Forrester

For Security & Risk Professionals

Blog:My Threat Intelligence Can Beat Up Your Threat Intelligence

Have you ever been in a vendor meeting and heard the vendor extol the greatness of their threat intelligence?  You may have even seen a slide that looks similar to this: The vendor probably...

For Security & Risk Professionals

Blog:Avoid The Information Security Squirrel

"My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. Squirrel!"   In the Pixar film Up, squirrels frequently distract Dug the talking...

For Security & Risk Professionals

Client Inquiry:How Do Companies Manage Internet Security?

We have several questions: 1) How do companies manage employee Internet access? 2) How do they authenticate employees? 3) How do they block access to unwanted applications? 4) How can we block...

For Security & Risk Professionals

Blog:Bit9’s Operational Oversight Is Probably Your Operational Reality

You are now no doubt aware that Boston-based security firm Bit9 suffered an alarming compromise, which resulted in attackers gaining access to code-signing certificates that were then used to sign...

For Security & Risk Professionals

Blog:Planning For Failure, Personal Edition -- Strategies To Protect Yourself In 2012

This week I did a webcast, Planning for Failure, which makes the assumption that if you haven't been breached, it is inevitable, and you must be able to quickly detect and respond to...

For Security & Risk Professionals

Blog:The Content Security Forecast Calls For Clouds

I am very excited to introduce my first Forrester report, "The Content Security Forecast Calls For Clouds."  I wrote the report to help guide your strategy on SaaS based email and web content...

For Security & Risk Professionals

Report:Top 15 Trends S&R Pros Should Watch: Q2 2013

From frantic security operations problems to the changing threat landscape, CISOs, senior security leaders, and other IT risk management leaders consistently have trouble keeping up with key trends...

• Downloads: 301
• Rating:

For Security & Risk Professionals

Blog:Virtualization Security, Better Late Than Never

I am excited to announce my latest research, The CISO's Guide To Virtualization Security. This is the first report in a new series focusing on securing virtual environments.  The reduced...

For Security & Risk Professionals

Blog:The Forrester Wave: Email Content Security

It is with great pleasure that I announce the completion of my first Forrester Wave™: Email Content Security, Q4 2012. I’d like to thank the research associates (Jessica McKee and...

For Security & Risk Professionals

Blog:Crowdsourcing my RSA panels

The San Francisco RSA conference is now less than two weeks away, and this year I am moderating two great panels. I thought I'd reach out and solicit suggestions for discussion.  ...

For Security & Risk Professionals

Report:The CISO's Guide To Virtualization Security

Get Off The Bench And Look Into Your Virtual Environment

In today's data centers, IT often virtualizes new applications and workloads by default. Virtualization is the norm; deploying a physical server is the exception. The technology is mature and...

• Downloads: 863
• Rating:

For Security & Risk Professionals

Blog:Expense In Depth And The Trouble With The Tribbles

You remember the tribbles don't you? The cute, harmless looking alien species from the second season of the original Star Trek that turn out to be anything but benign. They are born pregnant and...

For Security & Risk Professionals

Report:Defend Your Data From Mutating Threats With A Zero Trust Network

Executive Overview: The Security Architecture And Operations Playbook

We've all heard about the "evolving threat landscape." In biology, evolution is a process that takes millions of years to occur as a result of small changes in successive generations. Mutations, on...

• Downloads: 303

For Security & Risk Professionals

Blog:Force Multipliers - What Security & Risk Professionals Can Learn From Special Forces

Last week I read an article on wired.com’s Danger Room blog about the elite US military Special Forces command, JSOC.  The units within the Joint Special Operations Command (Delta Force...

For Security & Risk Professionals

Client Inquiry:How Do Data Leak Prevention And Information Rights Management Solutions Compare?

Could you provide information on data leak prevention (DLP) versus information rights management (IRM) solutions? Do you recommend one or the other or both? What vendors play in this space?

For Security & Risk Professionals

Report:The Forrester Wave™: Email Content Security, Q4 2012

The Nine Providers That Matter Most And How They Stack Up

In Forrester's 47-criteria evaluation of email content security vendors, we identified the nine most significant vendors in the category and researched, analyzed, and scored them: Barracuda Networks,...

• Downloads: 471
• Comments: 3
• Rating:

For Security & Risk Professionals

Report:Five Steps To Build An Effective Threat Intelligence Capability

Tools And Technology: The Security Architecture And Operations Playbook

Against today's mutating threat landscape and sophisticated cybercriminals, security and risk (S&R) professionals are outgunned and outmatched. The traditional strategy of waiting for an alert and...

• Downloads: 484
• Comments: 2
• Rating:

For Security & Risk Professionals

Blog:Planning For Failure

We are excited to announce "Planning For Failure," the first collaborative report in a series of new research taking a closer look at incident management and response.  A look back at the...

For Security & Risk Professionals

Client Inquiry:Why Don't Some Companies Inspect Outbound HTTPS?

Why don't some companies inspect outbound HTTPS? Are privacy or legal considerations the primary factor?

For Security & Risk Professionals

Blog:Shoulder Surfing The Friendly Skies

FAIL at 30,000ish feet  When you fly nearly every week, you can get pretty bored on a plane.  When I am sick of working, playing games, or watching movies, my latest distraction is checking...

For Security & Risk Professionals

Report:Seven Habits Of Highly Effective Incident Response Teams

Assessment: The Security Architecture And Operations Playbook

Given the continued metastasizing of the threat landscape, it comes as no surprise that enterprises should possess mature incident response capabilities that are built on staff, augmented by...

• Downloads: 214
• Rating:

For Security & Risk Professionals

Client Inquiry:How Are Hospital Networks Protecting Themselves From Third-Party Devices?

We would like to know how hospitals are protecting themselves against clinical devices infecting their networks. We have many third-party-owned or -maintained devices, such as PACS, medical devices,...

For Security & Risk Professionals

Blog:Observations From Black Hat - More Defense Please

Last week I had the opportunity to attend the 15th annual Black Hat security conference in Las Vegas. I have attended DEFCON in the past, but never Black Hat. The conference has grown significantly...

For Security & Risk Professionals

Report:Content Security: 2012 Budget And Planning Guide

A Review Of Budgets, Spending Intentions, Technology Adoption, And Key Trends

To help Forrester clients with their content security strategy for 2011, Forrester predicted three significant trends. So how'd we do? We got two correct and one half right. As expected, content...

• Downloads: 509

For Security & Risk Professionals

Report:Planning For Failure

An Effective Incident Management Program Is Essential To Help You Stay In Business

It's not a question of if — but when — your organization will experience a serious security breach. Cybercriminals are using more sophisticated and targeted attacks to steal everything...

• Downloads: 672