Cybersecurity Trends
Stay up-to-date on the cutting edge of cybersecurity with insights on Zero Trust, vendors, regulations, and other privacy & security topics.
Insights
Blog
US Federal Government Continues Cybersecurity Leadership With New OMB Memo
The guidance in the new memorandum enables federal civilian agencies to properly assign cyber-initiative funding toward the most critical areas. Here, we take a closer look.
Blog
Threat Hunting 101: A Human-Led Exercise
Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.
Blog
Choose Apple Lockdown Mode, Choose Security
Users get to make their own choices about security and privacy when using Apple devices, not carriers, application developers, or advertisers.
Blog
NIST PQ: “Lattice” Pick A Winner
Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]
Blog
Practice Empathy To Reduce Insider Risk
Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.
Blog
The Reaper Comes For Cyber Unicorns
While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.
Podcast
The Best And Worst Security Practices From Around The World
The fact is, no business can stop every breach. So is it time to shift to a “post-breach” resilience strategy? Analyst Allie Mellen thinks so. This week, she discusses the best — and worst — security practices from various global regions.
US Public Sector Predictions 2022
Discover how the President's Management Agenda will shape agencies' priorities in 2022.
Blog
The ASM Landscape Is Shifting Under Our Feet — As Are The Acronyms
Since publishing my first report on attack surface management (ASM), Find And Cover Your Assets With Attack Surface Management (one of my favorite titles to date), the market has taken off in a number of different directions and developed several flavors — and acronyms. Forrester defines ASM overall as follows: The process of continuously discovering, […]
Blog
Planning Is Paramount When Adopting SOAR
To succeed with a security orchestration, automation, and response (SOAR) offering, outline how you'll use it first.
Blog
Microsoft Announces Defender Vulnerability Management
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog
Plan Your Response To CISA Emergency Patching Directives
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
Blog
Microsoft Launches MDR And Hops On The Everything-As-A-Service Bandwagon
Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.
Predictions 2022 Live
Chart a bold path to success in 2022. Hear our predictions for the year ahead.
Blog
Meet Fahad Ehsan, Forrester’s Newest Security And Risk Analyst
Hello, my name is Fahad Ehsan, and I am the newest analyst on the Forrester’s security and risk team. I will be joining Frederic Giron, Jinan Budge, and David Holmes, conducting research on managed security service providers, vulnerability management, Zero Trust, and cloud security. Tell Us About Yourself I was born and raised in Lahore, […]
Blog
Build Better Bridges: Introducing Forrester’s BISO Role Profile
BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.
Blog
Announcing Analyst Experience: SOC Analysts Finally Escape The Shackles Of Bad UX
The toughest battle SOC analysts face every day should not be with the technology they use. Analyst Experience (AX) will help solve that problem.
Blog
Breaches By The Numbers: Adapting To Regional Challenges Is Imperative
Nearly two-thirds of organizations were breached in the past year, and it cost them an average of $2.4 million per breach. Our recent survey results dive into these and other findings.
Blog
Our 2022 Top Recommendations For Your Security Program: CISOs Get An Offer They Can’t Refuse
The Coppola classic has a few surprising parallels with today's chief information security officer.
European Predictions 2022
Visit our resource hub to discover the key trends impacting European businesses in 2022.
Blog
The Security Analyst: An Expert In A Beginner’s Clothing
An entry-level cybersecurity role has requirements much closer to an intermediate one, our research shows. What else should security leaders keep in mind to attract the right candidates?
Blog
European MSS Firms Are Letting Down Their Customers By Providing More “Pew-Pew Maps” And Noise Rather Than Remediation Support
We’ve all been on a site visit to a managed security services (MSS) provider’s security operations center (SOC), where your prospective MSS provider shows you yet another set of screens with big “pew-pew maps” with little dots and lines going haywire where it has seen cyberattacks. These maps are about as useful as an NFT: […]
Blog
You Say You Want A Revolution? Announcing Our Latest Security Awareness And Training Forrester Wave™
The security awareness and training (SA&T) market has been stagnant for so long, with the last major disruption as far as I can tell being the introduction of phishing simulations about a decade or so ago. Since then, the industry seems to have seen a slow and steady evolution from ticking boxes to meet a […]
More posts