For Security & Risk Professionals

Know Your Code: How Static Analysis Tools Make Applications More Secure

by Chenxi Wang, Ph.D., Andrew Jaquith, November 20, 2009

Many companies, besieged by audit findings and application vulnerabilities, recognize the benefits of eliminating security vulnerabilities early in the software life cycle. For this reason, static analysis technologies for analyzing code-level security . . .

For Security & Risk Professionals

Cloud Computing Checklist: How Secure Is Your Cloud?  (43 KB XLS)

by Chenxi Wang, Ph.D., October 30, 2009

If your organization is interested in cloud computing, there are some key security and privacy, compliance, and legal issues that you need to broach with the service provider. To help with this process, we've put together a checklist of key issues and . . .

For CIOs

Q&A: By 2011, CIOs Must Answer The Question, "Why Not Run In The Cloud?"

But Finding A Good Place To Start Is A Challenge For Most Shops

by James Staten, Ted Schadler, John R. Rymer, Chenxi Wang, Ph.D., August 14, 2009

At Forrester's IT Forum in Las Vegas in May 2009, we hosted an analyst panel about saving, making, and risking cash with cloud computing. The session sparked a lot of interest — and a lot of questions. With the buzz still strong, and a few more months . . .

For Security & Risk Professionals

TechRadar™ For SRM Professionals: Application Security, Q3 2009

Application Security Comes Of Age Despite A Slowdown In Security Spend

by Chenxi Wang, Ph.D., July 8, 2009

As application-level exploits continue to generate headline news, security professionals increasingly look to application security measures to protect their organizations. To succeed, security professionals must understand the maturity of the various . . .

For Security & Risk Professionals

Application Security Technology Adoption Trends in 2009   (434 KB PPT)

by Chenxi Wang, Ph.D., June 25, 2009

Application security issues continue to garner headline attention. However, the current economic downturn has put some of the new application security initiatives to test; we are seeing a slight slowdown in new technology adoption this year. These data . . .

For Security & Risk Professionals

Heavy Consolidation Among The Content Security Vendors Signals Market Maturity

Users Now Have Broader Functionality Suites To Choose From

by Chenxi Wang, Ph.D., June 17, 2009

In late 2008, the content security market saw a number of mergers and acquisitions. McAfee acquired Secure Computing, Symantec acquired MessageLabs, Marshal merged with 8e6, and Sophos acquired encryption vendor Utimaco. These activities, along with Webroot's . . .

For Security & Risk Professionals

How Secure Is Your Cloud?

A Close Look At Cloud Computing Security Issues

by Chenxi Wang, Ph.D., May 8, 2009

Amid a downturn economy, organizations increasingly look to cloud computing to improve operational efficiency, reduce headcounts, and help with the bottom line. But security and privacy concerns present a strong barrier-to-entry. In an age when the consequences . . .

For Security & Risk Professionals

The Forrester Wave™: Content Security Suites, Q2 2009

Websense Leads, With Symantec, McAfee/Secure Computing, And Trend Micro Close Behind

by Chenxi Wang, Ph.D., April 16, 2009

Forrester evaluated content security suite vendors, using a 41-criteria evaluation, partially based on the results of The Forrester Wave™: Email Filtering, Q2 2009 and The Forrester Wave™: Web Filtering, Q2 2009. We found that Websense . . .

For Security & Risk Professionals

The Forrester Wave™: Web Filtering, Q2 2009

Websense And McAfee/Secure Computing Lead, With Trend Micro, Cisco, Symantec/MessageLabs, And McAfee Trailing As Strong Performers

by Chenxi Wang, Ph.D., April 16, 2009

Forrester evaluated leading Web filtering technology vendors across 53 criteria and found that Websense and McAfee/Secure Computing lead the pack because of their broad functionality and focused strategy vision. Trend Micro, Cisco Systems, Symantec/MessageLabs, . . .

For Security & Risk Professionals

The Forrester Wave™: Email Filtering, Q2 2009

Symantec, Cisco Systems, And McAfee/Secure Computing Lead, With Google, Symantec/MessageLabs, And Microsoft Close Behind

by Chenxi Wang, Ph.D., April 16, 2009

In late 2008, Forrester conducted an in-depth evaluation of email security filtering, based on 57 criteria. Despite the flurry of recent market acquisitions, we found that this market is still characterized by strong appliance vendors with upstart cloud . . .

For Security & Risk Professionals

Deep Packet Inspection Is Ready For Prime Time

by Chenxi Wang, Ph.D., February 4, 2009

Deep packet inspection (DPI) is a technique that has seen success in traffic management, security, and network analysis. Different from purpose-built network solutions with DPI capabilities, a general DPI solution provides deep packet inspection for different . . .

For Security & Risk Professionals

Inquiry Spotlight: Content Security, Q1 2009

by Chenxi Wang, Ph.D., January 29, 2009

Content security is an issue that is consistently on the minds of IT security professionals. As organizations increasingly move toward collaboration, Web 2.0, and open architectures, content security takes on a renewed importance. Between October 2007 . . .

For Security & Risk Professionals

Market Overview: Content Security Suites

Point Solutions Mature, But Integration Is Weak

by Chenxi Wang, Ph.D., October 29, 2008

The content security market shows no sign of slowing down, as users continue to invest in content security solutions. Growing regulatory pressure demands an increasingly sophisticated level of data protection and management integration. The technology . . .

For Sourcing & Vendor Management Professionals

Handling IP Protection With Chinese Outsourcing Vendors

While The Concerns Are Real, Judicious Firms Can Minimize Outsourcing Risk

by Chenxi Wang, Ph.D., October 24, 2008

The world's top 10 offshore providers in IT, business process outsourcing (BPO), and product engineering are increasingly going to China, behind India and the Philippines, for offshoring tasks. However, the issue of intellectual property (IP) protection . . .

For Security & Risk Professionals

Inquiry Spotlight: Application Security, Q4 2008

by Chenxi Wang, Ph.D., October 17, 2008

The issue of application security is increasingly important for security professionals in today's ever-evolving application vulnerability landscape. But Forrester's data shows a clear disconnect between perceived importance of application security and . . .

For Security & Risk Professionals

Threat Report: The Trends And Changing Landscape Of Malware And Internet Threats

by Chenxi Wang, Ph.D., June 25, 2008

The past year saw significant proliferation and continued evolution of cybercrime on the Internet. Security and risk professionals are increasingly challenged to respond to the dynamic and ever-changing cyberthreats, yet many feel ill-equipped to do so. . . .

For Security & Risk Professionals

Enterprise Instant Messaging Security

by Chenxi Wang, Ph.D., June 25, 2008

Instant messaging (IM) has become an increasingly useful business tool for modern corporations. Businesses are seeing improved productivity with the adoption of IM, which offers a more fluid communication model than both email and voice communication. . . .

For Security & Risk Professionals

Spam Management Best Practices

by Chenxi Wang, Ph.D., June 25, 2008

Companies still struggle to keep up with spam volume and attack tactics years after spam first became a serious problem, and many see a continued investment drain for spam management. To keep a step ahead of spammers, organizations should adopt a hybrid . . .

For Security & Risk Professionals

Operationalizing Application Vulnerability Management

by Chenxi Wang, Ph.D., February 29, 2008

Criminals want access to your assets, and one of their preferred methods is to exploit vulnerabilities lurking in your applications. To protect your organization's applications and the information assets contained in them, security and risk professionals . . .

For Security & Risk Professionals

Content Security Is Becoming A Competition Among Suites

Websense Rounds Out Its Security Portfolio With Its Acquisition Of SurfControl

by Chenxi Wang, Ph.D., December 3, 2007

Websense recently completed its acquisition of SurfControl, not only taking out the No. 2 competitor in Web filtering, but also gaining a solid foothold in the email filtering space. Along with the information leak prevention (ILP) capabilities gained . . .

For Security & Risk Professionals

Web Filtering Market Overview 2007: Managing Risks On The Web

by Chenxi Wang, Ph.D., November 13, 2007

The Internet today is an increasingly risky environment, not just for consumers but also for enterprise users accessing from work. The advent of Web 2.0 sees a new wave of rich, interactive content that promises to be fertile ground for malware gestation. . . .

For Application Development & Program Management Professionals

HP And IBM Try To Pull Security Testing Into The Mainstream

by Chenxi Wang, Ph.D., September 21, 2007

Recently, two major platform vendors announced acquisitions of security testing vendors: IBM announced its intent to acquire Watchfire on June 6, 2007, and HP announced its intent to acquire SPI Dynamics on June 19, 2007. In both cases, the platform vendors . . .

For Security & Risk Professionals

Managing Application Security From Beginning To End

by Chenxi Wang, Ph.D., August 14, 2007

Organizations that develop applications in-house have a decision to make: you can wait until someone exploits vulnerability in your system and fix it, or you can proactively build security early on in your development process — mitigating vulnerabilities . . .

For Security & Risk Professionals

Image Spam: Spammer's CAPTCHA

New Spam Tricks And How To Protect Yourself

by Chenxi Wang, Ph.D., May 30, 2007

2006 saw the birth of image spam, which stumped many antispam programs. As image spam subsides, many companies are wary of what's coming next. With spam accounting for more than 90% of all email on the Internet today, any hiccup in the antispam filter . . .

For Vendor Strategy Professionals

China: Poised For Managed Security Services Growth

MSS Opportunities Lie In Partnership With Local ISPs

by Chenxi Wang, Ph.D., April 26, 2007

A managed services market quietly emerged in China in the past few years. Large data center operators, typically regional telcos and large ISPs, today run a healthy managed "power-and-pipe" business. The telcos are eyeing the next big moneymaker — managed . . .