Cybersecurity Trends

Today, Microsoft announced that it has acquired Waltham, Massachusetts-based internet-of-things (IoT) and industrial control system (ICS) security vendor CyberX. While the purchase price was not disclosed, media reports are speculating that the purchase price was somewhere between $150–$165 million. Founded in 2013, CyberX has raised $48 million in venture capital, so this deal provides a good return to investors. CyberX’s core solution can monitor IoT and ICS environments […]

We are thrilled to announce that “The Forrester New Wave™: Connected Medical Device Security, Q2 2020” is now live. This report will help you understand how the top eight vendors in the emerging medical device security space stack up against 10 different criteria. We looked at product functionality and vendor strategy through live demos and […]

Is a toxic culture holding your security team back? Learn how to address the issue directly and create a more positive environment.

In addition to government guidelines, firms must consider a number of other factors in bringing employees back to work. Here are four areas you might not be thinking about.

It is long overdue to secure the United States’ bulk power system supply chain. As early as 2007, researchers demonstrated how digitization of power systems introduces vulnerabilities that can cause physical damage. In 2015, intruders, likely sponsored or directed by the Russian government and known colloquially by the name Sandworm, breached multiple Ukrainian electric utilities and shut off power for hundreds of thousands of […]

The belief that security leaders must show mastery across knowledge domains is dangerous. It's also a symptom of an underlying ailment.

As concerns swirl around COVID-19 contact-tracing apps, privacy and security leaders are playing a critical role in building public trust.

Security orchestration, automation, and response (SOAR) could become the biggest link between people and technology in your security strategy. Learn why.

Our security analysts provide guidance for managing security and risk during the coronavirus pandemic.

The rapid work-from-home shift caused by the COVID-19 pandemic has accelerated the need for a new approach to firewalls. Senior Analyst David Holmes reviews the latest approach and provides insight into FW4.

I see on a daily basis how cybersecurity decisions affect your customers’ experience and trust. Technology affects our own experiences, and those of our customers, in rapidly changing ways. We increasingly depend on tech to work, learn, shop, vote, and socialize. The pandemic has brought this dependence to the forefront in a way that perhaps none of us would have imagined two years ago.

Following the publication of the latest Forrester Wave™ evaluation on enterprise detection and response (EDR), I published a blog with the demo script that was used in the evaluation to enable further discussion and understanding of where the market is. With this blog, I thought it would be interesting to dig into the demo script a […]

In prior years, the RSA Conference focused on themes such as Zero Trust, geopolitical risk, and automation. While those themes were still present at this year’s conference, it was harder to discern one dominant central theme for the conference. I inferred that “no new buzzwords” exemplifies the theme. This year’s RSA Conference suggested that the […]

Let’s face it: Web application firewalls (WAFs) rarely excite the security imagination. WAFs have been ubiquitous for at least 15 years and play an important role in detecting and blocking OWASP Top 10 application level attacks like SQL injection and cross-site scripting. WAFs are table stakes in any environment, but they suffer from the perception […]

Security and risk pros can’t build a security culture by themselves. Security champions act as extra members of the security team; these people have connections across the organization and can translate security-speak into a language that everyone can understand. Security champions can help make your workforce more receptive to security policies and initiatives. How do […]

This year marks my first trip to RSA Conference in San Francisco. I wanted to take a step back and reflect on what I want to gain from the conference. Like many analysts attending, my diary looks like the baubles on a Christmas tree, hung resplendently with meetings, briefings, and everything in between. Here are […]

At the end of 2019, Forbes identified data privacy and security as the most pressing issue in the upcoming decade. The issue is already prevalent: Every day, a new story crops up about leaked, compromised, or misused data. While clicking through their often numerous social media accounts, consumers are providing these companies with more personal […]

Crystal City again hosted the eighth SANS Cyber Threat Intelligence Summit, with several hundred attendees. CTI Summit cochairs Rick Holland, Rebekah Brown, and Katie Nickels again planned a fun, entertaining, and very educational two-day event for threat intelligence professionals from around the world. If you’re a cyber threat intelligence analyst or vendor, I encourage you to attend and submit a presentation idea for 2021. CTI […]