security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT leaders.

Insights

Blog

Microsoft Announces Defender Vulnerability Management

Erik Nost 5 days ago
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog

In A Multicloud World, Web Application Firewalls Still Matter

Sandy Carielli May 2, 2022
The web application firewall market has evolved. Read this quick overview of the landscape.

The ROI Of Sustainability

Sustainability initiatives are no longer just a ‘nice to have’. Learn how to build a use case for sustainability in APAC.

Blog

Forrester Decisions Service For Security And Risk Leaders Now Available In Asia Pacific

Dane Anderson April 25, 2022
Our highly anticipated Forrester Decisions service for Security & Risk is now available in Asia Pacific.
Blog

Bot Management Solutions Grow Up

Sandy Carielli April 12, 2022
The bot management market has matured considerably over the past few years. Two years ago, many vendors spoke primarily to the security persona, only the top vendors offered machine learning and layered detections, and response options were more limited. With the release of The Forrester Wave™: Bot Management, Q2 2022, we see a market that […]
Blog

Our 2022 Top Recommendations For Your Security Program: CISOs Get An Offer They Can’t Refuse

Jeff Pollard April 6, 2022
The Coppola classic has a few surprising parallels with today's chief information security officer.
Blog

Okta Lapsus$ Compromise: How To Make Sure You’re Protected

Merritt Maxim March 24, 2022
On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]
Blog

Top Trends Shaping Fraud Management In Asia Pacific

Meng Liu March 18, 2022
A fragmented regulatory environment and the rapid transition to digital commerce have spurred several enterprise fraud management (EFM) trends in Asia Pacific. Forrester sees that: Digital commerce drives promotion fraud. Flourishing digital commerce significantly changes consumer behavior, and companies are focusing their marketing spending on online campaigns and promotions. Fraudsters are increasingly taking advantage of […]

US Public Sector Predictions 2022

Discover how the President's Management Agenda will shape agencies' priorities in 2022.

Blog

You Say You Want A Revolution? Announcing Our Latest Security Awareness And Training Forrester Wave™

Jinan Budge March 16, 2022
The security awareness and training (SA&T) market has been stagnant for so long, with the last major disruption as far as I can tell being the introduction of phishing simulations about a decade or so ago. Since then, the industry seems to have seen a slow and steady evolution from ticking boxes to meet a […]
Blog

Chronicles Of Mandiant: Google Put A Ring On It

Jeff Pollard March 8, 2022
Mandiant trades up from FireEye and finds a home within Google Cloud Platform.
Blog

Fix The Vulnerability Within: Break Gender Bias In Cybersecurity

Jinan Budge March 7, 2022
Forrester predicts that in 2022, one in 10 experienced security pros will exit the industry. This brain drain is the result of a few dynamics colliding: poor financial and advancement incentives; general stress and burnout impacting security teams; and cybersecurity’s dirty little secret, workplace toxicity! And cybersecurity isn’t immune to the hidden epidemic impacting women’s ability […]
Blog

Here’s How To Update Your Risk Management Posture Given The War In Ukraine

Alla Valente February 28, 2022
Risk management leaders in Europe and worldwide are already being impacted by the war in Ukraine and the sanctions imposed on Russian and Belarusian actors. Forrester analysts provide their guidance in this post.
Blog

Evolve Your Nearshore Contingency Plans In Response To War In Ukraine

Jeffrey Rajamani February 25, 2022
Learn which IT service providers have substantial operations in Belarus, Russia, or Ukraine and what steps you should take if you rely on them for services today.

Predictions 2022 Live

Chart a bold path to success in 2022. Hear our predictions for the year ahead.

Blog

Savvy Cybersecurity Programs Focus On Competence, Integrity, And Empathy

Jeff Pollard February 7, 2022
As of July 31, 2021, the FBI’s Internet Crime Complaint Center saw a 62% increase in reported ransomware incidents compared with the same time frame in 2020. Intrusions in environments spanned various types of infrastructure, with 35% exploiting software vulnerabilities and 32% using supply chains and third parties to obtain unauthorized access, per Forrester data. […]
Blog

Enterprise Risk Pros Pivot From Compliance To Driving Faster, Better Decisions

Alla Valente February 3, 2022
The average firm’s list of business and risk management priorities looks very different today than it did two years ago. What’s changed? For starters, according to Forrester data, 43% of enterprise risk management (ERM) decision-makers report having experienced three or more discrete critical risk events over the past 12 months. The same group reveals that […]
Blog

The Emerging Cyber Risk Quantification Market: When CISOs Need Decisions, Not More Dashboards

Paul McKay January 31, 2022
Ask any CISO to articulate the ROI of their firm’s cybersecurity investment — or, worse yet — to defend an increase to the security budget, and you’re likely to get anything from a threat heat map to a 5×5 grid to a list of the latest threats with a flowchart of how the firm is […]
Blog

Announcing Forrester’s New Research On Attack Surface Management

Jess Burn January 12, 2022
As I watched the December 2021 Log4j situation unfold (and it continues … ), the importance of IT asset visibility couldn’t have been clearer. So many security and IT teams struggle to maintain much-needed visibility into an increasingly complex and distributed IT environment because so much of an organization’s estate is unknown or undiscovered due […]
Blog

Log4j, Open Source Maintenance, And Why SBOMs Are Critical Now

Sandy Carielli December 15, 2021
Beyond the immediate response issues, the Log4j vulnerability poses longer-term risk management and community considerations.

European Predictions 2022

Visit our resource hub to discover the key trends impacting European businesses in 2022.

Blog

Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability

Allie Mellen December 13, 2021
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]
Blog

The Cybersecurity Incident Response Market Abounds With Choice — But Please Choose Before You’re Hit!

Jess Burn December 6, 2021
Last week, we released the Forrester Now Tech: Cybersecurity Incident Response Services, Q4 2021. This research provides a comprehensive overview of the service provider landscape. In the report, we define and describe the vendor segments and then classify each of the 36 vendors into the appropriate segment based on functionality. We also provide information on key industries the vendors support and any reference customers they […]
Blog

As Bad Bots Level Up, Use Bot Management To Stay One Step Ahead

Sandy Carielli November 29, 2021
In my new report, Now Tech: Bot Management, Q4 2021, I discuss the ongoing scourge of bad bots and define the vendor landscape for bot management solutions. I chatted with my research associate, Isabelle Raposo, about this report over the course of the research process. This is the first time we’ve worked on a report […]
More posts