Sandy Carielli
VP, Principal Analyst
Author Insights
Blog
MITRE-geddon Averted, But Fragility In CVE Processes Remains
This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.
Blog
WAFs Are Now The Center Of Application Protection Suites
Although not a new technology by any stretch, web application firewall (WAF) solutions continue their evolution. Today, WAF solutions are cloud-based and protect applications and APIs in hybrid and multicloud environments. WAF solution vendors have expanded their remit to address API attacks and layer 7 DDoS and are working to integrate WAFs with bot management, […]
Blog
Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Blog
Quantum Security Isn’t Hype — Every Security Leader Needs It
The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.
Blog
Technology And Security Predictions: Your Questions Answered
Couldn’t make the recent webinar covering our 2025 technology and security predictions? Check out the webinar replay and read our analysts’ responses to some of the most pressing attendee questions about the year ahead.
Blog
Rose-Colored Glasses Hide All The Red Flags: Advice From The S&R Forrester Women’s Leadership Program
As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of the Forrester Women’s Leadership Program to celebrate successes and solve for the many challenges that women face in this field. The theme? “To propel your career in security and risk, choose your advisers and nuggets of advice wisely.”
Blog
Retailers: Adopt Three Application Security Technologies Now
Three application security technologies are key for retailers to adopt before the holiday season.
Blog
Let’s Debunk Some Application Threat Modeling Myths!
Application threat modeling has gotten a bad rap over the years but security leaders need to get over the myths and implement it. Learn three of the most common misconceptions around application threat modeling in this preview of a new report and session at our upcoming Security & Risk Summit.
Blog
The Shakedown From Black Hat USA, 2024
What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.
Blog
Not Even Banana Ball Is Immune To Bad Bots
What do the Savannah Bananas have to do with our new report on bot management and operators? Find out in this blog.
Blog
Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog
Fortinet Acquires Lacework
After a previous sale fell through, Fortinet has announced the acquisition of Lacework for an undisclosed amount, catching some customers by surprise. Get a detailed analysis of the deal including side-by-side product comparisons in this post.
Blog
Ludicrous Speed — Because Light Speed Is Too Slow To Secure Your Apps
Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.
Blog
High-Performance-IT: Sicherheitsverantwortliche treten dem Chat bei
Sie haben von High-Performance-IT gehört. Erfahren Sie jetzt, wie der CISO und die Sicherheitsorganisation in dieses neue Technologiemodell passen.
Blog
What To Know: A Retrospective Of 2023’s Top Breaches And Fines
After a retrospective review of the largest publicly reported breaches and privacy violations in 2023, here's what you need to know for 2024.
Blog
High-Performance IT: Security Enters The Chat
You've heard about high-performance IT. Now learn how the CISO and the security organization fits into this new technology model.
Blog
Are Your Bot Management Tools Up To Date For Handling The Holiday Season?
Learn why you need to meet with your bot management provider now to handle the holiday season.
Blog
Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog
Thales To Acquire Imperva: Building This Dream House Won’t Be Easy
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Blog
To Secure Kubernetes, Think Beyond Kubernetes
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]
More posts