Jeff Pollard

VP, Principal Analyst

Forrester Bio

Jeff Pollard

Author Insights

Blog

Microsoft Launches MDR And Hops On The Everything-As-A-Service Bandwagon

Jeff Pollard May 10, 2022
Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.
Blog

Announcing Analyst Experience: SOC Analysts Finally Escape The Shackles Of Bad UX

Jeff Pollard April 18, 2022
The toughest battle SOC analysts face every day should not be with the technology they use. Analyst Experience (AX) will help solve that problem.
Blog

Our 2022 Top Recommendations For Your Security Program: CISOs Get An Offer They Can’t Refuse

Jeff Pollard April 6, 2022
The Coppola classic has a few surprising parallels with today's chief information security officer.
Blog

Neem de volgende stappen om u goed voor te bereiden op het cyberveiligheidseffect van de oorlog in Oekraïne

Paul McKay March 29, 2022
Neem de volgende stappen om u goed voor te bereiden op het cyberveiligheidseffect van de oorlog in Oekraïne
Blog

Mit diesen Schritten können Sie sich auf die Auswirkungen des Krieges in der Ukraine auf die Cybersicherheit vorbereiten und entsprechend handeln

Paul McKay March 29, 2022
11 Schritte, die Sie jetzt tun können, um Ihre Risiken und die Gefährdung durch Cyber-Bedrohungen im Zusammenhang mit dem Krieg zu verringern.
Blog

Mesures Pour Vous Préparer Et Gérer Les Effets Sur La Cybersécurité De La Guerre En Ukraine

Paul McKay March 28, 2022
Onze choses que vous pouvez faire maintenant pour réduire vos risques et votre exposition aux cybermenaces liées à la guerre.
Blog

Okta Lapsus$ Compromise: How To Make Sure You’re Protected

Merritt Maxim March 24, 2022
On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]
Blog

Nontraditional DDoS Attacks Are On The Rise

Heath Mullins March 10, 2022
If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a […]
Blog

Chronicles Of Mandiant: Google Put A Ring On It

Jeff Pollard March 8, 2022
Mandiant trades up from FireEye and finds a home within Google Cloud Platform.
Blog

Take These Steps To Prepare For And Handle The Cybersecurity Effects Of The War In Ukraine

Paul McKay February 28, 2022
Eleven things you can do now to reduce your risks and exposure to the cyber threats related to the war.
Blog

The Top Seven Most Misused Terms In Cybersecurity

Allie Mellen February 23, 2022
When vendors or practitioners use different words to communicate the same thing, confusion ensues. Let's take steps toward settling on a common vocabulary.
Blog

To Earn Customer Trust, Sell Secure Products

Sandy Carielli February 11, 2022
Get tips on how improving application security can help you secure your products and retain the trust of your customers.
Blog

Cybersecurity And Privacy Are Top Of Mind For Tech Execs

Jeff Pollard February 9, 2022
Get a preview of some new Forrester research to help evolve your cybersecurity and privacy practices to meet new threats and ensure confident customer and employee interactions.
Blog

Savvy Cybersecurity Programs Focus On Competence, Integrity, And Empathy

Jeff Pollard February 7, 2022
As of July 31, 2021, the FBI’s Internet Crime Complaint Center saw a 62% increase in reported ransomware incidents compared with the same time frame in 2020. Intrusions in environments spanned various types of infrastructure, with 35% exploiting software vulnerabilities and 32% using supply chains and third parties to obtain unauthorized access, per Forrester data. […]
Blog

OMB’s Zero Trust Strategy: Government Gets Good

David Holmes February 1, 2022
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog

The Security Services Flywheel

Jeff Pollard January 11, 2022
The “Security Services Flywheel” is based on the Disney Flywheel. It serves as an explainer on why security services continue to stay relevant, no matter how sophisticated products get.
Blog

Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability

Allie Mellen December 13, 2021
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]
Blog

Facebook Shuts Down Face Recognition System On Its Platform

Merritt Maxim November 4, 2021
Facebook's recently announced its decision to no longer use facial recognition in its platform. What does that mean for the long-term?
Blog

Forrester’s Security & Risk 2021 Preview: Secure What You Sell Goes Mainstream

Sandy Carielli November 4, 2021
Before I joined Forrester, my colleagues Jeff Pollard and Amy DeMartine initiated our product security research, leading to our first report on the topic, Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers. In those bygone days of 2018 and 2019, we identified that: Forrester was the first to market with this […]
Blog

Put These Talks On Your S&R Forum Watchlist

Allie Mellen November 3, 2021
Next week, the Forrester security and risk (S&R) team will host the Forrester Security & Risk Forum on November 9 and 10. This will be the first time I have ever attended a Forrester event, let alone the Forrester Security & Risk Forum. And while I’m disappointed it isn’t in person this year, I’m also thrilled with […]
More posts