Sandy Carielli

Principal Analyst

Forrester Bio

Author Insights

Blog

Some Good News About Application Security

Sandy Carielli May 4, 2020
In my new report, “The State Of Application Security, 2020,” some of the trends are . . . kind of discouraging. Applications remain the most popular attack vector, open source continues to infect everything, and too many industries are not investing in the application security controls they need. But you’re probably tired of reading bad […]
Read More
Blog

Security Recommendations 2020: What To Focus On

Sandy Carielli April 27, 2020
Our team of security and risk analysts spent the past few months brainstorming and curating tactical and strategic advice designed to improve your security programs for 2020 and beyond . . . and then along came the COVID-19 global pandemic. In the midst of this, firms are undergoing a shuffle of priorities to accommodate a […]
Read More
Blog

The Web Application Firewall Market Is Ripe For Disruption

Sandy Carielli March 2, 2020
Let’s face it: Web application firewalls (WAFs) rarely excite the security imagination. WAFs have been ubiquitous for at least 15 years and play an important role in detecting and blocking OWASP Top 10 application level attacks like SQL injection and cross-site scripting. WAFs are table stakes in any environment, but they suffer from the perception […]
Read More
Blog

The Road To RSA Conference 2020: What Am I Looking For?

Sandy Carielli February 17, 2020
Attending RSA Conference is like being at a giant class reunion where everyone still has homework to do. Catching up with old friends working at new companies is great (and it usually starts at the airport), but most of us work hard during the week. Depending on where I worked, I have spent previous conferences […]
Read More
Blog

Leverage Bot Management To Enforce Ethical Data Use

Sandy Carielli February 7, 2020
There are good bot uses and there are bad ones. If your business is collecting customer data or images, you have a responsibility to guard against the web scraping bad bots. Learn how.
Read More
Blog

As Bad Bots Evolve, Bot Management Solutions Evolve To Fight Them

Sandy Carielli January 29, 2020
One of my favorite things about covering the bot management market is that bots are not just a security issue. Sure, it’s common for bots to conduct credential stuffing attacks with a bunch of stolen usernames and passwords, but that just scratches the surface of the bot problem. Attackers also use bots to perform reconnaissance […]
Read More
Blog

The WAF-Bot Management Acquisition Waltz

Sandy Carielli December 31, 2019
With F5 Networks buying itself a $1 billion Christmas present in Shape Security, it’s a good time to review the state of the bot management market. The Shape Security sale caps off a year of bot management acquisitions by web application firewall (WAF) vendors. In January, Radware announced that it had acquired ShieldSquare, and in […]
Read More
Blog

Retailers, Don’t Let Grinchy Bots Ruin Your Holiday Season

Sandy Carielli October 31, 2019
Bot traffic can eat into profits and sabotage customer experiences. Learn how to play defense.
Read More
Blog

Browser-Based Attacks, Our Customers, And Us

Sandy Carielli October 21, 2019
Browser based attacks are particularly frustrating because they directly affect your customers. Learn what attackers are doing and how to minimize the risk.
Read More