Zero Trust
Zero Trust is a security model that was developed in 2009 as an alternative to older perimeter-based security models. Since then, Zero Trust has evolved beyond its original focus on securing the network and is now being adopted by private-sector technology executives and by international and US government agencies. It is based on the principle of “never trust, always verify” and requires continuous verification of every user, device, and network request. The core principles of Zero Trust include eliminating implicit trust, enforcing least-privilege access, implementing comprehensive security monitoring, attaching cloud security to cloud management, and harnessing cloud-native deployment, rearchitecture, and migration initiatives. The model ensures comprehensive control over access to data and resources, regardless of where they are located. Learn more about Zero Trust and how it can be applied to your organization through Forrester Decisions For Security & Risk.
Insights
Blog
Government Leaders: Prioritize Cyber Efficiency Amid Federal Volatility
Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]
Blog
The Tech Exec’s Guide To Decoding Cybersecurity Vendor Performance
Forrester analyzed the earnings calls of the 10 largest cybersecurity vendors by market cap and identified key trends for technology executives.
Showcase Your Security & Risk Innovation With A Forrester Award
Get recognized for excellence in security, privacy, and risk innovation. Apply for a Forrester Security & Risk Enterprise Leadership Award to celebrate your success in creating resilient operations. Apply by July 23, 2025.
Blog
XR Steps Back, AI Steps Up: The Shake-Up In Our 2025 Emerging Technologies
Forrester’s 2025 top 10 emerging technologies report reveals a major shift in the tech landscape, driven by AI acceleration and changing market dynamics. Longtime list members extended reality and Zero Trust edge are stepping back, making room for two fast-moving innovations — one of which was virtually unknown just a year ago. The earlier release gives tech leaders more time to strategize and align with upcoming breakthroughs in AI and beyond.
Blog
RSAC 2025 Early Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More
As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center.
Blog
Four Key EUC Trends From IGEL’s Now & Next 2025 Event
Get four key takeaways from IGEL’s recent end-user computing (EUC) event Now & Next 2025.
Blog
Detect, Defend, Deny: Zero Trust World 2025
Cybersecurity vendor ThreatLocker recently hosted its fifth annual Zero Trust World (ZTW) conference in Orlando, welcoming attendees from 28 countries to learn about Zero Trust principles and ThreatLocker offerings. Over two days, the event celebrated Zero Trust as a cybersecurity model and the ThreatLocker approach for achieving Zero Trust. Industry leaders, managed service providers, security […]
Blog
Why We’re Moving From ZTE To SASE Terminology
Find out why Forrester is pivoting away from the term Zero Trust edge (ZTE) in favor of the term secure access service edge (SASE).
Blog
Tenable To Acquire Vulcan Cyber: More Consolidation In The Vulnerability Management Market
The proactive security market is consolidating further as exposure management vendor Tenable announced its intent to acquire Vulcan Cyber, a unified vulnerability management (UVM) vendor that specializes in third-party vulnerability collection, vulnerability response, and application security posture management. This acquisition demonstrates how vendors are reacting to CISOs’ continued need to unify and consolidate their fragmented […]
Blog
Meet The New Analyst Covering NAV And Zero Trust
Meet the new Forrester analyst on the security and risk research team focusing on areas such as network analysis and visibility (NAV) and Zero Trust.
Blog
March To The Beat Of Zero Trust
Zero Trust has become the standard information security model to adopt globally. It’s no longer a question of should; it’s a question of how and where to begin. For some time, the topic of Zero Trust was met with disparaging and opposing views proclaiming it to be another buzzword for vendors to market products. Well, […]
Blog
CrowdStrike Acquires SaaS Security Specialist Adaptive Shield
Cybersecurity platform provider CrowdStrike announced plans to acquire Adaptive Shield, a SaaS security posture management (SSPM) vendor. Some sources reported the purchase price to be around $300 million. If that purchase price is accurate, based on Forrester’s estimates of Adaptive Shield’s current revenue, that price represents an approximately 12–15x revenue multiplier and 6 times more […]
Blog
Announcing Forrester’s 2024 Security & Risk Enterprise Leadership Award Winner And Finalist
Learn more about the security strategies that helped Schneider Electric win this year’s Security & Risk Enterprise Leadership Award, which recognizes organizations that have transformed their security, privacy, and risk management functions.
Blog
Announcing The Forrester Wave™: Attack Surface Management Solutions, Q3 2024
We’re excited to announce the inaugural release of a Forrester Wave™ evaluation covering attack surface management (ASM) solutions. We evaluated the 11 most significant ASM vendors in what is currently a rapidly evolving market segment. Forrester covers ASM and periphery markets such as exposure management and vulnerability risk management (VRM), as these segments all contribute […]
Blog
Old Dogs Learn New Tricks — The Forrester Wave™: Enterprise Firewall Solutions, Q4 2024
Contrary to expectations the enterprise firewall continues to thrive. and vendors have made significant progress in keeping up with rapid innovations. Learn more in this preview of the recently published report, The Forrester Wave™: Enterprise Firewall Solutions, Q4 2024.
Blog
Gone Are The Days Of Networking Infrastructure Choice
One outcome of internal developments or acquisitions is that networking infrastructure choice has evaporated — even if vendors claim otherwise. HPE's recent acquisition of Juniper brings this into focus.
Blog
Data Security: The Time Is Now To Pioneer A New Strategy
Data security is both a high priority and struggle for many organizations. Find out why and get some next steps in this preview of our upcoming Security & Risk Summit, December 9–11 in Baltimore.
Blog
That’s A Nice IoT Device You’ve Got There … It’d Be A Shame If Mirai Used It For Its Botnet
A variant of the Mirai DDoS botnet that arrived in late 2016 and has remained active (because its creators released the malware for anyone to use) is using unpatched (and, in this case, unpatchable) AVTECH closed-circuit television cameras as part of its botnet to attack targets of opportunity, such as an early target of the […]
Blog
Ignite Ingenuity To Manage Insider Risk
In recognition of National Insider Threat Awareness Month, we’ve gathered up some helpful focus areas and next steps to reduce your exposure to insider risk. Learn more at our upcoming Security & Risk Summit in Baltimore on December 9–11.
Blog
Announcing The Forrester Wave™: Microsegmentation Solutions, Q3 2024
Forrester just published the second edition of The Forrester Wave™: Microsegmentation Solutions. Just over two years separates this research from the previous report, and the technological advances over that short time are stunning. The previous evaluation, The Forrester New Wave™: Microsegmentation, Q1 2022, was all about layer 3 microsegmentation in a data center (or private […]
Blog
The 10 Most Important Cloud Trends For 2024
Curious about the top cloud trends in 2024? Learn three of the top 10 cloud trends for 2024 in this preview of a new report.
More posts