“Life starts all over again when it gets crisp in the fall.”

— F. Scott Fitzgerald, “The Great Gatsby”

Fall is officially upon us. Leaves are piling up in our yards, and there is a chill in the air. As everyone digs their sweaters and jackets out of the back of their wardrobes, think about how you can refresh your security program as well in the season of renewal. With the Forrester security and risk team’s latest research, practitioners will learn to drop their outdated practices like dead leaves and welcome a new era of security and risk management.

  • Security and risk (S&R) executives responsible for identity and access management (IAM) must manage users’ access to sensitive applications and data without inhibiting business agility, compromising the digital experience for either employees or customers, or violating compliance requirements — and they need to do so as cost-effectively as possible. Use this report and the accompanying tool to quantify the costs and benefits for various approaches to IAM to determine which one provides the best ROI. See Sean Ryan and Andras Cser’s latest report: “Making The Business Case For Identity And Access Management.”
  • Attackers use phishing and other social engineering tactics to infiltrate corporate networks. Advances in malicious email protection can recognize and stop obvious phishing attempts, but enterprises remain vulnerable to this common attack vector. In this report, we provide best practices that can help S&R professionals at enterprises stop phishing attacks. See Claire O’Malley and Joseph Blankenship’s “Best Practices: Phishing Prevention.”
  • In response to increasingly complex cyberattacks, security pros are devoting resources to granular aspects of their networks. This is understandable and necessary to a degree, but it’s also a great way to lose sight of your ultimate goal: protecting customers and empowering the business. Zero Trust networks accomplish the dual tasks of deep, continuous data inspection across the network and lean operation and oversight — tasks that seem mutually exclusive in traditional networks. This report highlights the eight most significant ways Zero Trust boosts security and your business. See Chase Cunningham, David Holmes, and Jeff Pollard’s new report: “The Eight Business And Security Benefits Of Zero Trust.”
  • Finance and legal professionals use anti-money laundering solutions to safeguard the integrity of their business. We used 32 criteria to evaluate the eight most significant vendors: ACI, BAE Systems, Featurespace, Feedzai, FICO TONBELLER, IdentityMind, NICE, and SAS. See Andras Cser’s Forrester Wave™ evaluation: “The Forrester Wave™: Anti-Money Laundering Solutions, Q3 2019.”
  • Endpoint solutions are important in protecting the organization at every level and access point. In this 25-criterion evaluation of endpoint security suite providers, we evaluated Bitdefender, BlackBerry Cylance, Carbon Black, Check Point, Cisco, CrowdStrike, ESET, FireEye, Kaspersky, McAfee, Microsoft, Palo Alto Networks, Sophos, Symantec, and Trend Micro. See Chris Sherman’s “The Forrester Wave™: Endpoint Security Suites, Q3 2019.”
  • In his report, “Get Fighting Fit For EU’s NISD,” Paul McKay helps advise CISOs on getting their organizations ready for the NISD by using existing capabilities and investments. Over the past 12 months, regulators and competent authorities have been working with industries to determine a common security baseline in the critical national infrastructure and digital services sectors.
  • Businesses can use eDiscovery service providers to boost expertise, speed, and scale of eDiscovery-related operations, benefit from best-fit technologies for their requirements, and optimize overall spending to better allocate in-house resources. In Heidi Shey’s new report, “Now Tech: eDiscovery Service Providers, Q3 2019,” for legal and risk professionals, she recommends which vendors to select from and why.

(written with Elsa Pikulik, senior research associate at Forrester)