Application Security
Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.
Insights
Blog
Serverless Functions Hold A Lot Of Promise … And Potential Security Flaws
A full-stack developer must program in HTML/CSS and JavaScript as well as be responsible for back-end development of sever-side processes for data storage and retrieval, business logic tasks, authentication, and integration with third-party APIs in programming languages such as Go, .NET, Java, Rust, and Node.js. In addition, full-stack engineers must be knowledgeable about development and […]
Webinar
How To Enhance Your Security Operations Practice With Agile And Detection Engineering
Join us on Sept. 27 for a deep dive on detection engineering in security operations. Hear Forrester advice on best practices and the use of detection–as–code.
Stay Ahead of Threats with These Cutting-Edge Detection Engineering Practices
Join us on Sept. 27 for a live webinar to learn how to enhance your security operations practice with agile and detection engineering practices.
Blog
Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog
Rubrik Acquires Laminar: Data Resilience And Security Join Forces
As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments. Modern Data Resilience Is Increasingly A Cybersecurity Issue […]
Blog
Seize The Opportunity: The Security & Risk Enterprise Leadership Award 2023
Last month, Forrester announced its inaugural Security & Risk Enterprise Leadership Award. As former CISOs, my Forrester colleague Brian Wrozek and I are sharing our thoughts about why you should apply. There are tangible benefits to you, your team, your organization, and the greater security community. You should apply — and apply now — for […]
Blog
Black Hat USA 2023: Insights From Our Short Vegas Residency
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog
Thales To Acquire Imperva: Building This Dream House Won’t Be Easy
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Strenthen Security Operations With Agile SecOps
Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.
Blog
To Secure Kubernetes, Think Beyond Kubernetes
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]
Blog
Announcing Forrester’s Security & Risk Enterprise Leadership Award
Forrester is thrilled to announce its inaugural Security & Risk Enterprise Leadership Award, which will recognize security organizations that have transformed the security, privacy, and risk management functions to fuel long-term success. Learn how to apply here.
Blog
Shift-Everywhere Is The Bullet Train To Secure Software
Application security is in the spotlight with continued breaches due to the vast attack surface applications and their ecosystems provide.
Blog
Static Application Security Testing (SAST) Tools Evolve To Keep Pace With Modern Application Delivery
We looked at the top 50 undergraduate computer science programs in the US and found that none require a secure coding or secure application design class. Although 18% did offer electives in secure coding or application security, it’s fair to say that teaching undergrads to develop secure code is not a top priority. Static application […]
Blog
The CNAPP Product Category is Getting Crowded With Capabilities
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Don't Get Misled By Unrealistic AI And Security Expectations
Learn the truth behind ML’s madness, how AI and security (really) work in detection and response, and red-flag claims to avoid.
Blog
The World Lags With SBOM Requirements, But Likely Not For Long
The US Executive Order on Improving the Nation’s Cybersecurity ignited an evolution in software supply-chain security that breaches such as the ones on SolarWinds and Colonial Pipeline fueled. Putting teeth behind the Executive Order, an Office of Management and Budget September 2022 memorandum allows agencies to request a software bill of materials (SBOM) from suppliers. […]
Blog
Protecting Against The Top Cybersecurity Threats In 2023 Requires A Balanced Approach
Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.
Blog
Avoid A Bot Waterloo
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog
Product Management And Security Collaboration Benefits More Than Product Security
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog
2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Seven Steps To Bolstering Network Security With Zero Trust Edge
Watch this video to break down vendor ZTE hype and learn how to implement it across all endpoints in an enteprisewide networking fabric.
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
When It Comes To Zero Trust, Nobody Puts Appsec In A Corner
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Blog
Responding To The Cybersecurity Signal In The Sky, A Hero Steps Out Of The Shadows: Software Composition Analysis
Software composition analysis (SCA) has lived for many years in the shadow of static application security testing (SAST) and dynamic application security testing (DAST) tools that have commanded bigger budgets, stakeholder attention, and vendor competition. This changed in May of 2021 when President Biden called on the public and private sector to secure the US […]
More posts