Allie Mellen
Principal Analyst
Author Insights
Blog
MITRE-geddon Averted, But Fragility In CVE Processes Remains
This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.
Blog
Government Leaders: Prioritize Cyber Efficiency Amid Federal Volatility
Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]
Blog
Forrester’s Top Threats For 2025
2025 started with a bang! Technology and geopolitics are changing so fast that many can’t keep track of the latest trends, with an announcement of new, benchmark-shattering genAI-related tech seemingly every week.
Blog
Generative AI Innovation In Security Tools Is Finally Getting Interesting
The core themes of The-C2 conference in London were artificial intelligence, supply chain security, and cyber hygiene. Get a closer look at how these themes may impact security professionals in this recap.
Blog
Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Blog
Cybersecurity’s Latest Buzzword Has Arrived: What Agentic AI Is And Isn’t
As vendors come out of the woodwork announcing their “agentic AI” innovations, we explore what the term truly encompasses and what is hype.
Blog
How I Apply Third-Party Lab Results In My Security Operations Research
Last week, I attended the AV-Comparatives conference in Innsbruck, Austria. This conference brought together many cybersecurity vendors, particularly those with a European focus, as well as a few nonprofits, academic institutions, and analyst firms.
Blog
Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes
MITRE released its latest Enterprise MITRE ATT&CK Evaluations in December of 2024. At that time, we published a blog with a quick overview of the results. Today, we’re excited to announce that we have released three new pieces of research about this round of evaluations.
Blog
DeepSeek Just “Opened” The Path To AI ROI
DeepSeek’s open-source model, DeepThink (R1), has sent shock waves across the tech world. But there are far-reaching implications to this important AI development.
Blog
Highlights And Implications Of Biden’s Executive Order On Strengthening And Promoting Innovation In The Nation’s Cybersecurity
Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.
Blog
Don’t Trust Vendor Claims About Getting 100% On The MITRE ATT&CK Evaluations
The MITRE Engenuity ATT&CK Evaluations 2024 results are out. Get a detailed review in this preview of an upcoming report.
Blog
If You’re Not Using Data Pipeline Management For Security And IT, You Need To
Data ingestion into security information and event management (SIEM) have been too expensive for too long. Find out what's driving up the cost and how to manage it better in this post.
Blog
Predictions 2025: AI’s Mishaps And Patchy Rules Lead To Uneven Pockets Of Trust
Patchy AI standards and regulations across the globe will result in some organizations faring better than others when it comes to building and maintaining trust. Learn more in this preview of our 2025 trust predictions.
Blog
Apply For The 2024 Forrester Security & Risk Summit Scholarship Today
Forrester is once again partnering with Women in Security and Privacy to provide free admission to our Security & Risk Summit for four women looking to break into cybersecurity. Learn the details and find out how to apply for the scholarship here.
Blog
CrowdStrike Holds Its Fal.Con Conference As It Tries To Move On From July 19
Here are the top things you need to know coming out of CrowdStrike's recently held Fal.Con user conference, just two months after its config update took down 8.5 million Windows endpoints.
Blog
The Shakedown From Black Hat USA, 2024
What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.
Blog
Falcon Fallout: What’s Next For CrowdStrike, Competitors, And CISOs
The July 19 CrowdStrike Falcon outage created major trust issues for the company and the broader security market. What's next for CrowdStrike? Find out as we make several predictions on where the company will go next.
Blog
The CrowdStrike Moment Calls For A Redefinition Of Business Resilience
Crises such as the one triggered by CrowdStrike's global outage shine a bright light on many aspects of business and technology. Our new report provides a thorough overview of recommended actions for tech leaders as they face the unfolding long-term repercussions.
Blog
CrowdStrike Global Outage: Critical Next Steps For Tech And Security Leaders
Technology leaders woke up this morning to find that a software update by cybersecurity vendor CrowdStrike had gone badly wrong. Get updates on the steps that your organization should take now and in the long term as a result of the CrowdStrike outage.
Blog
And So It Begins: Insights From Splunk’s First .conf With Cisco
The big question at the Splunk annual user conference — .conf — was simple: What will happen to Splunk in the wake of the Cisco deal? Find out if the question got answered in this review of the conference.
More posts