information security

Insights

BLOG

European Intelligence Announcement Shows The Importance Of Assessing Geopolitical Risks

Paul McKay October 5, 2018

Today, we in Europe woke up to headlines about attempted cyberattacks by Unit 26165 of Russia’s GRU intelligence service. In a world where the attribution of cyberattacks is a notoriously difficult task, the UK, the Netherlands, and the US made a joint announcement of the foiling of an attempt by four hackers linked to Unit […]

Read More
BLOG

You Need A Plan To Adapt To Climate Change — Today

Stephanie Balaouras August 28, 2018

At Forrester’s upcoming Privacy & Security Europe 2018 Forum, I’ll be presenting on a topic that I’m both personally and professionally passionate about: climate change adaptation. Forrester prides itself on providing actionable advice to help business and technology leaders build customer-obsessed strategies that drive growth. And so I suspect many of you are surprised by […]

Read More
BLOG

Join Us At Forrester's Privacy & Security 2018 Forum

Chris McClean August 8, 2018

Those of us who care about cybersecurity and privacy are a special breed. As long as these disciplines have been around, technologies have gotten more complex, threats have gotten more dangerous, and expectations have skyrocketed. Yet we have not simply persevered; we are now guiding top executives and policymakers to think differently about business models […]

Read More
BLOG

Digital Risk Protection In 2018: New Vendors, New Leaders, New Wave

Nick Hayes July 17, 2018

Digital Risk Protection In 2018: New Vendors, New Leaders, New Wave Our “The Forrester New Wave™: Digital Risk Protection, Q3 2018” report is out! Take a look at how 14 DRP vendors stack up in this emerging market. You will find detailed vendor profiles and analysis evaluating how well they monitor and mitigate organizations’ external, […]

Read More
BLOG

Your 2018 Guide To Cyberinsurance Is Here!

Nick Hayes June 26, 2018

Forrester’s 2018 Guide To Cyberinsurance Today, no one is 100% secure — believing otherwise is hubris of Icarian proportions. This reality is a core reason why more organizations are turning to cyberinsurance. Because without it in some form (whether it’s a purchased policy or their own allocated cash reserves), they have no safety net to stymie […]

Read More
BLOG

Building The Language Bridge Between Security And The C-Suite

Jinan Budge June 8, 2018

If you had half an hour with a board member and you wanted to get coaching from them about how to communicate with them about security, what would you ask them? In a few weeks’ time, I will have just that opportunity when I facilitate a panel with some prominent board directors. Getting inside the […]

Read More
BLOG

Introducing Forrester’s Asset Intelligence Model (AIM) For Asset Management

Josh Zelonis May 7, 2018

During my presentation at RSA Conference 2018 this year, I discussed what I refer to as the “Heisenberg Uncertainty Principle of Asset Management,” which states that it’s impossible to maintain an asset inventory list in a constantly evolving environment. Think of it this way: Your IT infrastructure is probably a lot like a giant jelly […]

Read More
BLOG

Why Is One Woman Not Good Enough?

Claire O'Malley May 1, 2018

This weekend, The New York Times released a story detailing a sexist, toxic culture that’s been tormenting Nike employees for years. The story shares instances of sexist comments, work trips to strip clubs, sexually graphic conversations, and unwanted advances that’ve forced many women to quit over the years. But did they go to HR? Yes. […]

Read More
BLOG

The Self-Licking Ice Cream Cone Of Misery For S&R Pros Starts With Startups

Chase Cunningham April 26, 2018

Over the past two weeks, I was at the annual shenanigan bonanza that is the RSA Conference and was also invited to sit on a “Shark Tank” panel for emerging technology startups in Miami. In the span of two weeks, I went from seeing big, well-established companies with massive marketing budgets and millions of dollars […]

Read More
BLOG

EDR Convergence Into Traditional Endpoints Is Overblown And Misdirected

Josh Zelonis March 27, 2018

  I’m going to start this blog post by saying that if you only read one paragraph, scroll down and make it the last one. I’m frequently approached by vendors who want to know my thoughts on the convergence of endpoint detection and response (EDR) and endpoint protection (EP) into a single-agent solution. “It only […]

Read More
BLOG

Next-Generation Access and Zero Trust

Chase Cunningham March 27, 2018

A few years ago, the concepts of microsegmentation and microperimeters for Zero Trust were championed by former Forrester analyst John Kindervag. He showed us how those concepts and their technologies could enable a more secure enterprise. Once those concepts and their associated best practices hit the street, organizations from VMware to Cisco Systems to Palo […]

Read More
BLOG

Let's Address Cybersecurity's Gender Disparity

Claire O'Malley February 27, 2018

The most infuriating advice I’ve received about succeeding in cybersecurity is to, “Have a thick skin,” usually followed by, “Don’t take him seriously, he doesn’t even realize what he’s saying.” These are not words of wisdom—they’re a defense of predatory behavior that belittles the issues women face every day and normalizes sexual harassment. For my […]

Read More
BLOG

Zero Trust on a Beer Budget

Chase Cunningham February 7, 2018

I have a good friend who has a small business (roughly 100 employees and two office locations; everything lives in the cloud, no real “network” to speak of) that is doing well. A few weeks ago, over barbecue and range time (some folks play golf, we shoot guns . . . it’s a Texas thing), […]

Read More
BLOG

Thoughts on the Spectre of Zero Trust

Josh Zelonis January 5, 2018

  The threat model has changed. Data breaches have traditionally required execution of some manner of code on a system to access data and a network connection to exfiltrate the data off the system. This is no longer the case, as Spectre reduces the requirement for code execution to anywhere on a device as opposed […]

Read More
BLOG

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

Josh Zelonis November 9, 2017

A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been around for years, until there is a unified vision for these products, I continue to view […]

Read More
BLOG

CSI: Your Network – Reconstructing the Breach

Josh Zelonis October 5, 2017

September 2017 was a busy month. Three major breach notifications in Deloitte, the SEC, and Equifax… and my first Wave dropped, coincidentally on Digital Forensics & Incident Response Service Providers. Following all this commotion, I had a client reach out and ask me how… How are investigators able to reconstruct digital crime scenes to identify […]

Read More
BLOG

Forrester Gathers Experts Across Disciplines To Tackle Europe’s Most Pressing Privacy, Security, And Trust Challenges

Laura Koetzle September 19, 2017

Fresh off a successful event in Washington, DC last week, we’re gearing up for Forrester’s Privacy & Security Forum Europe in London on 5-6 October. Forrester is gathering experts in cybersecurity, privacy, customer experience, regulatory compliance, identity management, personalization, blockchain, and a range of related topics.  Together, Forrester analysts and leaders from firms like ABN […]

Read More
BLOG

Equifax Does More Than Credit Scores

Jeff Pollard September 8, 2017

Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected. Second, what about our spouse and other immediate family members? Third, better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]

Read More
BLOG

Customer Trust And Loyalty Determine Success On The Dark Web, Too

Stephanie Balaouras August 21, 2017

  This is a guest post by Salvatore Schiano, a researcher serving Security & Risk Management professionals. The dark web is an underground marketplace for drugs, stolen credentials, stolen financial and medical records, and other illicit products and services. Cybercriminals use it to monetize breached data, but they also use it to buy and sell […]

Read More
BLOG

You Deserve What You Tolerate . . .

Chase Cunningham August 18, 2017

After reading through some other blogs and strategy papers over the weekend (don’t judge me; to some of us, this activity constitutes a good time . . . yes, lame . . . I know), I saw what appeared to be an underlying theme across the narratives I’d read: Security tolerates failure. It’s understandable that […]

Read More