Application Security

Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.

Discover how Forrester supports technology executives.

Insights

Blog

Not Even Banana Ball Is Immune To Bad Bots

Sandy Carielli July 1, 2024
What do the Savannah Bananas have to do with our new report on bot management and operators? Find out in this blog.
Blog

Forrester’s AI Webinar Series: Navigate The Choppy And Exciting Waters Of Enterprise AI

Sudha Maheshwari June 7, 2024
AI is having — and will continue to have — a profound impact on how data scientists, software engineers, and other job functions perform their roles. Get tips on how to define, build, and implement your enterprise AI strategy with the help of Forrester's AI Advantage client webinar series.

Conquer Your GenAI Security, Risk & Privacy Fears

Learn how to identify and manage enterprise genAI risk across models, APIs, and applications — and follow paths to secure, trusted adoption.

Blog

Ludicrous Speed — Because Light Speed Is Too Slow To Secure Your Apps

Janet Worthington June 7, 2024
Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.
Blog

The State Of Cybersecurity Innovation: RSA Conference 2024

Heidi Shey May 20, 2024
RSAC gives security startups two structured opportunities to distinguish themselves, and Forrester always finds it revealing to see which startups make the cut.
Blog

Forrester’s RSAC 2024 Themes, Takeaways, And Observations

Jeff Pollard May 15, 2024
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
Podcast

Top Cybersecurity Threats In 2024

What It Means May 2, 2024
In today’s cybersecurity environment, threat detection is key. In this episode, Principal Analyst Brian Wrozek and Senior Analyst Janet Worthington discuss the top five cybersecurity threats in 2024 and how organizations can protect themselves. 
Blog

Announcing Forrester’s Security & Risk Enterprise Leadership Award

Stephanie Balaouras May 1, 2024
We have opened the call for our annual Security & Risk Enterprise Leadership Award. This award recognizes organizations that have transformed the security, privacy, and risk management functions into capabilities that fuel long-term success. Learn more about the award and how to apply.

Strenthen Security Operations With Agile SecOps

Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.

Blog

It Ain’t Just AI: What We Saw At Google Cloud Next

Lee Sustar April 16, 2024
Google recently held its Google Cloud Next conference four months early to unveil new AI offerings and upstage its rivals. Get a detailed review of all of the announcements at the event in this post.
Blog

What To Know: A Retrospective Of 2023’s Top Breaches And Fines

Sandy Carielli February 28, 2024
After a retrospective review of the largest publicly reported breaches and privacy violations in 2023, here's what you need to know for 2024.
Blog

Lessons Learned From Another Year Of Sponsoring Women To Attend S&R Forum

Allie Mellen December 21, 2023
Learn three key lessons from our partnership with Women in Security and Privacy (WISP) in sponsoring attendees at our Security & Risk Forum.
Blog

Predictions 2024: A Lethargic Enterprise Software Market Goes Cutting-Edge

Linda Ivy-Rosser October 30, 2023
In 2024, we’ll see SaaS sales hit 75%, genAI drive modernization efforts, and at least one vendor megadeal. Learn more in Forrester’s 2024 enterprise software predictions.
Blog

The CISO And CIO Microsoft Security Dilemma: Fend Off Or Learn To Love?

Jeff Pollard September 28, 2023
Should CISOs fend off Microsoft to keep their preferred products or embrace consolidation? Find out in this blog.
Blog

Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws

Janet Worthington September 21, 2023
Full stack developers are concerned with accessibility, usability, reliability, scalability, and performance. So, who's responsible for the security of an application?
Webinar

Enhance Your Security Operations Practice With Agile And Detection Engineering

Get a deep dive on detection engineering in security operations. Hear Forrester advice on best practices and the use of detection–as–code. 
Blog

Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy

Sandy Carielli September 11, 2023
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog

Rubrik Acquires Laminar: Data Resilience And Security Join Forces

Heidi Shey August 22, 2023
As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments. Modern Data Resilience Is Increasingly A Cybersecurity Issue […]
Blog

Seize The Opportunity: The Security & Risk Enterprise Leadership Award 2023

David Levine August 22, 2023
Last month, Forrester announced its inaugural Security & Risk Enterprise Leadership Award. As former CISOs, my Forrester colleague Brian Wrozek and I are sharing our thoughts about why you should apply. There are tangible benefits to you, your team, your organization, and the greater security community. You should apply — and apply now — for […]
Blog

Black Hat USA 2023: Insights From Our Short Vegas Residency

Jeff Pollard August 21, 2023
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog

Thales To Acquire Imperva: Building This Dream House Won’t Be Easy

Heidi Shey July 25, 2023
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Blog

To Secure Kubernetes, Think Beyond Kubernetes

Sandy Carielli June 22, 2023
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]
More posts