Sandy Carielli
Principal Analyst
Author Insights
Blog
Low-Code Development Requires A Security Rethink
Low-code platforms speed delivery of applications, but are they secure? The answer is more complicated than I expected when I started this research project with my colleagues, John Bratincevic and John R. Rymer. We’re still gathering information, but we’ve discovered that: Low-code security is not well understood. Even vendors with extensive security investments acknowledged that […]
Read More
Blog
Container Adoption Is On The Rise: How Can Security Keep Up?
Adopting containers has become increasingly popular — consider that, as of 2019, 33% of global developers indicated that their development organizations currently use containers, and another 25% said they want to do so over the next 12 months. These numbers are not surprising when we consider the value containers offer, such as scalability, agility, and […]
Read More
Blog
Developer Security Champions Are Needed Now More Than Ever
In an era of budget cuts and staff reductions, can your organization propose a new security program? Analyst Sandy Carielli provides answers.
Read More
Blog
Some Good News About Application Security
In my new report, “The State Of Application Security, 2020,” some of the trends are . . . kind of discouraging. Applications remain the most popular attack vector, open source continues to infect everything, and too many industries are not investing in the application security controls they need. But you’re probably tired of reading bad […]
Read More
Blog
Security Recommendations 2020: What To Focus On
Our team of security and risk analysts spent the past few months brainstorming and curating tactical and strategic advice designed to improve your security programs for 2020 and beyond . . . and then along came the COVID-19 global pandemic. In the midst of this, firms are undergoing a shuffle of priorities to accommodate a […]
Read More
Blog
The Web Application Firewall Market Is Ripe For Disruption
Let’s face it: Web application firewalls (WAFs) rarely excite the security imagination. WAFs have been ubiquitous for at least 15 years and play an important role in detecting and blocking OWASP Top 10 application level attacks like SQL injection and cross-site scripting. WAFs are table stakes in any environment, but they suffer from the perception […]
Read More
Blog
The Road To RSA Conference 2020: What Am I Looking For?
Attending RSA Conference is like being at a giant class reunion where everyone still has homework to do. Catching up with old friends working at new companies is great (and it usually starts at the airport), but most of us work hard during the week. Depending on where I worked, I have spent previous conferences […]
Read More
Blog
Leverage Bot Management To Enforce Ethical Data Use
There are good bot uses and there are bad ones. If your business is collecting customer data or images, you have a responsibility to guard against the web scraping bad bots. Learn how.
Read More
Blog
As Bad Bots Evolve, Bot Management Solutions Evolve To Fight Them
One of my favorite things about covering the bot management market is that bots are not just a security issue. Sure, it’s common for bots to conduct credential stuffing attacks with a bunch of stolen usernames and passwords, but that just scratches the surface of the bot problem. Attackers also use bots to perform reconnaissance […]
Read More
Blog
The WAF-Bot Management Acquisition Waltz
With F5 Networks buying itself a $1 billion Christmas present in Shape Security, it’s a good time to review the state of the bot management market. The Shape Security sale caps off a year of bot management acquisitions by web application firewall (WAF) vendors. In January, Radware announced that it had acquired ShieldSquare, and in […]
Read More
Blog
Retailers, Don’t Let Grinchy Bots Ruin Your Holiday Season
Bot traffic can eat into profits and sabotage customer experiences. Learn how to play defense.
Read More
Blog
Browser-Based Attacks, Our Customers, And Us
Browser based attacks are particularly frustrating because they directly affect your customers. Learn what attackers are doing and how to minimize the risk.
Read More