security & risk

Insights

BLOG

The Security And Privacy Implications Of Drones

Merritt Maxim 3 days ago
Over the past few years, drones have transitioned from military-only applications into a strategic asset that is transforming a range of industries such as construction, real estate, insurance, and agriculture. Yet while drones introduce a range of use cases, the growth of drones also represents a new physical threat that demands the attention of security […]
Read More
BLOG

Understanding The Evolving DRP Market

Josh Zelonis 5 days ago
Sixty-four percent of global security decision makers recognize that improving their threat intelligence capabilities is a high or critical priority. Nevertheless, companies across many industries fail to develop a strategy for achieving this. Among the many reasons why organizations struggle to develop a threat intelligence capability, two stand out: Developing a mature threat intelligence program […]
Read More
BLOG

The MITRE ATT&CK Framework Is Not A Bingo Card

Josh Zelonis April 17, 2019
I occasionally find people mapping their SOC capabilities to the ATT&CK framework by checking off specific techniques that they have shown they are able to detect with the intent of measuring coverage within their SOC. In this blog post, I hope to clarify why this strategy may be misleading. There Are No Bad Actions, Only […]
Read More
BLOG

Riding The Wave Of Zero Trust Means That You Must Paddle Out

Chase Cunningham April 15, 2019
Since RSA this year, the drumbeat of Zero Trust across the market has continued to grow louder. Almost daily, the inquiries and conversations around Zero Trust and ZTX are coming in at an ever-increasing rate. That’s a good thing. In truth, most of the inquiries are from end user clients now, vice the vendor side […]
Read More
BLOG

Take A Stand For Consumer Privacy: The Anti-Surveillance Economy

Jeff Pollard April 12, 2019
“If You’re Not Paying For It, You’re The Product . . . ” If you have worked in or around tech for the last decade, you have heard — or likely spoken — this irreverent remark about the data economy. While critics are all too willing to give this judgment on the use of consumer […]
Read More
BLOG

The Security Snapshot: 10-Year Challenge

Stephanie Balaouras April 11, 2019
At the start of the new year, a meme called the 10-Year Challenge went viral. The premise is simple: Post a photo of yourself in 2009 and a photo of yourself in 2019 to highlight certain changes that may have taken place in that time. Besides the security concerns of social media sites potentially mining […]
Read More
BLOG

Cyber Catalyst Brings Minimal Value To Businesses

Heidi Shey April 8, 2019
In late March, Marsh announced the launch of a program with a number of leading cyberinsurance firms including Allianz, AXA, Beazley, XL, and Zurich to evaluate cybersecurity products and services. Products that meet a minimum standard of criteria receive the designation of “Cyber Catalyst” for their effectiveness in reducing cyber risk. The intent is for […]
Read More
BLOG

Our Security Recommendations Will Help You Handle The Worst Of What 2019 Throws At You

Jeff Pollard March 25, 2019
Today we released our 2019 security & risk recommendations report. We collected contributions from our colleagues across the Forrester security & risk team to identify the most important actions security leaders should take in 2019. Turns out, things are getting better for S&R pros, but challenges still remain. Security leaders have earned board-level visibility, privacy […]
Read More
BLOG

The Tao Of Zero Trust

Chase Cunningham March 25, 2019
I get asked two questions at least weekly, in some cases almost daily: Where do we start for Zero Trust? — Fix your IAM and user side of the equation. What is the difference between other frameworks and Zero Trust? — OK, now we can get down to the nuts and bolts on this one. Zero Trust turned 10 years […]
Read More
BLOG

Make No Mistake — Microsoft Is A Security Company Now

Josh Zelonis March 22, 2019
Microsoft has announced support for macOS in its rebranded Microsoft Defender ATP product, taking this product from being an offering that could be considered an add-on for hardening its own operating system to a multiplatform security solution. While this is an early release, it is a clear signal of the investment Microsoft is making to […]
Read More
VIDEO

The Forrester Wave™: Managed Security Services In Asia Pacific, Q1 2019 Identifies The 11 Most Important Vendors

Jinan Budge March 13, 2019
CISOs in Asia Pacific must justify their spending and articulate the business value of often expensive investments in managed security to a largely non-security audience of executives. Currently, this is nearly impossible: Many managed security service providers (MSSPs) continue to go to market with messaging that is technology-centric and blind to the benefits they provide […]
Watch Now
BLOG

The Security Snapshot: Cybersecurity And Privacy In 2019 — Prepare For The New; Protect The Established

Stephanie Balaouras March 12, 2019
Introducing our new monthly blog series, “The Security Snapshot,” which will curate and highlight key pieces of research from the security and risk (S&R) team. Last week at RSA Conference, vendors and security professionals discussed the newest cybersecurity innovations, the future of the industry, and some much-needed improvements. To start off the conference, Microsoft and […]
Read More
BLOG

OK, Zero Trust Is An RSA Buzzword — So What?

Chase Cunningham March 11, 2019
Last week was the annual RSA Conference. Estimates are that more than 45,000 security personnel, business professionals, and leaders attended the event, up from 35,000 last year. Regardless of the numbers, it was an epic display of how prevalent cybersecurity has become. As expected, a few buzzwords rang throughout the Moscone Center halls. Artificial intelligence, […]
Read More
BLOG

Think Privacy’s Just A Cost Center? Think Again

Fatemeh Khatibloo March 6, 2019
Over and over, clients tell us they just don’t get enough funding for the kind of privacy programs that they want to create. In fact, many privacy budgets shrank in 2019 after firms were forced to spend more than they expected on GDPR compliance in 2018. But what if we told you that customer-centric privacy […]
Read More
BLOG

Eating Our Own Zero Trust Dog Food

Chase Cunningham February 1, 2019
It is high time for Forrester to demonstrate Zero Trust in a practical application scenario, our upcoming virtual reference architecture project aims to do just that.
Read More
BLOG

Phishing: The Simple Attack That Shreds The Defenses Of Sensitive Networks

Joseph Blankenship December 20, 2018
Diplomatic networks carry some of the world’s most sensitive information: communications between world leaders, key technical intellectual property, trade strategies, and military plans. A recent report by antiphishing vendor Area 1 Security reveals that a three-year-long cyberattack led to the successful breach of the European Union’s diplomatic communications network. By focusing on the cybersecurity of the […]
Read More
INFOGRAPHIC

The Business Risks Of Climate Change (Infographic)

Stephanie Balaouras December 18, 2018
The business risks associated with global climate change are enormously complex and nearly infinite in quantity. Your firm’s climate-related risks, however, are much more manageable (albeit complex and numerous, as well). No two organizations are exposed in exactly the same way. Rising temperatures, sea-level rise, and more frequent and severe extreme weather events have already […]
Read More
BLOG

Tainted Love: Understanding Tainted Detection In The MITRE ATT&CK Evaluation

Josh Zelonis December 17, 2018
In my previous blog post on the MITRE ATT&CK evaluations, I developed a scale for rating the individual vendor evaluations and provided source code to help make the results more generally consumable. Since publishing this blog, I’ve been having a number of conversations with clients about the “tainted” modifier in the recent MITRE ATT&CK evaluations, […]
Read More
BLOG

Quantifying Vendor Efficacy Using The MITRE ATT&CK Evaluation

Josh Zelonis December 5, 2018
I’ve been extremely excited about the MITRE ATT&CK evaluation since it decided to open it up to vendors earlier this year. The endpoint detection and response (EDR) market represents the direction of endpoint security, yet the state of endpoint efficacy testing has been underwhelming. • Antimalware testing has become a standard part of the endpoint […]
Read More
BLOG

Marriott Breach: Starwood Hacker Gains Access To 500 Million Customer Records

Jeff Pollard November 30, 2018
Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]
Read More
More posts