We just published my latest research, the Forrester Wave: SaaS Web Content Security, Q2 2015. Forrester categorizes web gateways/forward proxies into this web content security category. I did something different with this evaluation, instead of looking at on-premise appliances; I only evaluated the SaaS deployment model. If a vendor didn't have a SaaS delivery model, we didn't include them in the Wave.
The decision to focus this wave on the SaaS model, wasn't popular with some of the vendors we evaluated. The majority of vendors who sell web proxies lead with the on-premises delivery model and relegate SaaS to a niche deployment option. As users, their endpoints, and their applications move outside the perimeter and into the cloud, the traditional web gateway model is being disrupted; yet many vendors are still very attached to their appliances. Instead of evaluating a very mature on-premise market, I wanted to focus this Wave on the future.
We are about to kickoff our next Forrester Wave on web content security. The inclusion criteria for vendor prequalification will be sent out within the next two weeks. We will be focusing on both traditional web gateways as well as the hybrid and SaaS delivery models. What does this mean for you?
Vendors: If you feel that your solution applies to this Wave, please contact us and let us know that you'd like to be sent the prequalification survey. We will be limiting the number of vendors participating in this evaluation.
Enterprises: If you would like to provide us feedback on your experience with web content security solutions and vendors, we would love to hear from you. We plan to leverage your feedback for evaluation criteria as well as score weighting.
Please contact Kelley Mak (kmak at forrester.com) if you are interested in participating. We expect this Wave will publish in the Spring of 2014. (Fine print: This is a publication estimate and this date is subject to change.)
I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.) I have found the report to be valuable year after year. This is the 6th iteration and this year’s report includes 621 confirmed data breaches, as well as over 47,000 reported security incidents. 18 organizations from across the globe contributed to the report this year. The full report is 63 pages, and I have to say that Wade Baker and company did a great job making it an enjoyable read. I enjoyed the tone, and I found myself laughing several times as I read through it (Laughing and infosec aren't commonly said in the same breath.) There are tons of great references as well, ranging from NASCAR, to Biggie Smalls, the Violent Femmes and more. The mantra of this year’s report is “Understand Your Adversary’ is Critical to Effective Defense and Response.” Here are a few observations:
The focus on the adversary answers customer questions. Who is the adversary? This is a frequent question from Forrester clients. The Mandiant APT1 report stirred up much debate on state sponsored actors and Verizon's data and analysis gives us more perspective on this class of threat actor. The first table in the report profiles the threat actors that are targeting organizations. It provides a high level view that I suggest you include in any type of executive engagement activity you participate in. This 3rd party snapshot of the threat actors should resonate with a wide degree of audiences.