security & risk

Insights

BLOG

Eating Our Own Zero Trust Dog Food

Chase Cunningham February 1, 2019
It is high time for Forrester to demonstrate Zero Trust in a practical application scenario, our upcoming virtual reference architecture project aims to do just that.
Read More
BLOG

Phishing: The Simple Attack That Shreds The Defenses Of Sensitive Networks

Joseph Blankenship December 20, 2018
Diplomatic networks carry some of the world’s most sensitive information: communications between world leaders, key technical intellectual property, trade strategies, and military plans. A recent report by antiphishing vendor Area 1 Security reveals that a three-year-long cyberattack led to the successful breach of the European Union’s diplomatic communications network. By focusing on the cybersecurity of the […]
Read More
INFOGRAPHIC

The Business Risks Of Climate Change (Infographic)

Stephanie Balaouras December 18, 2018
The business risks associated with global climate change are enormously complex and nearly infinite in quantity. Your firm’s climate-related risks, however, are much more manageable (albeit complex and numerous, as well). No two organizations are exposed in exactly the same way. Rising temperatures, sea-level rise, and more frequent and severe extreme weather events have already […]
Read More
BLOG

Tainted Love: Understanding Tainted Detection In The MITRE ATT&CK Evaluation

Josh Zelonis December 17, 2018
In my previous blog post on the MITRE ATT&CK evaluations, I developed a scale for rating the individual vendor evaluations and provided source code to help make the results more generally consumable. Since publishing this blog, I’ve been having a number of conversations with clients about the “tainted” modifier in the recent MITRE ATT&CK evaluations, […]
Read More
BLOG

Quantifying Vendor Efficacy Using The MITRE ATT&CK Evaluation

Josh Zelonis December 5, 2018
I’ve been extremely excited about the MITRE ATT&CK evaluation since it decided to open it up to vendors earlier this year. The endpoint detection and response (EDR) market represents the direction of endpoint security, yet the state of endpoint efficacy testing has been underwhelming. • Antimalware testing has become a standard part of the endpoint […]
Read More
BLOG

Marriott Breach: Starwood Hacker Gains Access To 500 Million Customer Records

Jeff Pollard November 30, 2018
Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]
Read More
BLOG

The Forrester Wave™: Managed Security Services Providers (MSSPs), Europe, Q4 2018

Paul McKay November 19, 2018
I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. The culmination of four months of hard work by not just us but all the vendors involved, this is to my knowledge our first analysis focused on the needs of the European market for MSSPs. Here are some […]
Read More
BLOG

The Fight For Cybersecurity Brand Dominance Intensifies

Jeff Pollard November 16, 2018
“Everything Is An Endpoint” Brings BlackBerry Back From The Dead For many, the fact that BlackBerry still exists — and the fact that it spent $1.4 billion of the $2.4 billion in capital it had — is the most surprising part of the Cylance acquisition. BlackBerry hasn’t shirked its mythological status as the case study of what […]
Read More
BLOG

The Forrester Wave™: Zero Trust eXtended (ZTX) Ecosystem Providers, Q4 2018 — Truth

Chase Cunningham November 15, 2018
We just wrapped up five months of in-depth research focused on providing some clarity into what technologies from which vendors actually enable Zero Trust (not just talk about it). It didn’t take long to discern those among the vendor community that really embraced the strategic benefits of Zero Trust — and those that seemed to just […]
Read More
BLOG

Examine The Cybersecurity Risk Ratings Market With The Forrester New Wave™ Evaluation

Nick Hayes November 13, 2018
The Forrester New Wave™: Cybersecurity Risk Ratings, Q4 2018 Earlier today, we published “The Forrester New Wave™: Cybersecurity Risk Ratings, Q4 2018” evaluation. We take a close look at the nine most important vendors in this rising market, reviewing their current capabilities, customer references, and strategic road maps. This includes vendor profiles, with our analysis and buyer […]
Read More
BLOG

Forrester’s Cyber Predictions For 2019: The European Take

Paul McKay November 5, 2018
Today, my team published Forrester’s predictions for the cybersecurity industry in 2019. We listed five key trends that we think will impact the industry over the next 12 months. Here is my take on how three of these trends will play out in the European cybersecurity market: Economic espionage in Europe will increase due to […]
Read More
BLOG

IBM Bets Big On Security Training And Leadership As A Differentiator

Stephanie Balaouras October 16, 2018
In late 2016, IBM announced the availability of its full-scale cyber range at the Cambridge, MA headquarters of its security division. With two shifts per day and currently booked out six to eight months, it’s been a huge success for the division. The range isn’t just about training security incident response analysts; it’s a full […]
Read More
BLOG

Climate Change Is Transforming Business

Stephanie Balaouras October 10, 2018
It may not seem like it yet, but climate change is altering the world so drastically that all enterprises will need to undergo a transformation to avoid going extinct. Earlier this week, the UN’s Intergovernmental Panel on Climate Change (IPCC) reported (with high confidence) that at the rate we’re going, global warming of 1.5°C is likely […]
Read More
BLOG

How I Almost Got Phished And Why Training Isn’t Enough

Josh Zelonis October 5, 2018
I received a text message the other day that looked a lot like what I might get from my bank if I triggered some antifraud check. The timing was impeccable; I had just used the card to pay for takeout and had walked out to my motorcycle to head home. When I initially got the […]
Read More
BLOG

Rushed Privacy Features Result In Sloppy Security

Amy DeMartine September 28, 2018
Facebook Loses More User Data (This Time Unintentionally) Facebook announced that it experienced a breach this week that lost 50 million users’ data. Ironically, the breach happened in part due to exploited bugs in three features developed to give users more control over their privacy. Some quick key lessons to take away from this breach: […]
Read More
BLOG

Come And Join Us To Learn How Security Can Safeguard Your Digital Investments And Help You Serve Your Customers Effectively

Paul McKay September 13, 2018
Security is one of those words that is associated with hackers, reputational failures, and fear, uncertainty, and doubt. I disagree: Security, when done properly, can be one of the biggest investments you make. It is crucial to building customer trust and safeguarding digital investments. Furthermore, responding well to a breach can enhance shareholder value and […]
Read More
BLOG

Zero Trust Technology Works; Excuses Don't

Chase Cunningham September 4, 2018
I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]
Read More
BLOG

Zero Trust Technology Works; Excuses Don’t

Chase Cunningham September 4, 2018
I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]
Read More
BLOG

A New Era Of Privacy Is Here — We Can Help You Navigate It

Fatemeh Khatibloo August 20, 2018
Who knew that failed data governance would be the thing to turn the privacy world on its ear? When the Facebook/Cambridge Analytica scandal broke . . . and then got worse, consumers and politicians alike finally seemed to understand that the data economy had gotten away from us all. As a result, 2018 has forever […]
Read More
BLOG

Cybersecurity Transformation Is A Thing, And It Needs Personal And Relentless Drive

Jinan Budge August 2, 2018
Well, it’s happening! My first Forrester report was published this week. (Forrester clients can access here.) The topic? Cybersecurity transformation, of course! It’s what I have lived and breathed for the last 3.5 years. I have also engaged peer CISOs doing terrific work transforming their firms’ security function and capabilities — I’ve always had a passion […]
Read More