security architecture

Insights

BLOG

Infosecurity Europe 2019: Incremental Evolution Rather Than Revolution

Paul McKay June 7, 2019
I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products […]
Read More
BLOG

The MITRE ATT&CK Framework Is Not A Bingo Card

Josh Zelonis April 17, 2019
Beware the fallacy of composition. Josh Zelonis breaks down common misconceptions about what MITRE ATT&CK can and can’t tell you.
Read More

Future-Proof Your Business With Zero Trust

Prioritize your next steps towards a Zero Trust strategy and architecture.

BLOG

Make No Mistake — Microsoft Is A Security Company Now

Josh Zelonis March 22, 2019
Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to […]
Read More
BLOG

The Forrester Wave™: Managed Security Services Providers (MSSPs), Europe, Q4 2018

Paul McKay November 19, 2018
I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. The culmination of four months of hard work by not just us but all the vendors involved, this is to my knowledge our first analysis focused on the needs of the European market for MSSPs. Here are some […]
Read More
BLOG

Introducing Forrester’s Asset Intelligence Model (AIM) For Asset Management

Josh Zelonis May 7, 2018
During my presentation at RSA Conference 2018 this year, I discussed what I refer to as the “Heisenberg Uncertainty Principle of Asset Management,” which states that it’s impossible to maintain an asset inventory list in a constantly evolving environment. Think of it this way: Your IT infrastructure is probably a lot like a giant jelly […]
Read More
BLOG

What ZTX means for vendors and users

Chase Cunningham January 23, 2018
I am a huge fan of Zero Trust—the simplicity of the concept resonates with clients that read the research authored previously by John Kindervag and more recently myself. The framework’s intrinsic value to security and business processes is readily evident to those who explore how it benefits their security needs.  If we’re honest about Zero […]
Read More
BLOG

Kicking Off The New Year With A MELTDOWN

Jeff Pollard January 5, 2018
What An Interesting Start To The Year I didn’t expect the year to kick off with it raining iguanas in Florida, a gas pumping crisis in Oregon, or the discovery and release of two massive CPU flaws that affected many of the computers we live and work with every day. It appears 2018 has started […]
Read More
BLOG

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

Josh Zelonis November 9, 2017
A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been around for years, until there is a unified vision for these products, I continue to view […]
Read More
BLOG

CSI: Your Network – Reconstructing the Breach

Josh Zelonis October 5, 2017
September 2017 was a busy month. Three major breach notifications in Deloitte, the SEC, and Equifax… and my first Wave dropped, coincidentally on Digital Forensics & Incident Response Service Providers. Following all this commotion, I had a client reach out and ask me how… How are investigators able to reconstruct digital crime scenes to identify […]
Read More
BLOG

You Deserve What You Tolerate . . .

Chase Cunningham August 18, 2017
After reading through some other blogs and strategy papers over the weekend (don’t judge me; to some of us, this activity constitutes a good time . . . yes, lame . . . I know), I saw what appeared to be an underlying theme across the narratives I’d read: Security tolerates failure. It’s understandable that […]
Read More
BLOG

Applying Our Research To Black Hat 2017

Jeff Pollard July 24, 2017
I summarized RSA 2017 in the following way: It’s a bit like the supermarket; you’ll make far healthier choices if you stick to the outer aisles. Well, Las Vegas B-Sides, Black Hat, and DefCon are taking place this week, and since these events differ in tone, audience, and participants, I’ve updated my advice: We’ve gone […]
Read More