Allie Mellen

Analyst

Forrester Bio

Author Insights

Blog

The Security Services Flywheel

Jeff Pollard January 11, 2022
The “Security Services Flywheel” is based on the Disney Flywheel. It serves as an explainer on why security services continue to stay relevant, no matter how sophisticated products get.
Blog

Google Acquisition Of Siemplify Is A Knockout Punch For Standalone SOAR

Allie Mellen January 6, 2022
With this move, the SIEM has irrevocably been altered to s more holistic security analytics platform, incorporating SIEM, SOAR, and SUBA in a single offering.
Blog

Ransomware Affects The Entire Retail Supply Chain This Holiday Season

Allie Mellen December 15, 2021
US online holiday sales grew by 30% in 2020, and Forrester forecasts that it will grow another 10% year over year in 2021. This growth raises the stakes for retail professionals to support the increased demand, which ultimately makes them a prime target for ransomware attackers. Why Should Retailers Pay Attention To Ransomware Preparedness? Ransomware […]
Blog

Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability

Allie Mellen December 13, 2021
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]
Blog

EDR: Only Mostly Dead?

Allie Mellen December 8, 2021
What does the growth of XDR mean for the future of EDR? Find out in our latest EDR market review.
Blog

Introducing The Ransomware Survival Guide

Steve Turner November 11, 2021
Time and time again, we’ve heard these two burning questions from so many organizations: “How do we protect ourselves against ransomware?” and “Where do we start?” We’ve all seen the ransomware “research” landscape — littered with top-10 lists, vendor cure-alls (spoiler: don’t depend on one security tool to completely eradicate ransomware), and so many other […]
Blog

Put These Talks On Your S&R Forum Watchlist

Allie Mellen November 3, 2021
Next week, the Forrester security and risk (S&R) team will host the Forrester Security & Risk Forum on November 9 and 10. This will be the first time I have ever attended a Forrester event, let alone the Forrester Security & Risk Forum. And while I’m disappointed it isn’t in person this year, I’m also thrilled with […]
Blog

CISOs And The Next Era Of Security Visibility: Observability

Jeff Pollard October 18, 2021
For security leaders and practitioners, it seems like developers and IT teams get all the cool toys, and security pros get stuck with the hand-me-downs. Dev was first to cloud, IT followed, and security warily joined in. IT had patch management while security just scanned to see if the patches weren’t there; and security orchestration, […]
Blog

Announcing The First And Only Evaluative Research On XDR — The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021

Allie Mellen October 13, 2021
Over the past three years, there’s been no shortage of hot takes on XDR. From a plethora of vendors across industries to security luminaries laying claim to the term, opinions abound. Yet, until recently, no research established a firm definition of XDR, let alone conducted evaluative research on XDR vendor capabilities. That is why I […]
Blog

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]
Blog

What Security Market Definitions Tell Practitioners

Allie Mellen September 29, 2021
One of the biggest challenges of being a security industry analyst is finding when and how to define new market segments. We both had to do this recently — Jeff with managed detection and response and Allie with extended detection and response (XDR). The most common question we get from security vendors confused as to […]
Blog

Introducing The Forrester New Tech: Extended Detection And Response (XDR) — A Battle Between Precedent And Innovation

Allie Mellen August 2, 2021
Today we released the first Forrester New Tech: Extended Detection And Response (XDR) Providers, Q3 2021. This research gives a market overview of XDR and highlights the value proposition for this emerging technology, the major players in the marketplace, and the primary vendor segments for all 29 vendors that participated. The emergence of XDR has plunged security pros into yet another […]
Blog

XDR FAQ — Frequently Asked Questions On Extended Detection And Response

Allie Mellen July 22, 2021
Learn about the origin, architecture, and applications of extended detection and response (XDR) from analyst Allie Mellen.
Blog

It’s Time For The Infosec Industry To Address Gender Bias And Bullying Head On

Jinan Budge July 11, 2021
The week of June 28 was a big one (not in a good way) for showcasing the persistence and depth of harassment and exclusion for women in cybersecurity. Those on infosec social media were flooded with bikini selfies protesting the harassment that a woman received for posting her own bikini selfie. Men and women took […]
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Blog

The Top Five Lies Security Vendors Tell About The SIEM

Allie Mellen June 16, 2021
Security information and event management systems aren't what they were a decade ago. Here, we dispel a few common misconceptions.
Blog

RSAC 2021: No Silver Bullet To Fight Attrition Warfare, Just Resilience

Allie Mellen May 21, 2021
A question I am asked most every day now is, “Will [insert tool, process, or person here] stop the next SolarWinds?” We all know the answer to that question: It’s truly nothing new — that tool, or process, or headcount may help reduce risk, but you can never confidently say you are 100% protected from […]
Blog

Debunking Infosec Purity And Other Security Myths In The Wake Of Recent Attacks

Sandy Carielli May 21, 2021
Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]
Blog

Biden Executive Order Bets Big On Zero Trust For The Future Of US Cybersecurity

Jeff Pollard May 13, 2021
Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.
Blog

Ransomware: Survive By Outrunning The Guy Next To You

Allie Mellen May 10, 2021
There are two people in a wood, and they run into a bear. The first person gets down on his knees to pray; the second person starts lacing up his boots. The first person asks the second person, “My dear friend, what are you doing? You can’t outrun a bear.” To which the second person […]
More posts