David Holmes
Senior Research Analyst

Author Insights
Blog
SentinelOne Secures Identity First, Deception Second, In Attivo Acquisition
Endpoint security and extended detection and response (XDR) vendor SentinelOne today announced the acquisition of Attivo Networks for just over $600 million. Attivo was a darling of deception technology, but SentinelOne was really after its Active Directory protection portfolio, including ADAssessor and ADSecure. Enterprise identity plays a critical role in the Zero Trust world mandated […]
Blog
Nontraditional DDoS Attacks Are On The Rise
If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a […]
Blog
OMB’s Zero Trust Strategy: Government Gets Good
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog
The Definition Of Modern Zero Trust
At the beginning of 2022, Zero Trust faces a bizarre dichotomy; it’s on the verge of becoming the de facto cybersecurity approach while simultaneously having many security practitioners decry it as “just a marketing ploy.” How did we, as the security community, arrive at such a precarious perch? Part of the problem, according to John […]
Blog
Forcepoint Acquires Bitglass
In its quest to add to its Zero Trust edge (ZTE), also known as secure access service edge (SASE), portfolio, Forcepoint acquired cloud security gateway (CSG), also known as cloud access security broker (CASB), provider Bitglass for a Forrester-estimated $200-300 million last week. Beyond the usual criteria (ability to retain marketing and development talent of Bitglass), […]
Blog
Zero Trust Doesn’t Mean Zero Breaches
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Blog
DDoS Protection Vendors Introduce Welcome Pricing Innovations
A few weeks back, in our DDoS Wave launch blog, we promised you a whole blog dedicated just to DDoS protection pricing innovations. Forrester recently published “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021,” in which we evaluated the 11 most significant distributed denial-of-service (DDoS) vendors on the planet. During our research, we found some […]
Blog
Key Insights From The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021
The summer before I joined Forrester, I volunteered briefly in the local prison library. The work was fulfilling, but it definitely had its prose and cons. Speaking of prose, you’re about to be treated to a lot of it, because we just published “The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021,” and there’s a whole […]
Blog
Take Security To The Zero Trust Edge
Senior Analyst David Holmes introduces Forrester’s new model for security and networking services.
Blog
Smackdown! Enterprise Monitoring Vs. TLS 1.3 And DNS-Over-HTTPS
Technically, the male praying mantis mates for life. If you know anything about the mating habits of the female sex of that particular insect, you now also understand the limitations of the word “technically.” Similarly, technically, TLS 1.3 and DNS-over-HTTPS (DoH) are improvements upon previous technologies that are supposed to improve security. But in reality, […]
Blog
T-Mobile’s Object Lesson For The DDoS Initiate
The T-Mobile DDoS Attack That Wasn’t Yesterday, the internet was atwitter with rumors of a massive distributed denial of service (DDoS) attack against major US carriers. You might have seen scary screenshots from one of the many so-called “pew-pew maps,” like this one: The U.S. is currently under a major DDoS attack. https://t.co/7pmLpWUzUp pic.twitter.com/W5giIA2Inc — […]
Blog
FW4: The Fourth Generation Of Firewalls
The rapid work-from-home shift caused by the COVID-19 pandemic has accelerated the need for a new approach to firewalls. Senior Analyst David Holmes reviews the latest approach and provides insight into FW4.
Blog
Six Aspects To Palo Alto’s Acquisition Of CloudGenix
On March 31, Palo Alto Networks announced the intent to acquire CloudGenix, a software-defined WAN appliance vendor. This was another announcement in a long list from the security and networking industries about merging together SDWAN and security. Such combinations are inevitable because: SDWAN adoption hasn’t matched the hype. Here is a dirty little secret: SDWAN […]
Blog
RSA Conference 2020: The Talks I Want to See
You’ve reached the point in your #infosec career where you get a full conference pass to RSA. Not coincidentally, this means you are now so busy every day that you don’t have the time to preview the RSA full conference schedule to map out interesting talks. If you fail to get that prep work done, you can cheat by looking at my list — I had chosen these for my […]
Blog
Check Point’s CPX 360 2020 Conference In New Orleans — Secure Your Everything
Veteran firewall vendor Check Point Software Technologies (hereafter Check Point or CP) held the US edition of its 2020 CPX 360 conference this week in New Orleans. The event gave industry analysts a chance to see what Check Point has been up to. The theme of this year’s CPX 360 is “Secure Your Everything,” a narrative […]
Blog
The F5 Acquisition Of Shape Security
David Holmes formerly worked for both F5 Networks and Shape Security. The F5 Networks acquisition of Shape Security marked the third time in a year that a web application firewall (WAF) vendor purchased a bot management solution, as fellow Forrester analyst Sandy Carielli noted in her blog (The WAF-Bot Management Acquisition Waltz). The other two […]
Blog
Retailers, Prepare Wisely: DDoS Remains A Holiday Threat
A distributed denial of service attack can turn a retailer's holiday season from merry to miserable. Learn how to protect yourself.
Blog
Five Key Resources For Cybersecurity Awareness Month
Get five new resources for cybersecurity threat management in your enterprise.
Blog
Meet Your New Security Research Analyst
Meet David Holmes, the new analyst on the security and risk team.