Josh Zelonis

Sorting through the smoke and mirrors surrounding the dark web to deliver the truth about what it is, what it does, and what it means.

Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]

Digital transformation has rendered traditional vulnerability management solutions insufficient. Because of this, the next vulnerability risk management wave will focus on vendors developing solutions for today’s problems.

Deception Technologies Operate By Identifying Business Use Case Violations Deception technology comes in many different varieties, but foundational to them all is the creation of an asset that has no legitimate business use. As this asset has no legitimate business use case, any interaction with it is necessarily a business use case violation. “But wait,” […]

Sixty-four percent of global security decision makers recognize that improving their threat intelligence capabilities is a high or critical priority. Nevertheless, companies across many industries fail to develop a strategy for achieving this. Among the many reasons why organizations struggle to develop a threat intelligence capability, two stand out: Developing a mature threat intelligence program […]

Beware the fallacy of composition. Josh Zelonis breaks down common misconceptions about what MITRE ATT&CK can and can’t tell you.

Motherboard and Kaspersky unveiled that hackers compromised a server of computer manufacturer ASUS’s live software update tool to install a malicious backdoor on thousands of computers. The malicious file was able to masquerade as an authentic software update as it was signed with legitimate ASUS digital certificates. The manufacturer unwittingly pushed out the backdoor to […]

Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to […]

Every year, the RSA Conference provides an opportunity to attend a few keynotes and get together with friends, old and new, to discuss trends we’re seeing in the market. While a big theme on the expo floor this year was Zero Trust, there were three topics that I found unavoidable during the conference and weren’t […]

In my previous blog post on the MITRE ATT&CK evaluations, I developed a scale for rating the individual vendor evaluations and provided source code to help make the results more generally consumable. Since publishing this blog, I’ve been having a number of conversations with clients about the “tainted” modifier in the recent MITRE ATT&CK evaluations, […]

I’ve been extremely excited about the MITRE ATT&CK evaluation since it decided to open it up to vendors earlier this year. The endpoint detection and response (EDR) market represents the direction of endpoint security, yet the state of endpoint efficacy testing has been underwhelming. • Antimalware testing has become a standard part of the endpoint […]

I’m getting ready to kick off a Forrester Wave™ on cybersecurity incident response services that should be viewed as a refresh of “The Forrester Wave™: Digital Forensics And Incident Response Service Providers, Q3 2017” published in September of 2017. This iteration of the Wave will be focused on measuring how service providers are able to prepare clients […]

I received a text message the other day that looked a lot like what I might get from my bank if I triggered some antifraud check. The timing was impeccable; I had just used the card to pay for takeout and had walked out to my motorcycle to head home. When I initially got the […]

During my presentation at RSA Conference 2018 this year, I discussed what I refer to as the “Heisenberg Uncertainty Principle of Asset Management,” which states that it’s impossible to maintain an asset inventory list in a constantly evolving environment. Think of it this way: Your IT infrastructure is probably a lot like a giant jelly […]

  I’m going to start this blog post by saying that if you only read one paragraph, scroll down and make it the last one. I’m frequently approached by vendors who want to know my thoughts on the convergence of endpoint detection and response (EDR) and endpoint protection (EP) into a single-agent solution. “It only […]

  The threat model has changed. Data breaches have traditionally required execution of some manner of code on a system to access data and a network connection to exfiltrate the data off the system. This is no longer the case, as Spectre reduces the requirement for code execution to anywhere on a device as opposed […]

  I’m an analyst. It’s my job to formulate opinions on your product and company and provide that insight to my clients. Prior to joining Forrester, the impact analysts have on the industry was described to me this way: “I don’t have time to be an expert at everything I need to know, so I […]

A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been around for years, until there is a unified vision for these products, I continue to view […]

September 2017 was a busy month. Three major breach notifications in Deloitte, the SEC, and Equifax… and my first Wave dropped, coincidentally on Digital Forensics & Incident Response Service Providers. Following all this commotion, I had a client reach out and ask me how… How are investigators able to reconstruct digital crime scenes to identify […]