security architecture

As businesses compete to win and retain customers concerned about the privacy of their data, more firms are learning the value of a robust and effective security architecture. Get benchmarks and technical guidance here.

Learn more about how Forrester supports IT professionals.

Insights

Blog

Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain

Steve Turner July 13, 2021
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.
Read More
Blog

COVID-19 Drives Delivery Model Transformation And A Sustainability Revolution In The Security Consulting Space

Paul McKay July 1, 2021
“The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021,” launched today. Fifteen firms are featured in this report, representing a cross section of large international security consulting providers and more regionally based security pure plays. The European security consultancy market has seen a large transformation in the past 16 months in how it delivers value […]
Read More

Security & Risk

Learn how to leverage trust to win, grow, and retain customers at our Security & Risk event Nov. 9-10 in Washington, D.C. and virtually.

Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Read More
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Read More
Blog

Biden Executive Order Bets Big On Zero Trust For The Future Of US Cybersecurity

Jeff Pollard May 13, 2021
Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.
Read More
Blog

The Death And Life Of The Stand-Alone Solution

Jess Burn May 10, 2021
While automated malware analysis and network intrusion detection systems remained in our Divest category, three more technologies joined them this year: data loss prevention, managed security service providers, and security user behavior analytics. Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on in within larger, more comprehensive solutions.
Read More
Blog

Stay Vigilant Of The 2021 Threat Landscape And Help Your Org Prepare For “The Next Normal”

Brian Kime March 16, 2021
Earlier this month, a US State Department spokeswoman announced that the US had identified three online publications that were attempting to discredit the Pfizer and Moderna vaccines, all of which were directed by Russian intelligence. In Forrester’s annual report on top security threats, we explore the top security threats that security professionals must monitor, including […]
Read More
Blog

Take Security To The Zero Trust Edge

David Holmes February 16, 2021
Senior Analyst David Holmes introduces Forrester’s new model for security and networking services.
Read More
Blog

It’s Time To Stop Paying For Commoditized Endpoint Security Features

Christopher Sherman January 21, 2021
Today’s enterprise security buyers evaluating a new endpoint security suite often begin with a security RFP layered thick with many existing endpoint security features and capabilities, including antimalware, host firewall, anti-exploit, and application control. However, as our evaluation in the “The Forrester Wave™: Endpoint Security Suites, Q3 2019” showed, the major differentiation between today’s endpoint […]
Read More
Blog

It Is A Privilege To Announce The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020

Sean Ryan November 19, 2020
Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]
Read More
Blog

Dealing With The Access Hoarders In Your Organization

Sean Ryan November 11, 2020
Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]
Read More
Blog

Black Friday “All Season Long”? Expect The Bots To Follow Suit

Sandy Carielli November 5, 2020
I was scouring some of the Black Friday ads this week, and the trend seems to be less “Black Friday” than “Black November and probably most of December, too.” Best Buy is touting, “Black Friday all season long.” Target offers weekly “Black Friday Now” deals. Walmart? “Black Friday Deals for Days!” None of this is […]
Read More
Blog

The Power And The Peril Of APIs

Sandy Carielli October 22, 2020
Every time we come up with new ways to build and deploy applications, we also come up with new ways to break them. Did SQL make it easier to access and manipulate large amounts of structured data? You bet, and it also led to SQL injection. Ready to join the cloud? Hope you didn’t put […]
Read More
Blog

Smackdown! Enterprise Monitoring Vs. TLS 1.3 And DNS-Over-HTTPS

David Holmes August 3, 2020
Technically, the male praying mantis mates for life. If you know anything about the mating habits of the female sex of that particular insect, you now also understand the limitations of the word “technically.” Similarly, technically, TLS 1.3 and DNS-over-HTTPS (DoH) are improvements upon previous technologies that are supposed to improve security. But in reality, […]
Read More
Blog

Container Adoption Is On The Rise: How Can Security Keep Up?

Sandy Carielli July 24, 2020
Adopting containers has become increasingly popular — consider that, as of 2019, 33% of global developers indicated that their development organizations currently use containers, and another 25% said they want to do so over the next 12 months. These numbers are not surprising when we consider the value containers offer, such as scalability, agility, and […]
Read More
Video

Managing The Risks Of The New Remote Workforce

Christopher Sherman July 14, 2020

Watch Now
Blog

Schrödinger’s SOAR: Feature Or Abstraction?

Josh Zelonis May 22, 2020
Security orchestration, automation, and response (SOAR) could become the biggest link between people and technology in your security strategy. Learn why.
Read More
Blog

Further Down The Rabbit Hole With MITRE’s ATT&CK Eval Data

Josh Zelonis May 4, 2020
Analyst Josh Zelonis provides a new metric for prioritizing security alerts and avoiding alert fatigue.
Read More
Blog

FW4: The Fourth Generation Of Firewalls

David Holmes April 23, 2020
The rapid work-from-home shift caused by the COVID-19 pandemic has accelerated the need for a new approach to firewalls. Senior Analyst David Holmes reviews the latest approach and provides insight into FW4.
Read More
Blog

Navigating The European 5G Security Debate

Paul McKay March 21, 2020
At present, it is difficult to remember life before the COVID-19 pandemic, but a key switch that has happened is the large-scale shifting of the population to work at home, as widely documented. Some mobile operators in the UK recently have had a bit of a bumpy ride, with spotty coverage and outages experienced as […]
Read More
More posts