Vulnerability Management
As digital proliferates, vulnerability management becomes more complicated. Read our insights to keep up with this evolving space.
Insights
Blog
Microsoft Purchases CyberX
Today, Microsoft announced that it has acquired Waltham, Massachusetts-based internet-of-things (IoT) and industrial control system (ICS) security vendor CyberX. While the purchase price was not disclosed, media reports are speculating that the purchase price was somewhere between $150–$165 million. Founded in 2013, CyberX has raised $48 million in venture capital, so this deal provides a good return to investors. CyberX’s core solution can monitor IoT and ICS environments […]
Read More
Blog
In A Crisis, People Want Dependable Technology
If there’s one thing the COVID-19 pandemic has taught businesses, it’s how vital core infrastructure and operations are to an organization’s resiliency and dependability. But where does innovation fit into the new normal?
Read More
Predictions 2021 Hub
Explore our blog posts, videos, guides, and other resources to understand the dynamics that will shape 2021.
Blog
Adventures In New And Evolving Coverage: Threat Detection And Response
Every once in a while, something happens that leaves you walking away feeling like you got away with murder. Today, I get to share with you one of my latest exploits. My coverage here at Forrester for the past 3-plus years has been vulnerability management, threat intelligence, detection technologies, and incident response. While each of […]
Read More
Blog
Three Critical Metrics You Should Expect From A Vulnerability Risk Management Solution
Many vulnerability risk management (VRM) solutions are limited and fail to provide meaningful metrics about the health of your VRM program. One example is the use of counting metrics such as the number of vulnerabilities identified in your organization. Counting stats don’t have any real value because they fail to provide context. These vulnerabilities could […]
Read More
Blog
Unconventional Wisdom: Explore Paying The Ransom In Parallel With Other Recovery Options
Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]
Read More
Blog
The Impact Of Digital Transformation On The Vulnerability Management Space
Digital transformation has rendered traditional vulnerability management solutions insufficient. Because of this, the next vulnerability risk management wave will focus on vendors developing solutions for today’s problems.
Read More
Blog
Thoughts on the Spectre of Zero Trust
The threat model has changed. Data breaches have traditionally required execution of some manner of code on a system to access data and a network connection to exfiltrate the data off the system. This is no longer the case, as Spectre reduces the requirement for code execution to anywhere on a device as opposed […]
Read More
Blog
The Equifax Breach Will Haunt Us In Years To Come
Data breaches are now so common – and so large – that we measure them in percentage of worldwide internet users. Although Equifax doesn’t even make it into the top 5 at 4.08% of the approximately 3.5 billion internet users, news of it rocked citizens of the US when announced. The Equifax breach has unique […]
Read More
Blog
TIP of the Iceberg: Research Announcement on Threat Intel Platforms
A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been around for years, until there is a unified vision for these products, I continue to view […]
Read More
Blog
Endpoint Security Solutions Offer A First Line Of Defense Against Cyberthreats
The number and complexity of cyberthreats are increasing. Traditional antimalware tools may not be adequate to protect your organization. As hackers create new, more-sophisticated malware, endpoint security solutions provide a critical line of defense, protecting PCs, laptops, and servers from malicious threats. Why is this important? Because employee endpoints are the interface between employees and […]
Read More
Blog
What Kind of Threat Intelligence Are You Selling Me?
The threat intelligence market has not been well defined. This is a problem that frequently arises when marketing departments start playing buzzword bingo in a “me too” attempt to latch onto the latest trend. This year it’s happening with machine learning. Unfortunately, the market response to this type of message pollution is to “lose faith” […]
Read More
Blog
For More Cyber Operations Wins, Cheat…
Before my last deployment (quite a while ago, thankfully) my unit was training on a variety of tactics to make us all more effective in an operational setting. That’s the long way of saying we were all getting PT'd repeatedly and learning how terrible we were at stopping the bad guys, luckily we all got […]
Read More
Blog
Prepare for Increasing Frequency of “Nation-State” Cyberattacks with Strategy, not Technology
Let me pose a question: “Is it a bad thing to give the average person a hand grenade with the pin pulled?” I think most of us would respond to that question with an emphatic “YES!” No one in their right mind would think it's a good idea in any possible reality to allow anyone […]
Read More
Podcast
Prioritizing Cybersecurity: Learnings From WannaCry
Forrester Principal Analyst Jeff Pollard explains the WannaCry ransomware attack and what it means to business and technology leaders as companies and institutions become increasingly under siege from cyberthreats.
Listen Now
Blog
Data is the perimeter, defend it that way
Data is the perimeter, defend it that way Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE’s you probably heard about the nuclear bomb of a ransomware attack that kicked off last week. Welcome to the […]
Read More
Blog
New Research: Know Your Adversary
Mandiant's APT1 report changed the threat intelligence marketing game, and you would be hard pressed to find a cybersecurity company that doesn't have a research/intelligence team that produces threat actor reports. The previous few weeks have seen a significant amount of threat intelligence marketing around threat actor groups. FireEye released "APT28: A Window into Russia’s […]
Read More
Blog
Introducing Forrester’s Targeted-Attack Hierarchy Of Needs
We recently published part 1 of a new series designed to help organizations build resiliency against targeted attacks. In the spirit of Maslow, we designed our Targeted-Attack Hierarchy Of Needs. One factor that significantly drove the tone and direction of this research was Forrester client inquiries and consulting. Many organizations were looking for a malware sandbox to […]
Read More
Blog
What Does “Heartbleed” Mean To Consumers?
With Kristopher Arcand When news about the Heartbleed bug captured worldwide attention last month, consumers learned that their personal information, initially thought to be secure, had in fact been vulnerable to hackers for years. Arguably the worst Internet breach of all time, the revelation left many questioning what to do next. To understand how consumer reaction to […]
Read More
Blog
Choose Your Own Adventure With The 2014 Verizon DBIR
In a world where every single security vendor has their own annual threat report, the Verizon Databreach Investigations Report (DBIR) is the gold standard, and this year is no different. Last year I began blogging my initial analysis (Observations on the 2013 Verizon Data Breach Investigations Report), and I wanted to continue that again this […]
Read More
Blog
Avoid The Information Security Squirrel
"My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. Squirrel!" In the Pixar film Up, squirrels frequently distract Dug the talking dog. In our space, we are frequently distracted by technology. "I am a good and smart security professional; […]
Read More
More posts