There’s nothing like completing a Forrester Tech Tide™ for a crash course in security tech market momentum. It was a thrill to facilitate and distill the deep insights, thoughtful commentary, and spirited debates between my colleagues to determine the placement of Zero Trust detection and response technologies into our four categories: Experiment, Invest, Maintain, and Divest. It’s a crowded market with a lot of heat these days — and it’s evolving before our very eyes. Emerging solutions such as extended detection and response (XDR), for example, will force security leaders to choose a new path when it comes time to replace their security information and event management (SIEM), potentially skipping over front-runners like endpoint detection and response (EDR) and security orchestration, automation, and response (SOAR) in the process. I encourage our clients to review our definition and guidance for XDR as you consider your next security technology investment.

Of particular interest to me from our newly published “The Forrester Tech Tide™: Zero Trust Threat Detection And Response, Q2 2021” are what look like the final acts of several solutions once considered vital detection and response point products. While automated malware analysis (sandboxing) and network intrusion detection systems (NIDS) remained in our Divest category, three more technologies joined them this year: data loss prevention (DLP), managed security service providers (MSSP), and security user behavior analytics (SUBA). Why is this? Because these stand-alone technologies simply don’t cut it anymore. This isn’t to say these solutions are dead, mind you. No, they live on within larger, more comprehensive solutions:

  • While DLP can help enforce policies for data management, the biggest business value gained from this capability is when it’s integrated with other solutions that provide more data protection functionality.
  • MSSPs never truly realized their aspirations to eliminate the need for internal security operations teams altogether. As a result, many firms are moving to managed detection and response (MDR) to augment their own security operations centers (SOCs), resulting in significant disruption in the market.
  • As a stand-alone technology, SUBA failed to gain significant market traction as understanding user behavior and is only useful when combined with other technologies like data loss prevention (DLP) and identity and access management (IAM) to provide a more holistic view of user patterns and anomalies. Additionally, most security analytics platforms matured rapidly to include SUBA capabilities.

As we stated in our “Top Recommendations For Your Security Program, 2021” report, security leaders must consider which capabilities you can accept as “good enough” versus those that require more robust capabilities using a best-of-breed point solution. The above solutions are not stand-alone hills to die on, but you likely have other key tools in your architecture that you’re willing to, and should, fight for.

So what do you think? Would you have placed any of the technologies in different categories? Are there stand-alone solution hills you’re willing to die on? Please reach out with your feedback or any questions.


(written with Alexis Bouffard, senior research associate at Forrester)