security & risk

David Holmes formerly worked for both F5 Networks and Shape Security. The F5 Networks acquisition of Shape Security marked the third time in a year that a web application firewall (WAF) vendor purchased a bot management solution, as fellow Forrester analyst Sandy Carielli noted in her blog (The WAF-Bot Management Acquisition Waltz). The other two […]

AI, Privacy, And Transparency Dominate The Marketing Discussion At CES 2020 Rather than trolling the floor of the more than 4,400 exhibits at this year’s Consumer Electronics Show (CES) looking for the technology of the future, Jay Pattisall tried something different: listening to the conversations of marketers and agency executives for hot issues. Artificial intelligence […]

It’s that time of year: when folks make up their minds that things are going to change. The gym is full of new members who are eager to get into their journey toward some other semblance of better health, or a beach body, or some change that they desire. Others are in that annual state […]

With F5 Networks buying itself a $1 billion Christmas present in Shape Security, it’s a good time to review the state of the bot management market. The Shape Security sale caps off a year of bot management acquisitions by web application firewall (WAF) vendors. In January, Radware announced that it had acquired ShieldSquare, and in […]

Thanks for checking out the last FORRward perspective for 2019. We’ll be back in 2020 with more fresh ideas and thoughtful commentary. Wishing everyone a wonderful holiday! Healthcare CIOs Are Pushing US Congress To Block Patient Data Sharing Across Mobile Apps The College of Healthcare Information Management Executives (CHIME), representing more than 3,200 CIOs and […]

New risks emerge around user location data that may have you rethinking your cybersecurity plan.

From the Intel-McAfee deal to the Sony Pictures breach, VP and Principal Analyst Jeff Pollard reviews the past decade’s cybersecurity highlights and lowlights.

Product Security Takes Center Stage As Attackers’ Livestream Ring Devices Harass Users The astronomical success of Ring’s opt-in surveillance products took a dark turn over the last week when attackers began reusing credentials to gain access to the devices and harass families. The devices themselves were not compromised; instead, attackers reused passwords from accounts without […]

A distributed denial of service attack can turn a retailer's holiday season from merry to miserable. Learn how to protect yourself.

Each year, Forrester Research and the Disaster Recovery Journal (DRJ) team up to launch a study examining the state of business resiliency. Each year, we focus on a resiliency domain: IT disaster recovery (DR), business continuity (BC), or overall enterprise risk management (ERM). The studies provide BC pros, DR pros, and other risk managers an […]

Forrester VP and Group Director Stephanie Balaouras reviews the infusion of an open source development mentality in IBM Security and the impact on the broader security ecosystem.

Discover why sustainability and climate adaptation planning aren’t the same, and why your firm needs both to succeed.

I am often asked, “Renee, what is integrated risk management (IRM), and how is it different from GRC?” You are neither misinformed nor are you horribly confused. We have been on a seven-year journey together maturing governance, risk management, and compliance (GRC) programs to eventually give you the process, program, and data to get to […]

Today, my inaugural evaluation of the European consulting services provider market published, as I write this blog from the city of Barcelona. Along with “The Forrester Wave™: Cybersecurity Consulting Services In Asia Pacific, Q4 2019,” which published yesterday (see here), this marks the first time that we have explicitly assessed the European security consulting services […]

Bot traffic can eat into profits and sabotage customer experiences. Learn how to play defense.

This year’s NCSAM theme of “Own IT. Secure IT. Protect IT.” is a powerful call to action for ownership and accountability. However, many heeding this call won’t think about how it also extends to the vast and growing network of third-party relationships. Why? For most organizations, third parties complicate cybersecurity risk management.

We, as security practitioners, need to be mindful about what we mean when we say “2FA” or “MFA.” These terms are often used interchangeably. The confusion is understandable, since 2FA is a subset of MFA. However, just like Halloween candy, MFA (including 2FA) comes in many flavors. Let’s unpack these terms and consider the various […]

Are you a tech optimist? I generally tend to be. Yet as I read about new technology, I sometimes find myself thinking, “This is amazing! And terrifying.” As we approach the end of cybersecurity Awareness Month, I’d like to draw attention to the issue of technology-facilitated abuse. Abusers Use Technology To Control And Hold Power […]

Cybersecurity needs to be part of every retailer's holiday strategy. Learn how to protect against one particularly menacing threat.