Vulnerability

Insights

Blog

Microsoft Announces Defender Vulnerability Management

Erik Nost 2 days ago
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog

Plan Your Response To CISA Emergency Patching Directives

Erik Nost 5 days ago
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
Blog

Meet The New Analyst Covering Vulnerability Risk Management: Erik Nost

Erik Nost May 11, 2022
What Topics Will You Be Covering at Forrester? I am very excited to be covering vulnerability risk management (VRM) at Forrester, including threat modeling and management and penetration testing. Some of the areas in VRM that I hope to explore include: Vulnerability risk prioritization, especially with new “zero days” hitting at what seems like every […]
Blog

Nontraditional DDoS Attacks Are On The Rise

Heath Mullins March 10, 2022
If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a […]
Blog

The Top Seven Most Misused Terms In Cybersecurity

Allie Mellen February 23, 2022
When vendors or practitioners use different words to communicate the same thing, confusion ensues. Let's take steps toward settling on a common vocabulary.
Blog

Savvy Cybersecurity Programs Focus On Competence, Integrity, And Empathy

Jeff Pollard February 7, 2022
As of July 31, 2021, the FBI’s Internet Crime Complaint Center saw a 62% increase in reported ransomware incidents compared with the same time frame in 2020. Intrusions in environments spanned various types of infrastructure, with 35% exploiting software vulnerabilities and 32% using supply chains and third parties to obtain unauthorized access, per Forrester data. […]
Blog

Announcing Forrester’s New Research On Attack Surface Management

Jess Burn January 12, 2022
As I watched the December 2021 Log4j situation unfold (and it continues … ), the importance of IT asset visibility couldn’t have been clearer. So many security and IT teams struggle to maintain much-needed visibility into an increasingly complex and distributed IT environment because so much of an organization’s estate is unknown or undiscovered due […]
Blog

Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability

Allie Mellen December 13, 2021
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]