incident response

Insights

BLOG

Unconventional Wisdom: Explore Paying The Ransom In Parallel With Other Recovery Options

Josh Zelonis June 4, 2019
Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]
Read More
BLOG

You Need A Plan To Adapt To Climate Change — Today

Stephanie Balaouras August 28, 2018
At Forrester’s upcoming Privacy & Security Europe 2018 Forum, I’ll be presenting on a topic that I’m both personally and professionally passionate about: climate change adaptation. Forrester prides itself on providing actionable advice to help business and technology leaders build customer-obsessed strategies that drive growth. And so I suspect many of you are surprised by […]
Read More
BLOG

The New Incident Management: Safety-Critical Practices Are On The Rise

Charles Betz February 19, 2018
Last May, WannaCry ransomware locked computers around the world. The incident hit the UK’s National Health Service hard.  The attack hindered urgent NHS services by blocking access to its computers. It locked out vital medical equipment such as MRI scanners and devices for testing blood and tissue samples. Some hospitals had to send ambulances to other locations. The […]
Read More
BLOG

Victim Blaming Won’t Stop Global Ransomware Attacks

Jeff Pollard June 27, 2017
The security industry has an accountability crisis. It’s time to talk about it, then fix it. Whenever a massive cyber attack occurs inevitably a chorus of voices rises to blame the victims. WannaCry on 5/12 and Petya on 6/27 yet again kicked off the familiar refrains of: “If users didn’t click on stuff they shouldn’t….” […]
Read More
BLOG

S&R Analyst Spotlight: Josh Zelonis

Stephanie Balaouras October 11, 2016
Based on the West Coast, Senior Analyst Josh Zelonis is the newest addition to the S&R team. When he’s not out cruising his Harley, Josh is working with clients to adapt their architecture, policies, and processes to evolving threats and to develop robust incident response programs. His research focuses on threat intelligence, endpoint detection and […]
Read More
BLOG

Cybersecurity Takes Center Stage In US Presidential Election

Stephanie Balaouras July 25, 2016
Last week, WikiLeaks posted a treasure trove of internal emails from the Democratic National Committee (DNC). The leaked emails demonstrated a clear bias within the DNC against Bernie Sanders and for Hillary Clinton, when the organization claimed to be neutral. The incident:   Confirms two of our 2016 cybersecurity predictions: In 2015, we predicted that […]
Read More
BLOG

Forrester’s Security & Risk Spotlight – Jeff Pollard

Stephanie Balaouras March 21, 2016
One of the S&R team’s newest additions, Principal Analyst Jeff Pollard comes to Forrester after many years at major security services firms. His research guides client initiatives related to managed security services, security outsourcing, and security economics, and integrating security services into operational workflows, incident response processes, threat intelligence applications, and business requirements. Jeff is […]
Read More
BLOG

Is Breach Notification A Part Of Your Incident Response Plan?

Heidi Shey March 7, 2016
Is customer-facing breach notification and response a part of your incident response plan? If should be! This is the part where you notify people that their information has been compromised, communicate to employees and the public about what happened and set the tone for recovery. It's more art than science, with different factors that influence […]
Read More
BLOG

10 Questions To Help Differentiate Incident Response Service Providers

Rick Holland September 24, 2015
I frequently help Forrester clients come up with shortlists for incident response services selection. Navigating the vendor landscape can be overwhelming, every vendor that has consultant services has moved or is moving into the space. This has been the case for many years, you are probably familiar with the saying: “when there is blood in […]
Read More
BLOG

The State Of Business Continuity – We Have A Long Way To Go To Achieve True Resiliency

Stephanie Balaouras August 31, 2015
Aug. 29, 2015 marked the 10-year anniversary of Hurricane Katrina. During the storm and the ensuing chaos, 1800 people lost their lives in New Orleans and across the Gulf Coast. Many of these deaths, as well as the extensive destruction, could have been avoided or minimized if there had been better planning and preparedness in anticipation […]
Read More
BLOG

Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA)

Rick Holland May 20, 2015
For years cybersecurity professionals have struggled to adequately track their detection and response capabilities. We use Mean Time to Detection/Containment/Recovery. I wanted to introduce an additional way to track your ability to detect and respond to "sophisticated" adversaries: Mean Time Before CEO Apologizes (MTBCA). Tripwire’s Tim Erlin had another amusing metric: Mean Time To Free Credit Monitoring […]
Read More
BLOG

New Research: Know Your Adversary

Rick Holland November 3, 2014
Mandiant's APT1 report changed the threat intelligence marketing game, and you would be hard pressed to find a cybersecurity company that doesn't have a research/intelligence team that produces threat actor reports. The previous few weeks have seen a significant amount of threat intelligence marketing around threat actor groups. FireEye released "APT28: A Window into Russia’s […]
Read More
BLOG

got STIX?

Rick Holland July 15, 2014
The sharing of threat intelligence is a hot topic these days. When I do conference speeches, I typically ask how many organizations see value in sharing, and most in the room will raise their hand.  Next, I ask how many organizations are actually sharing threat intelligence, and roughly 25% to 30% in the room raises […]
Read More
BLOG

Choose Your Own Adventure With The 2014 Verizon DBIR

Rick Holland April 22, 2014
In a world where every single security vendor has their own annual threat report, the Verizon Databreach Investigations Report (DBIR) is the gold standard, and this year is no different. Last year I began blogging my initial analysis (Observations on the 2013 Verizon Data Breach Investigations Report), and I wanted to continue that again this […]
Read More
BLOG

Target Breach: Vendors, You’re Not Wrestlers, And This Isn’t The WWE

Rick Holland March 14, 2014
Yesterday, Bloomberg Businessweek ran a story providing some alarming details on the Target breach.  The article, “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” didn’t paint a pretty picture of Target’s response.  Some of the highlights in case you haven't read it yet:  Six months before the incident, Target invested […]
Read More
BLOG

Actionable Intelligence, Meet Terry Tate, Office Linebacker

Rick Holland February 12, 2014
sdfasdfaasdfThe #Forrester Security & Risk team is hiring. We are looking for consultants to join our team bit.ly/M9gWS5 #infosecasdfasdasdfasdddsadfas We are now less than two weeks away from our annual sojourn to the RSA security conference. RSAC is a great time for learning, meeting and making friends. (Please hold cynical remarks; RSAC is what you make […]
Read More
BLOG

Kicking Off Forrester’s “Targeted Attack Hierarchy Of Needs” Research

Rick Holland November 4, 2013
I am about to kick off my next Forrester research on targeted attacks.  Here is the short abstract: "The threat landscape has evolved but organizations haven't. Leveraging concepts of Zero Trust, this report will detail strategies for protecting against targeted attacks against your organization. We will focus on the pros and cons of various strategies […]
Read More
BLOG

Point Solutions Must Die

Rick Holland August 19, 2013
Last year I wrote a blog post titled, “Incident Response Isn’t About Point Solutions; It Is About An Ecosystem."  This concept naturally extends beyond incident response to broader enterprise defense.  An ecosystem approach provides us an alternative to the cobbling together of the Frankenstein’esque security infrastructure that is so ubiquitous today.  Many of us in […]
Read More
BLOG

Startups That Were At BlackHat 2013

Heidi Shey August 12, 2013
What happens in Vegas shouldn’t stay in Vegas. I was out at BlackHat with other members of the Forrester team over a week ago (seems like yesterday!). It was two jam packed days of popping into briefings, guzzling copious amounts of green tea, and meeting new people and learning new things. In general, I like […]
Read More
BLOG

Counter-Strike?

Rick Holland June 4, 2013
On Monday the Wall Street Journal ran a story on hacking back titled, “Support Grows to Let Cybertheft Victims Hack Back.”  The article describes a growing desire to permit the private sector to retaliate against attackers. Being proactive is one thing, but the notion of enterprises retaliating against attackers is ludicrous. I honestly cannot understand […]
Read More
More posts