Security management

Insights

Blog

Understanding The Real Cyber Risks Behind The Iran-Israel-US Geopolitical Tensions

Jitin Shabadu 3 days ago
When geopolitical bombs drop, cyber fallout often follows. Get five key insights to help you focus on the security strategies that matter most during times of geopolitical escalations.
Blog

AWS re:Inforce 2025 — Heavy On User Experience Enhancements, Light On The GenAI Hype

Allie Mellen 5 days ago
This year's AWS re:Inforce event included a big announcement and revealed other security-related enhancements. Read our top takeaways.

Can Your Security Strategy Handle Today’s Volatility?

Economic turmoil, increased cyberattacks, and changing regulations. Learn new strategies for managing risk in an era of volatility.

Blog

Announcing The Forrester Wave™: Security Analytics Platforms, Q2 2025 — The SIEM Vs. XDR Fight Intensifies

Allie Mellen 6 days ago
Find out how our latest analysis of the security analytics platforms space illustrates the dramatic changes this market is undergoing as legacy SIEM vendors are locked in heated competition with surging XDR providers.
Blog

Datadog DASH: A Revolving Door Of Operations And Security Announcements

Carlos Casanova June 20, 2025
Datadog’s 2025 keynote showcased a bold vision for AI-driven observability and security, unveiling a sweeping array of autonomous agents and tools designed to transform IT operations. From Bits AI SRE and Security Analyst to LLM Observability and Code Security, Datadog is trying to position itself as a central hub for operational intelligence in an increasingly algorithmic tech landscape.
Blog

Identiverse 2025 Recap: The Identity Trends Reshaping Your Identity Access Management Roadmap

Merritt Maxim June 18, 2025
I recently attended Identiverse in Las Vegas. This was my first time back at Identiverse since conference founder Ping Identity sold the conference in 2021. As identity related initiatives continue to dominate Forrester clients’ top priorities and initiatives, I felt impelled to share my perspectives and insights. Here are my five major conclusions and recommendations […]
Blog

Key Takeaways From Cisco Live 2025: Cisco’s Big Bets For Unified Security And AI

Jitin Shabadu June 18, 2025
Cisco Live 2025 Focused On Three Main Themes: AI, Simplification, And Security At its annual Cisco Live event, the company delivered a clear message: It’s operationalizing AI across the core pillars of networking, security, and observability. Building on last year’s momentum with innovations like Hypershield and Splunk integration, the company has framed its vision around […]
Blog

You Don’t Need To Be Ethan Hunt To Break Into A Building

Paddy Harrington June 17, 2025
In today’s hyper-connected buildings, cybercriminals don’t need grappling hooks or disguises — just a vulnerable thermostat or door lock to breach your defenses and disrupt your operations.

Showcase Your Security & Risk Innovation With A Forrester Award

Get recognized for excellence in security, privacy, and risk innovation. Apply for a Forrester Security & Risk Enterprise Leadership Award to celebrate your success in creating resilient operations.

Blog

Supply Chain, AI, And Operational Resilience Risks Dominate ERM Programs In 2025

Paul McKay June 13, 2025
For risk professionals, leading through 2025’s volatility has been like living in an “Alice in Wonderland” unreality. Risk teams have never been more important as a function to guide their businesses through challenges such as geopolitical risk events, trade disruption, economic volatility, and regulatory disruption.
Blog

Small Purchases, Big Risks: Shadow AI Use In Government

Jeff Pollard June 13, 2025
Powerful AI tools are now widely available, and many are free or low-cost. This makes it easier for more people to use AI, but it also means that the usual safety checks by governments — such as those done by central IT departments — can be skipped.
Blog

When You Can’t Change The Technology, Change Your Security Policies

Paddy Harrington June 11, 2025
When you can’t change the security of external technologies such as IoT, OT, or power infrastructure, you must adapt your internal cybersecurity policies and controls to mitigate the risks that they introduce.
Blog

Decoding The Naming Game: Why Standardizing Threat Actor Names Alone Won’t Enhance Your Security Posture Or Response

Jitin Shabadu June 6, 2025
Microsoft, CrowdStrike, Palo Alto Networks, and Mandiant recently announced a new initiative to create an aggregate and standardized glossary of threat actors. Learn the benefits and limitations of standardizing threat actor names.
Blog

Sudo Coming To Windows? Pretty Much, Yeah

Paddy Harrington May 29, 2025
Windows 11 introduces a new security feature that separates admin and user roles, bringing a sudolike experience to the desktop.
Blog

Worldcoin Orb Identity Verification Device Faces Headwinds In Mass Adoption

Andras Cser May 21, 2025
Last week, identity verification and authentication startup World (which was cofounded by OpenAI cofounder Sam Altman) announced that it is broadening operations of its Orb device in the US.
Blog

Coinbase Flips The Coin On Would-Be Extortionists

Joseph Blankenship May 16, 2025
In a recent example of why managing insider risk is critical, cryptocurrency exchange Coinbase announced that it was the target of an extortion scheme enabled by insiders. Learn more about the incident and how to protect against it in this blog.
Blog

Tackling Cloud Security: US Federal Edition

Andras Cser May 7, 2025
Back in 2007, the first US federal CIO, Vivek Kundra, was appointed. Shortly after in December of 2010, he launched one of the world’s first “cloud-first” initiatives, making many US federal agencies such as the General Services Administration (GSA) some of the earlier innovators in this arena.
Blog

Overregulation Forges A CISO Coalition With The G7 Letter

Madelein van der Hout April 24, 2025
A coalition of over 40 chief information security officers (CISOs) from leading companies, including Salesforce, Microsoft, AWS, Mastercard, and Siemens, sent a letter to the G7 and OECD, urging them to take action on aligning international cybersecurity regulations.
Blog

Global Tariffs: Dynamic Risk Management Meets Its Moment

Paul McKay April 23, 2025
The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]
Blog

Don’t Call It A Comeback: Stay Ready For Ransomware

Jess Burn April 22, 2025
So far, 2025 is filled with … distractions for security leaders. Between scrambling to secure their organizations’ AI initiatives, staying on top of critical vulnerabilities (and the organizations delivering the CVE process), perpetually communicating and training to guard against human element breaches, and navigating yet another period of uncertainty and volatility, it’s tempting to take […]
Blog

MITRE-geddon Averted, But Fragility In CVE Processes Remains

Erik Nost April 18, 2025
This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.
Blog

OpenAI Requires Identity Verification For Access To Its Latest Models

Andras Cser April 17, 2025
OpenAI announced that it will require organizations to complete an identity verification (IDV) process to verify their organization’s identity before being allowed to access the latest OpenAI models. Identity verification will likely require developers to digitally verify themselves using government-issued photo ID from permitted countries and prove their affiliation with their organization. Forrester expects that […]
More posts