Security management
Insights
Blog
Paying To Observe It All: Palo Alto Networks’ Acquisition Of Chronosphere
Cybersecurity behemoth Palo Alto Networks (PANW) recently announced the acquisition of observability vendor Chronosphere for $3.35 billion. The acquisition is a departure from PANW’s security pure-play roots, as it will now also sell into technology buyers. This blog explores the reasons behind the acquisition and what it means for PANW and Chronosphere customers going forward. […]
Blog
Insider Incidents Can Happen To Anyone
Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.
Predictions 2026: Your Planning Starts Here
2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.
Blog
AI Vendor Threat Research And Cybersecurity’s Cynicism Problem
For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]
Blog
How To Thrive In Chaos: Lessons Learned From The Forrester Women’s Leadership Program At Security & Risk Summit
The noise in and outside of cybersecurity is constant, with new threats, new tools, and new expectations. Thriving in this environment doesn’t take luck; it requires discipline. And right now, the backdrop is intense: nearly 1 million job cuts this year, workloads rising, and responsibilities shifting, leaving everyone uncertain. Those who remain are not necessarily […]
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Proactive Security Platforms Will Cumulate Visibility, Prioritization, And Remediation
Last year, we released our inaugural Forrester Wave™ on attack surface management (ASM) solutions. The ASM Wave primarily focused on visibility — the first of the three principles of proactive security. ASM’s visibility is achieved through external asset discovery and ingestion of third-party information regarding asset attributes, and both features are becoming increasingly commoditized. Yet the ubiquity of […]
Blog
Remove Ambiguity: Measure Human Risk Management Metrics That Matter
Our latest research — Five Steps To Better Human Risk Management Metrics and The Essential List Of Human Risk Management Metrics — provides security leaders the clarity they need to measure what truly matters. I see this not as just another comprehensive metrics framework (though it is that!) — I also see it as a foundation for turning human risk management from a conversation into a movement.
Blog
Secure Vibe Coding: I’ve Done It Myself, And It’s A Paradigm, Not A Paradox
“There’s a new kind of coding I call ‘vibe coding,’ where you fully give in to the vibes, embrace exponentials, and forget that the code even exists,” said Andrej Karpathy in a post on X (formerly Twitter) back in February.
Blog
Gold Rush Or Fool’s Gold? How To Evaluate Security Tools’ Generative AI Claims
Generative AI features and products for security are gaining significant traction in the market. Knowing how to evaluate them, however, remains a mystery. What makes a good AI feature? How do we know if the AI is effective or not? These are just some of the questions I receive on a regular basis from Forrester […]
Blog
Announcing Forrester’s 2025 Security & Risk Enterprise Leadership Award Winners
Learn more about the two enterprise security programs that won this year’s Security & Risk Enterprise Leadership Award.
Blog
Declaring Zero Trust Without Testing Is A Lie
Zero Trust without real-world testing is a false sense of security. Learn how MITRE ATT&CK-driven adversarial trials turn Zero Trust from theory into proof.
Blog
How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
2026 Predictions: What Tech And Security Leaders Must Know
Our 2026 tech and security predictions are out — now it’s time to go deeper. Join Forrester’s analysts to uncover what you must do to lead with trust and value.
Blog
UK Government Plans To Mandate Digital eID For All Legal UK Residents
The UK government plans to mandate an electronic digital identity scheme and credential to all legal residents and employees of the UK to prove immigration and employment eligibility status. Read our assessment of the benefits, challenges, and concerns.
Blog
Announcing The Forrester Wave™: Network Analysis And Visibility Solutions, Q4 2025
Despite its criticality, network analysis and visibility solutions remain underrepresented in enterprises compared to technologies such as endpoint detection and response and security information and event management. Find out why in this preview of our new Wave report.
Blog
You Know Who’s In The Building — But Who’s In Your Network?
Strong physical security is standard in critical infrastructure — but OT networks often remain wide open. This blog explores how applying Zero Trust principles can help you control digital access with the same rigor you apply to physical visitors.
Blog
Global Cybersecurity Spending To Exceed $300B By 2029
Despite the ongoing macroeconomic uncertainty in 2025, cybersecurity spending will rise by 13.1% this year to $174.8 billion, driven by ongoing concerns around cyberattacks and the need to secure new cloud-based deployments. Find out more in our cybersecurity spending forecast.
Blog
CrowdStrike Fal.Con 2025: Flexing Into The Agentic AI Age
CrowdStrike held its Fal.Con 2025 conference recently and not surprisingly for a cybersecurity vendor event in 2025, AI dominated. Get our highlights and key takeaways here.
2026 Tech & Security Predictions You Can’t Afford To Miss
AI cleanup, budget shifts, neocloud, and quantum threats — what’s ahead could reshape your strategy. Get Forrester’s guide with five bold predictions to stay ahead and lead with trust and value.
Blog
Your Top Questions On Generative AI, AI Agents, And Agentic Systems For Security Tools Answered
Many security professionals are still confused about which AI capabilities are real now and which will come down the road. Get answers to some of the most common questions about use of generative AI, agentic AI, and AI agents in security tools in this preview of our upcoming Security & Risk Summit.
Blog
Securing AI’s M&A Feeding Frenzy Is On
The cybersecurity industry is in the middle of a land grab as AI security M&A heats up. In just 18 months, eight major vendors — including Check Point, Cisco, CrowdStrike, F5, and Palo Alto Networks — have spent upwards of $2.0 billion acquiring startups focused on securing enterprise AI. AI for security is already poised to disrupt […]
Blog
Get Your Zero Trust Initiative Back On Track With Forrester’s Zero Trust RASCI Chart
One of the biggest challenges to a Zero Trust journey can be misalignment between teams. Learn how our Zero Trust RASCI Chart can help define roles and responsibilities across the core domains of Zero Trust.
More posts