Security Operations

Insights

Blog

Stop Dumping Your Budget Dollars Down The Drain For Network Visibility

Steve Turner 4 days ago
As I’ve talked to numerous organizations about their Zero Trust journeys, one thing has stood out quite clearly: Security teams are struggling to understand what’s happening on their networks. While Zero Trust demands that you design your security architecture to protect everything in your organization as if it’s connected directly to the internet, the reality […]
Read More
Blog

CISOs And The Next Era Of Security Visibility: Observability

Jeff Pollard 6 days ago
For security leaders and practitioners, it seems like developers and IT teams get all the cool toys, and security pros get stuck with the hand-me-downs. Dev was first to cloud, IT followed, and security warily joined in. IT had patch management while security just scanned to see if the patches weren’t there; and security orchestration, […]
Read More

Security & Risk

Learn how to leverage trust to win, grow, and retain customers at our Security & Risk event Nov. 9–10.

Blog

Announcing The First And Only Evaluative Research On XDR — The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021

Allie Mellen October 13, 2021
Over the past three years, there’s been no shortage of hot takes on XDR. From a plethora of vendors across industries to security luminaries laying claim to the term, opinions abound. Yet, until recently, no research established a firm definition of XDR, let alone conducted evaluative research on XDR vendor capabilities. That is why I […]
Read More
Blog

What Security Market Definitions Tell Practitioners

Allie Mellen September 29, 2021
One of the biggest challenges of being a security industry analyst is finding when and how to define new market segments. We both had to do this recently — Jeff with managed detection and response and Allie with extended detection and response (XDR). The most common question we get from security vendors confused as to […]
Read More
Blog

XDR FAQ — Frequently Asked Questions On Extended Detection And Response

Allie Mellen July 22, 2021
Learn about the origin, architecture, and applications of extended detection and response (XDR) from analyst Allie Mellen.
Read More
Blog

COVID-19 Drives Delivery Model Transformation And A Sustainability Revolution In The Security Consulting Space

Paul McKay July 1, 2021
“The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021,” launched today. Fifteen firms are featured in this report, representing a cross section of large international security consulting providers and more regionally based security pure plays. The European security consultancy market has seen a large transformation in the past 16 months in how it delivers value […]
Read More
Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Read More
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Read More
Blog

The Top Five Lies Security Vendors Tell About The SIEM

Allie Mellen June 16, 2021
Security information and event management systems aren't what they were a decade ago. Here, we dispel a few common misconceptions.
Read More
Blog

Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye

Jeff Pollard June 3, 2021
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]
Read More
Blog

The Death And Life Of The Stand-Alone Solution

Jess Burn May 10, 2021
While automated malware analysis and network intrusion detection systems remained in our Divest category, three more technologies joined them this year: data loss prevention, managed security service providers, and security user behavior analytics. Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on in within larger, more comprehensive solutions.
Read More
Blog

XDR Defined: Giving Meaning To Extended Detection And Response

Allie Mellen April 28, 2021
Conflicting definitions of extended detection and response (XDR) have plagued cybersecurity tech buyers. Read Forrester's unbiased explanation of what XDR is, its relationship to SIEM, and other common questions.
Read More
Blog

“Winning” MITRE ATT&CK, Losing Sight Of Customers

Jeff Pollard April 22, 2021
Are the results of a MITRE ATT&CK evaluation a good gauge of a vendor's effectiveness? Maybe. Vice President and Principal Analyst Jeff Pollard explains how to use the results in your vendor analysis.
Read More
Blog

Degree Requirements Are Poisoning Your Cybersecurity Talent Pool

Steve Turner April 22, 2021
There’s no shortage of obstacles holding back folks from finding meaningful employment in the cybersecurity sector. Some of these obstacles are imposed by human resources policies and the software used to automatically scan through resumes in a game of electronic buzzword bingo, one of the most insidious of these being the requirement of a college […]
Read More
Blog

2021 Brings New Security Challenges And Regulations For European CISOs

Paul McKay March 31, 2021
Learn three key shifts European CISOs are making to address the COVID-19 pandemic and new regulations.
Read More
Blog

MSSP Is The Eighth Word You Can’t Say On TV

Jeff Pollard March 24, 2021
“The Forrester Wave™: Managed Detection And Response, Q1 2021” is now live — and this is a seriously impressive group of vendors. I want to give a sincere thanks to them all for the effort and work they put into it. Vendors don’t always agree on things — especially with competitors. But one thing quite […]
Read More
Blog

Meet The New Analyst Covering SecOps: Allie Mellen

Allie Mellen February 16, 2021
Tell Us About You I have a background in computer engineering, and over the past 10 years I’ve been in engineering and consulting roles at organizations like MIT and a variety of startups. I live in New York City and love to read, do yoga, and learn new languages. In normal, non-pandemic times, I’m an avid traveler, though that has obviously […]
Read More