Security management

Insights

Blog

Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024

Janet Worthington 11 hours ago
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential. Our detailed examination of the top 35 breaches and privacy fines of 2024 has unearthed […]
Read More
Blog

Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion

Andras Cser 6 days ago
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Read More
Blog

The Akira IoT Device Attacks Aren’t Just About THAT Device

Paddy Harrington March 12, 2025
Securing IoT devices presents unique challenges due to their proprietary operating systems and firmware, which often preclude traditional endpoint protection methods. This blog explores the critical role of network segmentation and Zero Trust principles in mitigating risks, emphasizing the importance of robust edge, network, and gateway security measures to defend against sophisticated attacks such as the Androxgh0st botnet and Akira ransomware.
Read More
Blog

Top Recommendations For CISOs In 2025: Deal With Uncertainty … Again

Jeff Pollard March 12, 2025
The security landscape continues to evolve, as does global uncertainty, leaving CISOs preparing for turbulence ahead.
Read More
Blog

The Brewing Battle For Digital Online Age Verification

Merritt Maxim March 11, 2025
With online identity verification well understood and maturing, the next brewing verification battle is around age verification, a subset of identity verification.
Read More
Blog

Another Cautionary Tale Of The Perils Of Using Password Managers

Andras Cser March 5, 2025
Last week, password wallet vendor LastPass experienced an outage. All LastPass systems and services have since been restored and are up and running. It is worth noting that this is not the first incident involving password wallet products. Past incidents include: LastPass had an outage in 2024. PasswordState had a malicious DLL cause a breach […]
Read More
Blog

Quantum Security Isn’t Hype — Every Security Leader Needs It

Merritt Maxim March 3, 2025
The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.
Read More

Focus 2025 Security Budgets On Risk Mitigation And Tech Sprawl

Security leaders, explore our 2025 Planning Guide for benchmarks on where to invest, divest, and experiment with your budget.

Get The Guide
Blog

How I Apply Third-Party Lab Results In My Security Operations Research

Allie Mellen March 3, 2025
Last week, I attended the AV-Comparatives conference in Innsbruck, Austria. This conference brought together many cybersecurity vendors, particularly those with a European focus, as well as a few nonprofits, academic institutions, and analyst firms.
Read More
Blog

Detect, Defend, Deny: Zero Trust World 2025

Jitin Shabadu February 27, 2025
Cybersecurity vendor ThreatLocker recently hosted its fifth annual Zero Trust World (ZTW) conference in Orlando, welcoming attendees from 28 countries to learn about Zero Trust principles and ThreatLocker offerings. Over two days, the event celebrated Zero Trust as a cybersecurity model and the ThreatLocker approach for achieving Zero Trust. Industry leaders, managed service providers, security […]
Read More
Blog

Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes

Allie Mellen February 12, 2025
MITRE released its latest Enterprise MITRE ATT&CK Evaluations in December of 2024. At that time, we published a blog with a quick overview of the results. Today, we’re excited to announce that we have released three new pieces of research about this round of evaluations.
Read More
Blog

Assessment Is Anyone’s Guess: Proving GOAT Status Requires Validation

Erik Nost February 11, 2025
As spectators tuned in to Super Bowl LIX to indulge in American culture rife with consumerism, T. Swift, and rap feuds, the buzz was less around the game and more on determining who is pro football’s GOAT (greatest of all time).
Read More
Blog

Choose Your Own MDR Adventure: Avoid The Free-For-All Of “New” MDR Services

Jeff Pollard February 4, 2025
Managed detection and response (MDR) — without a doubt — has successfully claimed the crown of all managed security services for making and keeping clients happy.
Read More

Eliminate Your Security Gaps And Redundancies

Learn how to align your security products and services with their functions using Forrester’s Security Tools and Services Mapping (STSM).

Download The STSM Report
Blog

AI And ML Security: Preventing Jailbreaks, Drop Tables, And Data Poisoning

Jeff Pollard January 30, 2025
Get a simplified view of the the top three generative AI use cases that security leaders need to worry about and get recommendations for prioritizing them.
Read More
Blog

Breaking Down Human-Element Breaches To Improve Cybersecurity: FAQ

Jinan Budge January 28, 2025
We are thrilled to announce our new research report, Deconstructing Human-Element Breaches, detailing the many and varied risks posed by and to humans — a problem that has plagued cybersecurity teams for decades. Forrester clients can use this research as a catalyst for productive conversations with executives and peers across functions about controls to mitigate the human-element breach types most common to their organizations and industries.
Read More
Blog

Rose-Colored Glasses Hide All The Red Flags: Advice From The S&R Forrester Women’s Leadership Program

Jinan Budge December 23, 2024
As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of the Forrester Women’s Leadership Program to celebrate successes and solve for the many challenges that women face in this field. The theme? “To propel your career in security and risk, choose your advisers and nuggets of advice wisely.”
Read More
Blog

Stop Defending The Three Lines Of Defense

Cody Scott November 14, 2024
Learn how the Forrester Continuous Risk Management Model can replace outdated risk management methods in this preview of a session at the upcoming Security & Risk Summit.
Read More
Blog

CrowdStrike Acquires SaaS Security Specialist Adaptive Shield

Andras Cser November 14, 2024
Cybersecurity platform provider CrowdStrike announced plans to acquire Adaptive Shield, a SaaS security posture management (SSPM) vendor. Some sources reported the purchase price to be around $300 million. If that purchase price is accurate, based on Forrester’s estimates of Adaptive Shield’s current revenue, that price represents an approximately 12–15x revenue multiplier and 6 times more […]
Read More
Blog

Announcing Forrester’s 2024 Security & Risk Enterprise Leadership Award Winner And Finalist

Stephanie Balaouras November 14, 2024
Learn more about the security strategies that helped Schneider Electric win this year’s Security & Risk Enterprise Leadership Award, which recognizes organizations that have transformed their security, privacy, and risk management functions.
Read More
Blog

If You’re Not Using Data Pipeline Management For Security And IT, You Need To

Allie Mellen November 12, 2024
Data ingestion into security information and event management (SIEM) have been too expensive for too long. Find out what's driving up the cost and how to manage it better in this post.
Read More
Blog

Retailers: Adopt Three Application Security Technologies Now

Sandy Carielli October 29, 2024
Three application security technologies are key for retailers to adopt before the holiday season.
Read More
More posts