security operations & program governance

Insights

BLOG

Marriott Breach: Starwood Hacker Gains Access To 500 Million Customer Records

Jeff Pollard November 30, 2018

Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]

Read More
BLOG

The Forrester Wave™: Managed Security Services Providers (MSSPs), Europe, Q4 2018

Paul McKay November 19, 2018

I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. The culmination of four months of hard work by not just us but all the vendors involved, this is to my knowledge our first analysis focused on the needs of the European market for MSSPs. Here are some […]

Read More
BLOG

The Fight For Cybersecurity Brand Dominance Intensifies

Jeff Pollard November 16, 2018

“Everything Is An Endpoint” Brings BlackBerry Back From The Dead For many, the fact that BlackBerry still exists — and the fact that it spent $1.4 billion of the $2.4 billion in capital it had — is the most surprising part of the Cylance acquisition. BlackBerry hasn’t shirked its mythological status as the case study of what […]

Read More
BLOG

Cybersecurity Transformation Is A Thing, And It Needs Personal And Relentless Drive

Jinan Budge August 2, 2018

Well, it’s happening! My first Forrester report was published this week. (Forrester clients can access here.) The topic? Cybersecurity transformation, of course! It’s what I have lived and breathed for the last 3.5 years. I have also engaged peer CISOs doing terrific work transforming their firms’ security function and capabilities — I’ve always had a passion […]

Read More
BLOG

Building The Language Bridge Between Security And The C-Suite

Jinan Budge June 8, 2018

If you had half an hour with a board member and you wanted to get coaching from them about how to communicate with them about security, what would you ask them? In a few weeks’ time, I will have just that opportunity when I facilitate a panel with some prominent board directors. Getting inside the […]

Read More
BLOG

Zero Trust on a Beer Budget

Chase Cunningham February 7, 2018

I have a good friend who has a small business (roughly 100 employees and two office locations; everything lives in the cloud, no real “network” to speak of) that is doing well. A few weeks ago, over barbecue and range time (some folks play golf, we shoot guns . . . it’s a Texas thing), […]

Read More
BLOG

What ZTX means for vendors and users

Chase Cunningham January 23, 2018

I am a huge fan of Zero Trust—the simplicity of the concept resonates with clients that read the research authored previously by John Kindervag and more recently myself. The framework’s intrinsic value to security and business processes is readily evident to those who explore how it benefits their security needs.  If we’re honest about Zero […]

Read More
BLOG

The Equifax Breach Will Haunt Us In Years To Come

Amy DeMartine December 19, 2017

Data breaches are now so common – and so large – that we measure them in percentage of worldwide internet users. Although Equifax doesn’t even make it into the top 5 at 4.08% of the approximately 3.5 billion internet users, news of it rocked citizens of the US when announced. The Equifax breach has unique […]

Read More
BLOG

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

Josh Zelonis November 9, 2017

A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been around for years, until there is a unified vision for these products, I continue to view […]

Read More
BLOG

Equifax Does More Than Credit Scores

Jeff Pollard September 8, 2017

Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected. Second, what about our spouse and other immediate family members? Third, better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]

Read More
BLOG

You Deserve What You Tolerate . . .

Chase Cunningham August 18, 2017

After reading through some other blogs and strategy papers over the weekend (don’t judge me; to some of us, this activity constitutes a good time . . . yes, lame . . . I know), I saw what appeared to be an underlying theme across the narratives I’d read: Security tolerates failure. It’s understandable that […]

Read More
BLOG

Applying Our Research To Black Hat 2017

Jeff Pollard July 24, 2017

I summarized RSA 2017 in the following way: It’s a bit like the supermarket; you’ll make far healthier choices if you stick to the outer aisles. Well, Las Vegas B-Sides, Black Hat, and DefCon are taking place this week, and since these events differ in tone, audience, and participants, I’ve updated my advice: We’ve gone […]

Read More
BLOG

We Don't Need Jedis

Chase Cunningham July 7, 2017

Like every other movie buff, geek, or nerd on the planet I am a Star Wars fan.  I think it’s a stellar series (minus the whole Jar Jar Binks thing, anything with that guy in it could be used as an alternative to waterboarding) that has spun a tale for the ages across the better […]

Read More