Forrester

For Security & Risk Professionals

Report:Job Description: Security Architect

Organization: The Security Architecture And Operations Playbook

This report outlines the organizational implications of Forrester's solution for security and risk (S&R) executives working to rethink their security architecture and improve the effectiveness of...

• Downloads: 497

For Security & Risk Professionals

Client Inquiry:What Are Some Virtualization Security Best Practices?

Does Forrester still recommend the following for securing virtual environments? Enforce zone boundaries with separate hardware; hypervisor hosts should not take on network security functions such as...

For Security & Risk Professionals

Report:Defend Your Data From Mutating Threats With A Zero Trust Network

Executive Overview: The Security Architecture And Operations Playbook

We've all heard about the "evolving threat landscape." In biology, evolution is a process that takes millions of years to occur as a result of small changes in successive generations. Mutations, on...

• Downloads: 304

For Security & Risk Professionals

Blog:Shoulder Surfing The Friendly Skies

FAIL at 30,000ish feet  When you fly nearly every week, you can get pretty bored on a plane.  When I am sick of working, playing games, or watching movies, my latest distraction is checking...

For Security & Risk Professionals

Client Inquiry:How Are Hospital Networks Protecting Themselves From Third-Party Devices?

We would like to know how hospitals are protecting themselves against clinical devices infecting their networks. We have many third-party-owned or -maintained devices, such as PACS, medical devices,...

For Security & Risk Professionals

Blog:Crowdsourcing my RSA panels

The San Francisco RSA conference is now less than two weeks away, and this year I am moderating two great panels. I thought I'd reach out and solicit suggestions for discussion.  ...

For Security & Risk Professionals

Client Inquiry:How Should We Balance Spam-Filtering Risks?

What standards — if any — exist as to file types to block? Are zip files still viewed as a significant security risk, and if so, how do organizations balance the business need to access...

For Security & Risk Professionals

Blog:Observations From Black Hat - More Defense Please

Last week I had the opportunity to attend the 15th annual Black Hat security conference in Las Vegas. I have attended DEFCON in the past, but never Black Hat. The conference has grown significantly...

For Security & Risk Professionals

Blog:Hackers Vs. Executives Is Back

Our next installment of "Hackers vs. Executives" is just weeks away.  Join us at the Forrester Security Forum and sit in on one of the most popular sessions of the event each year. We have a...

For Security & Risk Professionals

Blog:An Unexpected RSA Encounter

Last Friday, after a long week of RSA conference events and meetings, I eagerly looked forward to slipping on my headphones and enjoying the relative silence of my flight back to Dallas. As I...

For Security & Risk Professionals

Blog:The Forrester Wave: Email Content Security

It is with great pleasure that I announce the completion of my first Forrester Wave™: Email Content Security, Q4 2012. I’d like to thank the research associates (Jessica McKee and...

For Security & Risk Professionals

Blog:Expense In Depth And The Trouble With The Tribbles

You remember the tribbles don't you? The cute, harmless looking alien species from the second season of the original Star Trek that turn out to be anything but benign. They are born pregnant and...

For Security & Risk Professionals

Report:The Forrester Wave™: Email Content Security, Q4 2012

The Nine Providers That Matter Most And How They Stack Up

In Forrester's 47-criteria evaluation of email content security vendors, we identified the nine most significant vendors in the category and researched, analyzed, and scored them: Barracuda Networks,...

• Downloads: 472
• Comments: 3
• Rating:

For Security & Risk Professionals

Tool:Forrester Wave™: Email Content Security, Q4 '12

For Security & Risk Professionals

Blog:Avoid The Information Security Squirrel

"My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. Squirrel!"   In the Pixar film Up, squirrels frequently distract Dug the talking...

For Security & Risk Professionals

Blog:Kim Kardashian And APTs

On Wednesday, American footwear company Skechers agreed to pay the US Federal Trade Commission $40 million. This settlement resulted from a series of commercials that deceived consumers claiming that...

For Security & Risk Professionals

Report:The CISO's Guide To Virtualization Security

Get Off The Bench And Look Into Your Virtual Environment

In today's data centers, IT often virtualizes new applications and workloads by default. Virtualization is the norm; deploying a physical server is the exception. The technology is mature and...

• Downloads: 863
• Rating:

For Security & Risk Professionals

Client Inquiry:How Do Companies Manage Internet Security?

We have several questions: 1) How do companies manage employee Internet access? 2) How do they authenticate employees? 3) How do they block access to unwanted applications? 4) How can we block...

For Security & Risk Professionals

Blog:My Threat Intelligence Can Beat Up Your Threat Intelligence

Have you ever been in a vendor meeting and heard the vendor extol the greatness of their threat intelligence?  You may have even seen a slide that looks similar to this: The vendor probably...

For Security & Risk Professionals

Report:Five Steps To Build An Effective Threat Intelligence Capability

Tools And Technology: The Security Architecture And Operations Playbook

Against today's mutating threat landscape and sophisticated cybercriminals, security and risk (S&R) professionals are outgunned and outmatched. The traditional strategy of waiting for an alert and...

• Downloads: 490
• Comments: 2
• Rating:

For Security & Risk Professionals

Blog:Incident Response Isn’t About Point Solutions; It’s About An Ecosystem

Today EMC announced the acquisition of Silicium Security.  Silicium’s ECAT product is a malware threat detection and response solution.  ECAT did not adopt the failed signature based...

For Security & Risk Professionals

Report:Top 15 Trends S&R Pros Should Watch: Q2 2013

From frantic security operations problems to the changing threat landscape, CISOs, senior security leaders, and other IT risk management leaders consistently have trouble keeping up with key trends...

• Downloads: 313
• Rating:

For Security & Risk Professionals

Client Inquiry:What Is The Industry-Standard Definition Of "Intrusion"?

I'm looking for an industry-standard definition of an "intrusion," including examples, scope, and scale if applicable. We have reporting obligations to the FBI and DSS for cyber intrusions.

For Security & Risk Professionals

Blog:Observations on the 2013 Verizon Data Breach Investigations Report

I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.)  I have found the report to be valuable year after year.  This is the...

For Security & Risk Professionals

Blog:Force Multipliers - What Security & Risk Professionals Can Learn From Special Forces

Last week I read an article on wired.com’s Danger Room blog about the elite US military Special Forces command, JSOC.  The units within the Joint Special Operations Command (Delta Force...