Rick Holland

Author Insights

BLOG

Kicking Off Forrester’s “Targeted Attack Hierarchy Of Needs” Research

Rick Holland November 4, 2013
I am about to kick off my next Forrester research on targeted attacks.  Here is the short abstract: "The threat landscape has evolved but organizations haven't. Leveraging concepts of Zero Trust, this report will detail strategies for protecting against targeted attacks against your organization. We will focus on the pros and cons of various strategies […]
Read More
BLOG

If Everything Is Threat Intelligence, Then Nothing Is Threat Intelligence

Rick Holland October 30, 2013
The hype surrounding threat intelligence has continued to build since I wrote the blog "My Threat Intel Can Beat Up Your Threat Intel” in mid-2012.  S&R pros are responding to both the hope and promise of threat intelligence. According to our Forrsights survey data, 75% of security decision-makers report that establishing or improving threat intelligence […]
Read More
BLOG

Kicking off the Forrester Web Content Security Wave

Rick Holland October 22, 2013
We are about to kickoff our next Forrester Wave on web content security.  The inclusion criteria for vendor prequalification will be sent out within the next two weeks. We will be focusing on both traditional web gateways as well as the hybrid and SaaS delivery models. What does this mean for you? Vendors:  If you […]
Read More
BLOG

Point Solutions Must Die

Rick Holland August 19, 2013
Last year I wrote a blog post titled, “Incident Response Isn’t About Point Solutions; It Is About An Ecosystem."  This concept naturally extends beyond incident response to broader enterprise defense.  An ecosystem approach provides us an alternative to the cobbling together of the Frankenstein’esque security infrastructure that is so ubiquitous today.  Many of us in […]
Read More
BLOG

Counter-Strike?

Rick Holland June 4, 2013
On Monday the Wall Street Journal ran a story on hacking back titled, “Support Grows to Let Cybertheft Victims Hack Back.”  The article describes a growing desire to permit the private sector to retaliate against attackers. Being proactive is one thing, but the notion of enterprises retaliating against attackers is ludicrous. I honestly cannot understand […]
Read More
BLOG

Observations on the 2013 Verizon Data Breach Investigations Report

Rick Holland April 23, 2013
I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.)  I have found the report to be valuable year after year.  This is the 6th iteration and this year’s report includes 621 confirmed data breaches, as well as over 47,000 reported security incidents.  18 organizations from […]
Read More
BLOG

Avoid The Information Security Squirrel

Rick Holland April 18, 2013
"My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. Squirrel!"   In the Pixar film Up, squirrels frequently distract Dug the talking dog. In our space, we are frequently distracted by technology. "I am a good and smart security professional; […]
Read More
BLOG

Introducing Forrester’s Cyber Threat Intelligence Research

Rick Holland February 15, 2013
We have started a new report series on Cyber Threat Intelligence.  The first report, "Five Steps To Build An Effective Threat Intelligence Capability," is designed to help organizations understand what threat intelligence is and how to establish a program. If you're not a Forrester client and would like the report, Proofpoint is providing a complementary copy. On […]
Read More
BLOG

Crowdsourcing my RSA panels

Rick Holland February 12, 2013
The San Francisco RSA conference is now less than two weeks away, and this year I am moderating two great panels. I thought I'd reach out and solicit suggestions for discussion.  1) Too Big to Fail: CISO Panel on Scaling Security in the Era of Big Data This Forrester-moderated panel of top security executives from Allergan, […]
Read More
BLOG

Bit9’s Operational Oversight Is Probably Your Operational Reality

Rick Holland February 11, 2013
You are now no doubt aware that Boston-based security firm Bit9 suffered an alarming compromise, which resulted in attackers gaining access to code-signing certificates that were then used to sign malicious software. See Brian Kreb’s article for more details. (Symantec breathes a quiet sigh of relief to see a different security vendor in the headlines.) […]
Read More
BLOG

Shoulder Surfing The Friendly Skies

Rick Holland December 17, 2012
FAIL at 30,000ish feet  When you fly nearly every week, you can get pretty bored on a plane.  When I am sick of working, playing games, or watching movies, my latest distraction is checking out laptop screens. Sometimes I'm curious what movie you are watching but other times I am interested in what type of […]
Read More
BLOG

Expense In Depth And The Trouble With The Tribbles

Rick Holland December 10, 2012
You remember the tribbles don't you? The cute, harmless looking alien species from the second season of the original Star Trek that turn out to be anything but benign. They are born pregnant and reproduce at an alarming rate. The tribbles threaten the ship, but fortunately Chief Engineer Montgomery Scott is able to transport all […]
Read More
BLOG

The Forrester Wave: Email Content Security

Rick Holland November 27, 2012
It is with great pleasure that I announce the completion of my first Forrester Wave™: Email Content Security, Q4 2012. I’d like to thank the research associates (Jessica McKee and Kelley Mak) who assisted me with this project. We performed a 47-criteria evaluation of nine email content security vendors. Given my background as a practitioner and […]
Read More
BLOG

Incident Response Isn’t About Point Solutions; It’s About An Ecosystem

Rick Holland September 20, 2012
Today EMC announced the acquisition of Silicium Security.  Silicium’s ECAT product is a malware threat detection and response solution.  ECAT did not adopt the failed signature based approach to malware detection and instead leveraged whitelisting and anomaly detection.  Incident response teams can leverage ECAT to quickly identify and remediate compromised hosts.  ECAT joins NetWitness and […]
Read More
BLOG

Observations From Black Hat – More Defense Please

Rick Holland August 1, 2012
Last week I had the opportunity to attend the 15th annual Black Hat security conference in Las Vegas. I have attended DEFCON in the past, but never Black Hat. The conference has grown significantly each year, and judging by the size of the expo floor, the vendors understand its significance. I enjoyed the conference and […]
Read More
BLOG

My Threat Intelligence Can Beat Up Your Threat Intelligence

Rick Holland May 22, 2012
Have you ever been in a vendor meeting and heard the vendor extol the greatness of their threat intelligence?  You may have even seen a slide that looks similar to this: The vendor probably proceeded to highlight the key differentiators that make their threat intelligence network stand second to none.  Bullets containing statistics like this […]
Read More
BLOG

Kim Kardashian And APTs

Rick Holland May 17, 2012
On Wednesday, American footwear company Skechers agreed to pay the US Federal Trade Commission $40 million. This settlement resulted from a series of commercials that deceived consumers claiming that the Shape-Ups shoe line would “help people lose weight, and strengthen and tone their buttocks, legs and abdominal muscles.”  Professional celebrity Kim Kardashian appeared in a […]
Read More
BLOG

Hackers Vs. Executives Is Back

Rick Holland May 8, 2012
Our next installment of "Hackers vs. Executives" is just weeks away.  Join us at the Forrester Security Forum and sit in on one of the most popular sessions of the event each year. We have a great panel lined up for you.  In the Hackers corner, we have Chase Cunningham of Neustar and Brian Gorenc […]
Read More
BLOG

An Unexpected RSA Encounter

Rick Holland March 7, 2012
Last Friday, after a long week of RSA conference events and meetings, I eagerly looked forward to slipping on my headphones and enjoying the relative silence of my flight back to Dallas. As I approached my seat, I saw I was sitting next to a United States Air Force (USAF) officer. I looked at his […]
Read More
BLOG

Force Multipliers – What Security & Risk Professionals Can Learn From Special Forces

Rick Holland February 21, 2012
Last week I read an article on wired.com’s Danger Room blog about the elite US military Special Forces command, JSOC.  The units within the Joint Special Operations Command (Delta Force and Seal Team 6) are responsible for the most clandestine and sensitive US military operations, including the Bin Laden raid into Pakistan last year. JSOC […]
Read More