a business use case violation. “But wait,” […]
Read More
BLOG

Understanding The Evolving DRP Market

Josh Zelonis April 19, 2019
Sixty-four percent of global security decision makers recognize that improving their threat intelligence capabilities is a high or critical priority. Nevertheless, companies across many industries fail to develop a strategy for achieving this. Among the many reasons why organizations struggle to develop a threat intelligence capability, two stand out: Developing a mature threat intelligence program […]
Read More
BLOG

The MITRE ATT&CK Framework Is Not A Bingo Card

Josh Zelonis April 17, 2019
Beware the fallacy of composition. Josh Zelonis breaks down common misconceptions about what MITRE ATT&CK can and can’t tell you.
Read More
BLOG

Don’t Drink From A Poisoned Well — Mitigate Supply Chain Risk With Zero Trust

Josh Zelonis March 25, 2019
Motherboard and Kaspersky unveiled that hackers compromised a server of computer manufacturer ASUS’s live software update tool to install a malicious backdoor on thousands of computers. The malicious file was able to masquerade as an authentic software update as it was signed with legitimate ASUS digital certificates. The manufacturer unwittingly pushed out the backdoor to […]
Read More
BLOG

Make No Mistake — Microsoft Is A Security Company Now

Josh Zelonis March 22, 2019
Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to […]
Read More
BLOG

Backstage Pass: Three Key Takeaways From The 2019 RSA Conference Without Hitting The Expo Floor

Josh Zelonis March 21, 2019
Every year, the RSA Conference provides an opportunity to attend a few keynotes and get together with friends, old and new, to discuss trends we’re seeing in the market. While a big theme on the expo floor this year was Zero Trust, there were three topics that I found unavoidable during the conference and weren’t […]
Read More
BLOG

Tainted Love: Understanding Tainted Detection In The MITRE ATT&CK Evaluation

Josh Zelonis December 17, 2018
In my previous blog post on the MITRE ATT&CK evaluations, I developed a scale for rating the individual vendor evaluations and provided source code to help make the results more generally consumable. Since publishing this blog, I’ve been having a number of conversations with clients about the “tainted” modifier in the recent MITRE ATT&CK evaluations, […]
Read More
BLOG

Quantifying Vendor Efficacy Using The MITRE ATT&CK Evaluation

Josh Zelonis December 5, 2018
I’ve been extremely excited about the MITRE ATT&CK evaluation since it decided to open it up to vendors earlier this year. The endpoint detection and response (EDR) market represents the direction of endpoint security, yet the state of endpoint efficacy testing has been underwhelming. • Antimalware testing has become a standard part of the endpoint […]
Read More
BLOG

Research Announcement: Cybersecurity Incident Response Services Forrester Wave™

Josh Zelonis October 16, 2018
I’m getting ready to kick off a Forrester Wave™ on cybersecurity incident response services that should be viewed as a refresh of “The Forrester Wave™: Digital Forensics And Incident Response Service Providers, Q3 2017” published in September of 2017. This iteration of the Wave will be focused on measuring how service providers are able to prepare clients […]
Read More
BLOG

How I Almost Got Phished And Why Training Isn’t Enough

Josh Zelonis October 5, 2018
I received a text message the other day that looked a lot like what I might get from my bank if I triggered some antifraud check. The timing was impeccable; I had just used the card to pay for takeout and had walked out to my motorcycle to head home. When I initially got the […]
Read More
BLOG

Introducing Forrester’s Asset Intelligence Model (AIM) For Asset Management

Josh Zelonis May 7, 2018
During my presentation at RSA Conference 2018 this year, I discussed what I refer to as the “Heisenberg Uncertainty Principle of Asset Management,” which states that it’s impossible to maintain an asset inventory list in a constantly evolving environment. Think of it this way: Your IT infrastructure is probably a lot like a giant jelly […]
Read More