Cybersecurity Trends

Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.

Users get to make their own choices about security and privacy when using Apple devices, not carriers, application developers, or advertisers.

Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]

Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.

While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.

The fact is, no business can stop every breach. So is it time to shift to a “post-breach” resilience strategy? Analyst Allie Mellen thinks so. This week, she discusses the best — and worst — security practices from various global regions.

Since publishing my first report on attack surface management (ASM), Find And Cover Your Assets With Attack Surface Management (one of my favorite titles to date), the market has taken off in a number of different directions and developed several flavors — and acronyms. Forrester defines ASM overall as follows: The process of continuously discovering, […]

To succeed with a security orchestration, automation, and response (SOAR) offering, outline how you'll use it first.

Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]

The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.

Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.

Hello, my name is Fahad Ehsan, and I am the newest analyst on the Forrester’s security and risk team. I will be joining Frederic Giron, Jinan Budge, and David Holmes, conducting research on managed security service providers, vulnerability management, Zero Trust, and cloud security. Tell Us About Yourself I was born and raised in Lahore, […]

BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.

The toughest battle SOC analysts face every day should not be with the technology they use. Analyst Experience (AX) will help solve that problem.

Nearly two-thirds of organizations were breached in the past year, and it cost them an average of $2.4 million per breach. Our recent survey results dive into these and other findings.

The Coppola classic has a few surprising parallels with today's chief information security officer.

An entry-level cybersecurity role has requirements much closer to an intermediate one, our research shows. What else should security leaders keep in mind to attract the right candidates?

We’ve all been on a site visit to a managed security services (MSS) provider’s security operations center (SOC), where your prospective MSS provider shows you yet another set of screens with big “pew-pew maps” with little dots and lines going haywire where it has seen cyberattacks. These maps are about as useful as an NFT: […]

The security awareness and training (SA&T) market has been stagnant for so long, with the last major disruption as far as I can tell being the introduction of phishing simulations about a decade or so ago. Since then, the industry seems to have seen a slow and steady evolution from ticking boxes to meet a […]