vulnerability & threat management

As digital proliferates, vulnerability & threat management becomes more complicated. Read our insights to keep up with this evolving space.

Insights

BLOG

Unconventional Wisdom: Explore Paying The Ransom In Parallel With Other Recovery Options

Josh Zelonis June 4, 2019
Your organization has just received ransom notices across your infrastructure, informing you of what you already fear. All your critical business data has been encrypted. You are angry that someone’s moved your cheese, and you don’t want to reward them for it. Your emotions are confirmed by advisors who give you the conventional advice: “Don’t […]
Read More
BLOG

The Impact Of Digital Transformation On The Vulnerability Management Space

Josh Zelonis May 21, 2019
Digital transformation has rendered traditional vulnerability management solutions insufficient. Because of this, the next vulnerability risk management wave will focus on vendors developing solutions for today’s problems.
Read More
BLOG

Thoughts on the Spectre of Zero Trust

Josh Zelonis January 5, 2018
  The threat model has changed. Data breaches have traditionally required execution of some manner of code on a system to access data and a network connection to exfiltrate the data off the system. This is no longer the case, as Spectre reduces the requirement for code execution to anywhere on a device as opposed […]
Read More
BLOG

The Equifax Breach Will Haunt Us In Years To Come

Amy DeMartine December 19, 2017
Data breaches are now so common – and so large – that we measure them in percentage of worldwide internet users. Although Equifax doesn’t even make it into the top 5 at 4.08% of the approximately 3.5 billion internet users, news of it rocked citizens of the US when announced. The Equifax breach has unique […]
Read More
BLOG

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

Josh Zelonis November 9, 2017
A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been around for years, until there is a unified vision for these products, I continue to view […]
Read More
BLOG

Endpoint Security Solutions Offer A First Line Of Defense Against Cyberthreats

Jennifer Adams August 24, 2017
The number and complexity of cyberthreats are increasing. Traditional antimalware tools may not be adequate to protect your organization. As hackers create new, more-sophisticated malware, endpoint security solutions provide a critical line of defense, protecting PCs, laptops, and servers from malicious threats. Why is this important? Because employee endpoints are the interface between employees and […]
Read More
BLOG

What Kind of Threat Intelligence Are You Selling Me?

Josh Zelonis July 6, 2017
The threat intelligence market has not been well defined. This is a problem that frequently arises when marketing departments start playing buzzword bingo in a “me too” attempt to latch onto the latest trend. This year it’s happening with machine learning. Unfortunately, the market response to this type of message pollution is to “lose faith” […]
Read More
BLOG

For More Cyber Operations Wins, Cheat…

Chase Cunningham June 6, 2017
Before my last deployment (quite a while ago, thankfully) my unit was training on a variety of tactics to make us all more effective in an operational setting.  That’s the long way of saying we were all getting PT'd repeatedly and learning how terrible we were at stopping the bad guys, luckily we all got […]
Read More
BLOG

Prepare for Increasing Frequency of “Nation-State” Cyberattacks with Strategy, not Technology

Chase Cunningham May 22, 2017
Let me pose a question: “Is it a bad thing to give the average person a hand grenade with the pin pulled?” I think most of us would respond to that question with an emphatic “YES!”  No one in their right mind would think it's a good idea in any possible reality to allow anyone […]
Read More
PODCAST

Prioritizing Cybersecurity: Learnings From WannaCry

What It Means May 18, 2017
Forrester Principal Analyst Jeff Pollard explains the WannaCry ransomware attack and what it means to business and technology leaders as companies and institutions become increasingly under siege from cyberthreats.
Listen Now
BLOG

Data is the perimeter, defend it that way

Chase Cunningham May 15, 2017
Data is the perimeter, defend it that way Unless you have been living under a rock or possibly hiding in the mountains of Montana with a giant beard and eating way too many government issued MRE’s you probably heard about the nuclear bomb of a ransomware attack that kicked off last week.  Welcome to the […]
Read More
BLOG

New Research: Know Your Adversary

Rick Holland November 3, 2014
Mandiant's APT1 report changed the threat intelligence marketing game, and you would be hard pressed to find a cybersecurity company that doesn't have a research/intelligence team that produces threat actor reports. The previous few weeks have seen a significant amount of threat intelligence marketing around threat actor groups. FireEye released "APT28: A Window into Russia’s […]
Read More
BLOG

Introducing Forrester’s Targeted-Attack Hierarchy Of Needs

Rick Holland May 20, 2014
We recently published part 1 of a new series designed to help organizations build resiliency against targeted attacks. In the spirit of Maslow, we designed our Targeted-Attack Hierarchy Of Needs. One factor that significantly drove the tone and direction of this research was Forrester client inquiries and consulting. Many organizations were looking for a malware sandbox to […]
Read More
BLOG

What Does “Heartbleed” Mean To Consumers?

Anjali Lai May 7, 2014
With Kristopher Arcand When news about the Heartbleed bug captured worldwide attention last month, consumers learned that their personal information, initially thought to be secure, had in fact been vulnerable to hackers for years. Arguably the worst Internet breach of all time, the revelation left many questioning what to do next. To understand how consumer reaction to […]
Read More
BLOG

Choose Your Own Adventure With The 2014 Verizon DBIR

Rick Holland April 22, 2014
In a world where every single security vendor has their own annual threat report, the Verizon Databreach Investigations Report (DBIR) is the gold standard, and this year is no different. Last year I began blogging my initial analysis (Observations on the 2013 Verizon Data Breach Investigations Report), and I wanted to continue that again this […]
Read More
BLOG

Avoid The Information Security Squirrel

Rick Holland April 18, 2013
"My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. Squirrel!"   In the Pixar film Up, squirrels frequently distract Dug the talking dog. In our space, we are frequently distracted by technology. "I am a good and smart security professional; […]
Read More
BLOG

Observations From Black Hat – More Defense Please

Rick Holland August 1, 2012
Last week I had the opportunity to attend the 15th annual Black Hat security conference in Las Vegas. I have attended DEFCON in the past, but never Black Hat. The conference has grown significantly each year, and judging by the size of the expo floor, the vendors understand its significance. I enjoyed the conference and […]
Read More
BLOG

New Forrester Wave Evaluation: Vulnerability Management Products

Forrester July 21, 2010
Forrester has just completed a comprehensive assessment of vulnerability management products. The Forrester Vulnerability Management Wave report is now live. If you are a subscriber, please see here for the full report. In Forrester’s 53-criteria evaluation of vulnerability management vendors, we found that the market is rife with mature products. In particular, we found that Qualys […]
Read More