10 Questions To Help Differentiate Incident Response Service Providers

Rick Holland

I frequently help Forrester clients come up with shortlists for incident response services selection. Navigating the vendor landscape can be overwhelming, every vendor that has consultant services has moved or is moving into the space. This has been the case for many years, you are probably familiar with the saying: "when there is blood in the water." I take many incident response services briefings and vendors don't do the best job of differentiating themselves, the messages are so indistinguishable you could just swap logos on all the presentations.

Early next year, after the RSA Conference, I'm going to start a Forrester Wave on Incident Response services. Instead of waiting for that research to publish, I thought I'd share a few suggestions for differentiating IR providers.

  1. What is their hourly rate? This is typically my first question; I use it as a litmus test to figure out where the vendor sits in the landscape. If the rate is around $200 you are typically dealing with a lower tier provider. Incident response is an area where you get what you pay for. You don't want to have to bring in a second firm to properly scope and respond to your adversaries. 
  2. How many cases have they worked in the previous year? You want to hire an experienced firm; you don't want to work with a consultancy that is using your intrusion to build out the framework for their immature offering. While volume alone shouldn't be the key decision point, it does give you an objective way to differentiate potential providers.
Read more

Forrester’s Security & Risk Spotlight – Chris Sherman

Stephanie Balaouras

Forrester’s Security & Risk Analyst Spotlight - Chris Sherman

The title hasn’t yet been put to client vote, but Chris Sherman may be the renaissance man of Forrester’s S&R team. As an analyst, Chris advises clients on data security across all endpoints, giving him a broad perspective on current security trends. His experience as a neuroscience researcher at Massachusetts General Hospital also gives him insight into the particular challenges that Forrester’s clients in the healthcare industry face. Lastly, when he hasn’t been writing about endpoint security strategy or studying neural synapse firings, Chris flies Cessna 172’s around New England. Listen to this week’s podcast to learn about recent themes in Chris’s client inquiries as well as the troubles facing a particular endpoint security technology.

Chris Sherman Image

Read more

Blackberry says: "I'm Not Dead YET!"

Tyler Shields

Once proud Unicorn company Good Technology has been acquired by Blackberry for $475M. This transaction was annouced Friday 9/4/15 and has been a buzzworthy topic in the mobile security arena ever since. The acquisition demonstrates Blackberry's continued resolve to execute on a software centered strategic turn around plan. This acquisition is the biggest in Blackberry history and is an excellent fit in both features as well as company DNA. Blackberry refuses to die and is making major moves, such as this, to expand it's position in a market that will only be lucrative to the leading few vendors. It's going to be feast or famine for Blackberry going forward.

Blackberry and Good are both security minded companies having created similar solutions based on full stack security. Everything from network operations centers up through application layer security controls were implemented, albeit in different delivery platforms. Both offerings have fallen on hard times in the recent past with Blackberry having difficulty overcoming its failures in the hardware space and Good falling prey to a rapidly commoditizing market around mobile management technologies. 

Read more

The State Of Business Continuity – We Have A Long Way To Go To Achieve True Resiliency

Stephanie Balaouras

Aug. 29, 2015 marked the 10-year anniversary of Hurricane Katrina. During the storm and the ensuing chaos, 1800 people lost their lives in New Orleans and across the Gulf Coast. Many of these deaths, as well as the extensive destruction, could have been avoided or minimized if there had been better planning and preparedness in anticipation of just such an event, and if there had been much better communication and collaboration throughout the crisis as it unfolded. Responsibility falls on many from government officials (at every level) to hospitals to businesses to individuals. If there is any silver lining to such a destructive event, it’s that it forced many in the US to be much better prepared for the next major catastrophe. Case in point, in October 2012, Superstorm Sandy barreled through the Caribbean and the eastern US, affecting almost half of the states in the US. The storm caused unprecedented flooding and left millions without access to basic infrastructure and thousands without homes, but this time, about 200 people across 24 states lost their lives.

Read more

Security In The IoT Age: Makers Vs. Operators

Tyler Shields

Check out my latest research on IoT security: An S&R Pros Guide To IoT Security

Internet of Things (IoT) security is a hot topic among security and risk professionals. It seems as if every "thing" on the market is becoming smarter and more interactive. As the level of IoT device maturity increases so does the level of risk of data and device compromise. The scary thing is that we really have no idea what IoT devices are in our environment let alone the correct way to secure them. 

Both IoT product makers and IoT product operators need to understand the security implications of IoT devices. Security in IoT involves product makers rethinking how they create technologies, secure code and hardware, develop new offerings, and ensure the privacy of the data they collect. These areas of security are not typically areas that automobile, manufacturing, and retail technology makers have had to consider in the past.  The scale of IoT devices in each vertical is enough to employ a small army of developers who are yet not up to speed on the latest secure code and hardware concepts.

On the other side of the coin, enterprises have the unenviable position of implementing these poorly coded and built technologies. Overwhelming pressure will come from competing enterprises causing an increase in IoT adoption to improve business efficiencies. IoT will become pervasive, and mandatory, throughout every vertical from gas and electric to automotive. The threat landscape in these areas will be immense.

Read more

Automated Malware Analysis Wave - Kicking Off Soon

Rick Holland

In September, Kelley Mak and I are going to be kicking off our Automated Malware Analysis Wave. During a 3 - 4 month process, we will be evaluating the network based sandboxes of 10-15 vendors. If you would like the opportunity to participate, please contact Kelley Mak (kmak at forrester dot com) and Josh Blackborow (jblackborow at forrester dot com). They can send you the inclusion criteria. Since nearly every security vendor in the market has an AMA solution, not all vendors will be invited to particpate in the Wave. Our inclusion criteria are designed to ensure we evauate the vendors most capable of addressing Forrester's security and risk client base. 

For vendors interested in learning more about Forrester's perspective on automated malware analysis, please check out Pillar No. 1: Malware Analysis from Targeted-Attack Hierarchy Of Needs: Assess Your Advanced Capabilities.

Forrester’s Security & Risk Research Spotlight: Make Customers The Focus Of Your Security Efforts

Stephanie Balaouras

Since I first became the research director of the Security & Risk team more than five years ago, security leaders have lamented the difficulty of aligning with the business and demonstrating real business value. Over the years, we’ve written an enormous amount of research about formal processes for aligning with business goals, provided key metrics to present to the board, and developed sophisticated models for estimating security ROI. Yet for many, demonstrating real business value continues to be a significant challenge. If it wasn’t for the 24 hour news cycle and a parade of high profile security breaches, chances are good, that security budgets would have been stagnant the last few years.

Read more

Forrester’s Security & Risk Spotlight – Enza Iannopollo

Stephanie Balaouras

Forrester’s Security & Risk Analyst Spotlight - Enza Iannopollo

All Forrester S&R analysts consider the security and privacy implications of how today’s digital businesses collect, store, use, and transmit sensitive data about their customers, but Enza Iannopollo has made it her mission to understand these implications in detail. Her research focuses on the impact of Internet regulations and data privacy issues on digital business models, as well as the technologies that underpin them. Her research coverage also includes privacy implications in the context of cloud computing, analytics, and the Internet of Things. When you get a chance, please schedule an inquiry with Enza and ask her if privacy is dead.

Enza Iannopollo Image

Read more

Automated Malware Analysis Wave - Call for feedback

Rick Holland

We are in the planning stages of a new Forrester Wave on automated malware analysis/sandboxes. As we prepare for this research, we are looking for research interview candidates to discuss your experiences with automated malware analysis solutions. Please note we are not seeking feedback from vendors at this  time. We are focused on the buyers of these offerings. We would like to talk to you about: 

  1. The most useful features
  2. The least useful features
  3. The most significant challenges
  4. Preferred deployment model (physical appliance, virtual appliance, cloud)
  5. Most useful integrations (e.g. endpoint integrations that validate sandbox alerts)
  6. Feedback on vendors (e.g. FireEye, Trend Micro, Palo Alto Networks ...)

You don't have to be a Forrester client either. If you are willing to participate in a confidential research interview, we will provide you a free copy of the research when it publishes. If you are interested in speaking with us please contact Kelley Mak (kmak at forrester dot com) and Josh Blackborow (jblackborow at forrester dot com) 

In the meantime, if you are interested in learning more about Forrester's perspective on automated malware analysis, please check out Pillar No. 1: Malware Analysis from Targeted-Attack Hierarchy Of Needs: Assess Your Advanced Capabilities

Help Us Define The Data Security Market In 2015!

Stephanie Balaouras

To help security pros plan their next decade of investments in data security, last year myself, John Kindervag, and Heidi Shey, researched and assessed 20 of the key technologies in this market using Forrester's TechRadar methodology. The resulting report, TechRadar™: Data Security, Q2 2014, became one of the team’s most read research for the year. However, it’s been a year since we finalized and published our research and it’s time for a fresh look.

One can argue that the entirety of the information security market - its solutions, services, and the profession itself - focuses on the security of data. While this is true, there are solutions that focus on securing the data itself or securing access to the data itself - regardless of where data is stored or transmitted or the user population that wants to use it. As S&R pros continue to pursue a shift from a perimeter and device-specific security approach to a more data- and identity-centric security approach, it’s worthwhile to hyper focus on the technology solutions that allow you to do just that....

Last year, we included the following 20 technologies in our research:

  • Archiving
  • Backup encryption
  • Cloud encryption gateways
  • Data classification
  • Data discovery
  • Data loss prevention (DLP)
  • Database encryption and masking
  • Database monitoring and auditing
  • Email encryption
  • Enterprise key management
  • Enterprise rights management
  • File-level encryption
  • Full-disk encryption
  • Identity and access management 
  • Managed file transfer
Read more