CISO Trends
The chief information security officer (CISO) role is growing in importance and remit. Discover the latest trends and analysis for CISOs and information security leaders.
Insights
Blog
Get Your Zero Trust Initiative Back On Track With Forrester’s Zero Trust RASCI Chart
One of the biggest challenges to a Zero Trust journey can be misalignment between teams. Learn how our Zero Trust RASCI Chart can help define roles and responsibilities across the core domains of Zero Trust.
Blog
Splunk .conf25: Cisco, AI, And Data
The 10th annual Splunk .conf took place in Boston recently. From the opening keynote to various new product releases and enhancements, get a full review of the event in this post.
The Countdown To 2026 Predictions Has Begun
Don’t miss your chance to lead with confidence. Get early access to Forrester’s expert guidance across marketing, CX, digital, tech, and security.
Blog
Announcing The Forrester Wave™: IoT Security Solutions, Q3 2025
IoT devices are a normal part of business and personal life. In enterprises, it is estimated that there are between six and 10 IoT devices for each employee, ranging from long-standing devices, such as printers and cameras, and industry-specific devices like warehouse scanners and medical infusion pumps to modern air quality monitors and soil moisture […]
Blog
Vibe Hacking And No-Code Ransomware: AI’s Dark Side Is Here
CISOs must recognize that AI is enabling attackers to scale operations quickly with minimal technical skill. Learn how this is happening and get four key takeaways to better defend your organization in this new era.
Blog
Lessons From Technology & Innovation Summit APAC’s Forrester Women’s Leadership Program: Choose Your Advisors, And Nuggets Of Advice, Wisely
A room full of people gathered as part of our Forrester Women’s Leadership Program to celebrate successes and posit solutions for the many challenges that women face in this field. The theme? “Choose your advisors — and nuggets of advice — wisely.”
Blog
Ongoing Government Uncertainty Around Cybersecurity Initiatives Is Putting Your Business At Risk
Government instability is undermining key cybersecurity programs like CyberSentry and MITRE’s CVE cataloging, putting critical infrastructure and business operations at risk. This post explores how funding cuts and conflicting AI directives are creating dangerous gaps in threat detection and response.
Blog
Black Hat 2025: Troop Forrester Goes To Hacker Summer Camp
2025 marks the 28th year of Black Hat, and although it remains on the edgier side of corporate-focused cybersecurity conferences, it sometimes feels like the event is considering completely ditching its hoodie in favor of a collared shirt.
Master Risk And Lead Through Uncertainty
Attend our Security & Risk Summit to get insider access to frameworks and tools that help security professionals navigate AI attacks, understand quantum risks, and redefine resilience.
Blog
Black Or Blue, Microsoft’s Quick Machine Recovery Might Be Able To Soften That Bruise
Windows 11’s new Quick Machine Recovery and kernel-space security changes mark a turning point in enterprise resilience. As Windows 10 nears retirement, these features offer IT leaders compelling reasons to upgrade beyond just compliance.
Blog
Announcing The Forrester Wave™: Privileged Identity Management Solutions, Q3 2025
Learn three important factors to consider when planning a privileged identity management (PIM) deployment or enhancement in this preview of our new report on the PIM solution market.
Blog
Introducing AEGIS — The Guardrails That CISOs Need For The Agentic Enterprise
AI agents aren’t coming — they’re already here. And they’re not waiting for your security architecture to catch up. Learn how Forrester's new AEGIS framework can help CISOs secure, govern, and manage AI agents and agentic infrastructure.
Blog
Palo Alto Networks Enters The Identity Security Market With $25B Purchase Of CyberArk
The third-largest cybersecurity M&A deal in history makes sense in some respects, but the track record on mega security and identity tie-ups is incomplete and unproven.
Blog
Microsoft Retires Password Management In Authenticator
Microsoft’s move to gradually retire password management capabilities in its Authenticator application will have three immediate effects.
Blog
Announcing The Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025
Vulnerability management is undergoing a seismic shift. The risk-based prioritization from vulnerability risk management (VRM) has combined with attack surface management (ASM) to form exposure management and continuous security testing — two emerging practices that prioritize visibility and prioritization over remediation and response.
Podcast
Fear In B2B Buying, Future Of Experiences, Cisco Live Recap
In this episode of What It Means, we dig into fear as a motivator in the B2B buying process, the human-centric future of digital experiences, and what CISOs need to know coming out of Cisco Live.
Blog
Pause Innovation Now And Pay The Price Later: Why AI Readiness Can’t Wait
Even as volatility abounds, business and technology leaders must stay laser-focused on building a strong AI foundation. The first blog in our new quarterly Bold Stances series offers some guidance.
Blog
Key Takeaways From Cisco Live 2025: Cisco’s Big Bets For Unified Security And AI
Cisco Live 2025 Focused On Three Main Themes: AI, Simplification, And Security At its annual Cisco Live event, the company delivered a clear message: It’s operationalizing AI across the core pillars of networking, security, and observability. Building on last year’s momentum with innovations like Hypershield and Splunk integration, the company has framed its vision around […]
Blog
You Don’t Need To Be Ethan Hunt To Break Into A Building
In today’s hyper-connected buildings, cybercriminals don’t need grappling hooks or disguises — just a vulnerable thermostat or door lock to breach your defenses and disrupt your operations.
New For 2026! Security Budget Planning Guide + Workbook
Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times.
Blog
When You Can’t Change The Technology, Change Your Security Policies
When you can’t change the security of external technologies such as IoT, OT, or power infrastructure, you must adapt your internal cybersecurity policies and controls to mitigate the risks that they introduce.
Blog
Decoding The Naming Game: Why Standardizing Threat Actor Names Alone Won’t Enhance Your Security Posture Or Response
Microsoft, CrowdStrike, Palo Alto Networks, and Mandiant recently announced a new initiative to create an aggregate and standardized glossary of threat actors. Learn the benefits and limitations of standardizing threat actor names.
Blog
Announcing The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025
The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025, is live — and it looks a bit different from its predecessor in 2023.
More posts