Kicking off the Forrester Web Content Security Wave

Rick Holland

We are about to kickoff our next Forrester Wave on web content security.  The inclusion criteria for vendor prequalification will be sent out within the next two weeks. We will be focusing on both traditional web gateways as well as the hybrid and SaaS delivery models. What does this mean for you?

  • Vendors:  If you feel that your solution applies to this Wave, please contact us and let us know that you'd like to be sent the prequalification survey.  We will be limiting the number of vendors participating in this evaluation. 
  • Enterprises:  If you would like to provide us feedback on your experience with web content security solutions and vendors, we would love to hear from you.  We plan to leverage your feedback for evaluation criteria as well as score weighting.  

Please contact Kelley Mak (kmak at forrester.com) if you are interested in participating.   We expect this Wave will publish in the Spring of 2014. (Fine print: This is a publication estimate and this date is subject to change.) 

Observations on the 2013 Verizon Data Breach Investigations Report

Rick Holland

I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.)  I have found the report to be valuable year after year.  This is the 6th iteration and this year’s report includes 621 confirmed data breaches, as well as over 47,000 reported security incidents.  18 organizations from across the globe contributed to the report this year.  The full report is 63 pages, and I have to say that Wade Baker and company did a great job making it an enjoyable read. I enjoyed the tone, and I found myself laughing several times as I read through it (Laughing and infosec aren't commonly said in the same breath.)  There are tons of great references as well, ranging from NASCAR, to Biggie Smalls, the Violent Femmes and more.  The mantra of this year’s report is “Understand Your Adversary’ is Critical to Effective Defense and Response.”   Here are a few observations: 

The focus on the adversary answers customer questions.  Who is the adversary? This is a frequent question from Forrester clients.  The Mandiant APT1 report stirred up much debate on state sponsored actors and Verizon's data and analysis gives us more perspective on this class of threat actor. The first table in the report profiles the threat actors that are targeting organizations.  It provides a high level view that I suggest you include in any type of executive engagement activity you participate in.  This 3rd party snapshot of the threat actors should resonate with a wide degree of audiences.

Read more