Cybersecurity Trends

Stay up-to-date on the cutting edge of cybersecurity with insights on Zero Trust, vendors, regulations, and other privacy & security topics.

Insights

Blog

US Federal Government Continues Cybersecurity Leadership With New OMB Memo

Heath Mullins July 29, 2022
The guidance in the new memorandum enables federal civilian agencies to properly assign cyber-initiative funding toward the most critical areas. Here, we take a closer look.
Blog

Threat Hunting 101: A Human-Led Exercise

Jeff Pollard July 20, 2022
Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.

Federal Zero Trust Or Bust?

Learn the three steps to federal Zero Trust compliance.

Blog

Choose Apple Lockdown Mode, Choose Security

Paddy Harrington July 12, 2022
Users get to make their own choices about security and privacy when using Apple devices, not carriers, application developers, or advertisers.
Blog

NIST PQ: “Lattice” Pick A Winner

Sandy Carielli July 7, 2022
Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]
Blog

Practice Empathy To Reduce Insider Risk

Joseph Blankenship June 15, 2022
Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.
Blog

The Reaper Comes For Cyber Unicorns

Jeff Pollard June 13, 2022
While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.
Podcast

The Best And Worst Security Practices From Around The World

What It Means June 9, 2022
The fact is, no business can stop every breach. So is it time to shift to a “post-breach” resilience strategy? Analyst Allie Mellen thinks so. This week, she discusses the best — and worst — security practices from various global regions.

US Public Sector Predictions 2022

Discover how the President's Management Agenda will shape agencies' priorities in 2022.

Blog

The ASM Landscape Is Shifting Under Our Feet — As Are The Acronyms

Jess Burn June 2, 2022
Since publishing my first report on attack surface management (ASM), Find And Cover Your Assets With Attack Surface Management (one of my favorite titles to date), the market has taken off in a number of different directions and developed several flavors — and acronyms. Forrester defines ASM overall as follows: The process of continuously discovering, […]
Blog

Planning Is Paramount When Adopting SOAR

Allie Mellen May 25, 2022
To succeed with a security orchestration, automation, and response (SOAR) offering, outline how you'll use it first.
Blog

Microsoft Announces Defender Vulnerability Management

Erik Nost May 23, 2022
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog

Plan Your Response To CISA Emergency Patching Directives

Erik Nost May 20, 2022
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
Blog

Microsoft Launches MDR And Hops On The Everything-As-A-Service Bandwagon

Jeff Pollard May 10, 2022
Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.

Predictions 2022 Live

Chart a bold path to success in 2022. Hear our predictions for the year ahead.

Blog

Meet Fahad Ehsan, Forrester’s Newest Security And Risk Analyst

Fahad Ehsan April 22, 2022
Hello, my name is Fahad Ehsan, and I am the newest analyst on the Forrester’s security and risk team. I will be joining Frederic Giron, Jinan Budge, and David Holmes, conducting research on managed security service providers, vulnerability management, Zero Trust, and cloud security. Tell Us About Yourself I was born and raised in Lahore, […]
Blog

Build Better Bridges: Introducing Forrester’s BISO Role Profile

Jess Burn April 19, 2022
BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.
Blog

Announcing Analyst Experience: SOC Analysts Finally Escape The Shackles Of Bad UX

Jeff Pollard April 18, 2022
The toughest battle SOC analysts face every day should not be with the technology they use. Analyst Experience (AX) will help solve that problem.
Blog

Breaches By The Numbers: Adapting To Regional Challenges Is Imperative

Allie Mellen April 12, 2022
Nearly two-thirds of organizations were breached in the past year, and it cost them an average of $2.4 million per breach. Our recent survey results dive into these and other findings.
Blog

Our 2022 Top Recommendations For Your Security Program: CISOs Get An Offer They Can’t Refuse

Jeff Pollard April 6, 2022
The Coppola classic has a few surprising parallels with today's chief information security officer.

European Predictions 2022

Visit our resource hub to discover the key trends impacting European businesses in 2022.

Blog

The Security Analyst: An Expert In A Beginner’s Clothing

Allie Mellen March 29, 2022
An entry-level cybersecurity role has requirements much closer to an intermediate one, our research shows. What else should security leaders keep in mind to attract the right candidates?
Blog

European MSS Firms Are Letting Down Their Customers By Providing More “Pew-Pew Maps” And Noise Rather Than Remediation Support

Paul McKay March 28, 2022
We’ve all been on a site visit to a managed security services (MSS) provider’s security operations center (SOC), where your prospective MSS provider shows you yet another set of screens with big “pew-pew maps” with little dots and lines going haywire where it has seen cyberattacks. These maps are about as useful as an NFT: […]
Blog

You Say You Want A Revolution? Announcing Our Latest Security Awareness And Training Forrester Wave™

Jinan Budge March 16, 2022
The security awareness and training (SA&T) market has been stagnant for so long, with the last major disruption as far as I can tell being the introduction of phishing simulations about a decade or so ago. Since then, the industry seems to have seen a slow and steady evolution from ticking boxes to meet a […]
More posts