Forrester

For Security & Risk Professionals

Client Inquiry:Can You Use Intrusion Prevention Instead Of A Web Security Gateway?

Is it possible to use an intrusion prevention system (IPS) instead of using the full capabilities of a web security gateway (WSG)? What could an IPS provide for the web traffic beyond the WSG?

For Security & Risk Professionals

Blog:Your Vertical Is . . .

Companies often demand to know what their peers in a particular vertical market are doing within the realm of information security before making new decisions. “We’re in retail” or...

For Security & Risk Professionals

Client Inquiry:Is Tokenization The Right Technology To Encrypt Cardholder Data?

Tokenization: Is it the right technology to encrypt cardholder (saving and debit cards) data? What is the usage level of this product and of similar technologies on the market? What is the level of...

For Security & Risk Professionals

Blog:InfoSec, Structural Engineering, And The Security Architecture Playbook

Last year the country of Japan suffered a devastating disaster of unspeakable proportions. A massive earthquake on the eastern coast of the country triggered a deadly tsunami that caused the flooding...

For Security & Risk Professionals

Blog:Preview Of PCI DSS 1.3 – Oops 2.0 – Released

The PCI Security Standards Council released the summary of changes for the new version of PCI — 2.0.  Merchants, you can quit holding your breath as this document is a yawner...

For Security & Risk Professionals

Client Inquiry:What Are Best Practices For Log Management And Security Information Management?

We would like to understand some best practices in the field of log management. More specifically: 1. Is it a best practice to correlate, aggregate, and monitor all logs for business risk and...

For Security & Risk Professionals

Client Inquiry:What Are Current Trends In Remote Access And SSL Functionality?

We are currently exploring all remote access options, particularly SSL functionality. What kind of trends are you are seeing in these areas?

For Security & Risk Professionals

Blog:How To Survive And Thrive At #SXSW If You’re Not From Texas

I’ll be in Austin, TX this weekend to participate in South-by-Southwest Interactive. My panel “Big Data Smackdown on Cybersecurity” will be held Sunday, March 11 from 12:30PM -...

For Security & Risk Professionals

Blog:Go Long On Glue Manufacturers

FLASH TRAFFIC: This just in! The Washington Post is reporting a new wrinkle in cyberwarfare. In the article Defense official discloses cyberattack, the Post reports that “malicious code placed...

For Security & Risk Professionals

Client Inquiry:What Are Some Best Practices For Using Jump Servers?

Are there certain vendors/solutions/configurations that are considered best practices for jump servers? Are organizations relying entirely on authentication and authorization controls, without having...

For Security & Risk Professionals

Client Inquiry:How Do You Centrally Manage And Encrypt Data On USB Drives?

We are looking for a solution to centrally manage USB drives for all of our desktops. More specifically, we would want to ensure that data on the USB drive is encrypted. Does Forrester have any...

For Security & Risk Professionals

Blog:Lies, Damn Lies, Security Metrics, And Baseball

The legendary British Prime Minister Benjamin Disraeli is said to have noted that “There are lies, damn lies, and statistics.” Much of the technology world is focused on statistics and...

For Security & Risk Professionals

Client Inquiry:What Are The Most Critical PCI Log Management Requirements?

When it comes to selecting a logging consolidation tool for an enterprise, what are some tips for developing a request for proposal? Based on your experience, what would you single out as the most...

For Security & Risk Professionals

Blog:RSA’s Acquisition Of NetWitness Validates Forrester’s NAV Concept

Today EMC’s security division RSA announced the acquisition of NAV (Network Analysis and Visibility) vendor NetWitness. Some pundits have suggested that this is a direct...

For Security & Risk Professionals

Client Inquiry:What Are PCI And Patching Best Practices?

A Payment Card Industry (PCI) certified environment requires patching within 30 days of the patch's release, but what is common practice in a PCI shop?

For Security & Risk Professionals

Client Inquiry:How Should We Select Unified Threat Management Vendors?

We are in the process of selecting unified threat management (UTM) vendors. We have completed a decision analysis based on a technical needs assessment, but we need help narrowing down our vendors....

For Security & Risk Professionals

Blog:WikiLeaks And Stratfor Make The Case For More Data Encryption

Yesterday, WikiLeaks released emails taken in the highly-publicized Stratfor data breach. While many of the emails are innocuous, such as accusations regarding a stolen lunch from the company...

For Security & Risk Professionals

Client Inquiry:What Are Some Enterprise Key Management Vendor Options?

What vendors compete in the enterprise key management market?

For Security & Risk Professionals

Client Inquiry:Types Of IT Security Certificates

Can you provide us with definitions on the following types of security certificates: 1) SSL; 2) EFS; 3) device certificates; 4) user certificates; 5) code certificates; 6) signed and unsigned...

For Security & Risk Professionals

Blog:Exploring The Invisible Internet

At Forrester's Security Forum 2011 in Miami, November 9-10, we will be reprising the wildly successful "Hackers Vs. Executives" track session. There will be two leading security...

Client Inquiry:Standard PCI Report Templates

Are there any standard PCI report templates for providing information to my QSA?