Forrester

For Security & Risk Professionals

Client Inquiry:Can You Use Intrusion Prevention Instead Of A Web Security Gateway?

Is it possible to use an intrusion prevention system (IPS) instead of using the full capabilities of a web security gateway (WSG)? What could an IPS provide for the web traffic beyond the WSG?

For Security & Risk Professionals

Blog:Your Vertical Is . . .

Companies often demand to know what their peers in a particular vertical market are doing within the realm of information security before making new decisions. “We’re in retail” or...

For Security & Risk Professionals

Report:Market Overview: Intrusion Prevention Systems, Q2 2011

A Mature Space, IPS Is Still The Bulwark Of Network Security

An intrusion prevention system (IPS) complements traditional firewalls by inspecting the entire network packet looking for malicious traffic that is often invisible to Layer 3 firewalls. While...

• Downloads: 961

For Security & Risk Professionals

Report:Rethinking DLP: Introducing The Forrester DLP Maturity Grid

Assessment Framework: The Data Security And Privacy Playbook

Data loss prevention or protection (DLP) — depending upon your usage — is both one of the hottest topics and most difficult challenges among information security professionals today. In...

• Downloads: 1028
• Rating:

For Security & Risk Professionals

Report:PCI X-Ray: Assessments And Testing

To effectively deal with the broad and complex requirements of Payment Card Industry (PCI) data security, you need to break the elements apart to provide enhanced clarity. We've designed the PCI...

• Downloads: 366

For Security & Risk Professionals

Report:Simplify Cybersecurity With PCI

Policy And Procedures US Government Spotlight: The Security Architecture And Operations Playbook

US federal law, specifically the Federal Information Security Management Act (FISMA), requires US federal government agencies to adhere to National Institute of Standards and Technology (NIST)...

• Downloads: 228

For Security & Risk Professionals

Report:Dial "H" For Hack

An Empowered Report: Understanding The Threats To Unified Communication And VoIP Deployments

In many companies, the worlds of data networking and telecommunications have merged, and voice and video traffic travels with other enterprise data on the same corporate network. Often known...

• Downloads: 522

For Security & Risk Professionals

Client Inquiry:Is Tokenization The Right Technology To Encrypt Cardholder Data?

Tokenization: Is it the right technology to encrypt cardholder (saving and debit cards) data? What is the usage level of this product and of similar technologies on the market? What is the level of...

For Security & Risk Professionals

Blog:InfoSec, Structural Engineering, And The Security Architecture Playbook

Last year the country of Japan suffered a devastating disaster of unspeakable proportions. A massive earthquake on the eastern coast of the country triggered a deadly tsunami that caused the flooding...

For Security & Risk Professionals

Blog:Preview Of PCI DSS 1.3 – Oops 2.0 – Released

The PCI Security Standards Council released the summary of changes for the new version of PCI — 2.0.  Merchants, you can quit holding your breath as this document is a yawner...

For Security & Risk Professionals

Report:PCI X-Ray: Application Security Checklist

This is a workbook that supplements the PCI X-Ray: Application Security Document

• Downloads: 33

For Security & Risk Professionals

Report:Top 15 Trends S&R Pros Should Watch: Q2 2013

From frantic security operations problems to the changing threat landscape, CISOs, senior security leaders, and other IT risk management leaders consistently have trouble keeping up with key trends...

• Downloads: 291
• Rating:

For Security & Risk Professionals

Report:Strategy Deep Dive: Define Your Data

Rethinking Data Discovery And Classification For Data Security

Defining data via data discovery and classification is an often overlooked, yet critical, component of data security and control. Security and risk (S&R) pros can't expect to adequately protect data...

• Downloads: 170
• Rating:

For Security & Risk Professionals

Report:The Forrester Wave™: Network Access Control, Q2 2011

ForeScout, Juniper, And Bradford Networks Outdistance The Pack, But Cisco, McAfee, And Enterasys Are Close Behind

In Forrester's 72-criteria evaluation of network access control (NAC) vendors, we found few notable points of differentiation between vendor offerings. Thus we have a tight clustering of vendors...

• Downloads: 984

For Security & Risk Professionals

Client Inquiry:What Are Best Practices For Log Management And Security Information Management?

We would like to understand some best practices in the field of log management. More specifically: 1. Is it a best practice to correlate, aggregate, and monitor all logs for business risk and...

For Security & Risk Professionals

Report:Q&A: Streamlining Your Patch Management Strategy

Forrester continues to receive many customer inquiries related to effective patch management of servers and endpoints. Balancing the urgency of patching with the need to minimize employee downtime...

• Downloads: 393

For Security & Risk Professionals

Client Inquiry:What Are Current Trends In Remote Access And SSL Functionality?

We are currently exploring all remote access options, particularly SSL functionality. What kind of trends are you are seeing in these areas?

For Security & Risk Professionals

Blog:How To Survive And Thrive At #SXSW If You’re Not From Texas

I’ll be in Austin, TX this weekend to participate in South-by-Southwest Interactive. My panel “Big Data Smackdown on Cybersecurity” will be held Sunday, March 11 from 12:30PM -...

For Security & Risk Professionals

Report:Dissect Data To Gain Actionable INTEL

Forrester's Data Security And Control Framework

Forrester segments the problem of securing and controlling data into three areas: 1) defining the data; 2) dissecting and analyzing the data; and 3) defending and protecting the data. We refer to...

• Downloads: 304
• Rating:

For Security & Risk Professionals

Blog:Go Long On Glue Manufacturers

FLASH TRAFFIC: This just in! The Washington Post is reporting a new wrinkle in cyberwarfare. In the article Defense official discloses cyberattack, the Post reports that “malicious code placed...

For Security & Risk Professionals

Tool:TechRadar™: Network Threat Mitigation, Q2 '12

For Security & Risk Professionals

Client Inquiry:What Are Some Best Practices For Using Jump Servers?

Are there certain vendors/solutions/configurations that are considered best practices for jump servers? Are organizations relying entirely on authentication and authorization controls, without having...

For Security & Risk Professionals

Client Inquiry:How Do You Centrally Manage And Encrypt Data On USB Drives?

We are looking for a solution to centrally manage USB drives for all of our desktops. More specifically, we would want to ensure that data on the USB drive is encrypted. Does Forrester have any...

For Security & Risk Professionals

Report:Control And Protect Sensitive Information In The Era Of Big Data

Future Look: The Data Security And Privacy Playbook

This report outlines the future look of Forrester's solution for security and risk (S&R) executives seeking to develop a holistic strategy to protect and manage sensitive data. In the...

• Downloads: 1600
• Rating:

For Security & Risk Professionals

Blog:Lies, Damn Lies, Security Metrics, And Baseball

The legendary British Prime Minister Benjamin Disraeli is said to have noted that “There are lies, damn lies, and statistics.” Much of the technology world is focused on statistics and...