 |
With the new year come our Trends reports, which examine the drivers shaping various security markets. Take a look at these recent Trends reports:
More will come throughout Q1.
We've recently used the Forrester Wave™ to evaluate
Security Configuration Management and Enterprise Antispyware
Spyware, phishing, pharming, Trojans . . . it's no wonder that the Federal Financial Institutions Examination Council (FFIEC) issued new guidelines on online authentication, acknowledging that passwords are insufficient as the sole means of security. How firms interpret the new guidelines will distinguish not just whether they pass audits and avoid penalties, but also whether they can effectively alleviate problems of online fraud and account takeover.
Traditionally thought of as more conservative in their approach to IT and IT security, European firms have been accelerating their security spending in the past few years. Forrester recently surveyed 1,375 decision-makers at European enterprises to capture the state of enterprise security in Europe.
|
|
|
CSI: Cyberspace
Given that crimes and attacks are increasingly occurring over the Internet, there is a burgeoning need to develop and utilize forensic and investigative skills and tools for the digital realm. Sadly, IT security's culture of secrecy and shame makes it harder for you to learn how to prepare for and conduct successful digital investigations than it is for attackers to learn new attacks and how to cover their tracks. But don't despair -- products designed for specific types of investigations, information sharing groups, and partnerships between industry and law enforcement agencies are all making digital investigations less of a black art. The digital investigations market is entering its adolescent growth spurt. So, what should you do next? Create and train your incident response and digital investigations teams, and form relationships with experts from law enforcement and consultancies, so they'll be ready to help you when you need them.
The Forrester Wave™: Security Information Management, Q4 2005
Security information management (SIM) is one of firms' most versatile weapons for handling security threats. Vendors' SIM products help customers detect threatening activities on the network, understand the importance or impact of the threats, and launch remediation plans. There are three common uses of the technology: centralized security operations centers, distributed incident response teams, and compliance management.
|
To assess the state of the SIM market and to see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top SIM vendors across more than 100 criteria. Consul Risk Management, netForensics, and Network Intelligence each stood out as a vendor that will satisfy all three of these usage areas, with ArcSight following close behind.
Perimeter? What Perimeter?
As any security pro will tell you, the network perimeter is getting harder and harder to define, let alone defend. Moreover, those who have authorized access to internal resources are often far more dangerous than those who need to breach a perimeter firewall to get inside the network. In this new environment, companies should adopt a twofold strategy of secure design and threat protection. How? By constructing a security life cycle that evaluates, assigns, segments, and monitors the network according to security policies.
Effectively Managing A Changing Security Organization
As organizations elevate security policy and high-skill activities, they devolve responsibility for more mature security countermeasures. This can create a divide between the policy and business-oriented risk management aspects of security and the day-to-day security technology tasks that protect against attack. The organizations most successful at adapting to this new landscape will be those that align themselves correctly and choose the right technology to bridge the gap between the policy-based and operational aspects of security.
We'd Like To Hear From You
I'd really like to hear about topics you'd like to see us cover, data you need, or technologies you want assessed. Drop me a line at securityFL@forrester.com.
Jonathan Penn
Principal Analyst, Security
Upcoming Forrester Teleconferences
Forrester Teleconferences are live, interactive, hourlong teleconferences that incorporate a simultaneous WebEx slide presentation by a Forrester analyst and are followed by an open forum for questions and discussion.
EMAIL: Email this issue to a colleague.
PRINT: View a printer-friendly version of this issue.
VIEW ARCHIVE: View past issues of First Look.
TECHNICAL SUPPORT: Call the Client Resource Center
1 866/FORRESTER (1 866/367-7378) or +1 617/613-5730.
EMAIL SUBSCRIPTIONS: If you'd like to subscribe or unsubscribe to First Look, please go to your Email Subscriptions page.
|
|
|
Entire contents 1997-2006, Forrester Research, Inc. All rights reserved.
Forrester, Forrester Oval Program, Forrester Wave, Forrester's
Ultimate Consumer Panel, WholeView 2, Technographics, TechRankings, and
Total Economic Impact are trademarks of Forrester Research, Inc. All other
trademarks are the property of their respective companies. Forrester
clients may make one attributed copy or slide of each figure contained
herein. Additional reproduction is strictly prohibited. For additional
reproduction rights and usage information, go to www.forrester.com.
Information is based on best available resources. Opinions reflect judgment
at the time and are subject to change.
Forrester Research, Inc., 400 Technology Square, Cambridge, MA 02139
|
