Forrester TechTide

NOT LICENSED FOR DISTRIBUTION
The Forrester Tech Tide™: Zero Trust Threat

Prevention, Q3 2018
Tools And Technology: The Security Architecture And Operations Playbook
by Amy DeMartine, Chase Cunningham, Joseph Blankenship, and Josh Zelonis

July 12, 2018
Why Read This Report Key Takeaways

Zero Trust (ZT) threat prevention is increasingly Avoid The Inevitable “If Only” Conversation By
critical to deny malicious attackers’ access to Preventing The Breach In The First Place
enterprise assets. To accelerate their performance Companies must always be prepared in case of a
in ZT threat prevention, companies are breach, but breaches don’t have to be inevitable.
evaluating and adopting a range of contributing Don’t be part of a company that laments “if only”
technologies. This Forrester Tech Tide report they had taken preventive measures before a
presents an analysis of the maturity and business breach. Instead, implement a broad range of ZT
value of the 25 technology categories that threat prevention technologies.
support ZT threat prevention. Security pros
Integrated Solutions Become The Norm To
should read this report to shape their firm’s
Protect Technology Ecosystems
investment approach to these technologies.
Mobile security, endpoint security, and next-
generation firewalls (NGFWs) have all moved
to integrated solutions from disparate point
products. Look for point products in the
Experiment and Invest quadrants to follow suit.
The Future Demands Automated Discovery,

Configuration, And Response
Security pros are faced with an ever-increasing
scale problem as types of attacks, size of attacks,
and technology to protect are all expanding. ZT
threat prevention technologies will respond by
including features such as automated discovery,
configuration, and response to lighten the burden.
forrester.com
For Security & Risk Professionals
The Forrester Tech Tide™: Zero Trust Threat Prevention, Q3 2018

by Amy DeMartine, Chase Cunningham, Joseph Blankenship, and Josh Zelonis

with Stephanie Balaouras, Andras Cser, Chris Sherman, Heidi Shey, Merritt Maxim, Jeff Pollard,
Bill Barringham, and Peggy Dostie
July 12, 2018
Table Of Contents Related Research Documents

2 Leverage Threat Prevention Technologies To Craft Zero Trust Security Metrics That Matter To
Avoid Costly Breaches Your Business
2 Create Your ZT Threat Prevention With A Mix Future-Proof Your Digital Business With Zero
Of Technologies Trust Security
4 Invest In And Maintain Valuable ZT Threat The Zero Trust eXtended (ZTX) Ecosystem
Prevention Technologies
5 Experiment With Antiphishing Training And

Simulation And Others
Share reports with colleagues.
13 Invest In Cloud And Virtual Workload
Enhance your membership with
Security And Others
Research Share.
20 Maintain DDoS Mitigation, Email Security,
And Others
27 Divest From Network Threat Protection That

Is Offered Elsewhere
31 Supplemental Material
Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA

+1 617-613-6000 | Fax: +1 617-613-5000 | forrester.com
© 2018 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester®,
Technographics®, Forrester Wave, TechRadar, and Total Economic Impact are trademarks of Forrester Research,
Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing
is a violation of copyright law. [email protected] or +1 866-367-7378
For Security & Risk Professionals July 12, 2018
Leverage Threat Prevention Technologies To Avoid Costly Breaches

Breaches are costly. Companies that experience a breach must expend effort on many varied activities
such as breach response and notification, recovering after a loss in productivity, paying regulatory
fines, and restoring brand trust.1 Although companies must be prepared in case of a breach, Forrester
recommends working to prevent a breach from ever happening or at least minimizing what a malicious
attacker can steal. As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure,”
and by using Zero Trust threat prevention technologies, security pros can create perimeters around
networks, applications, workloads, data, and servers all in an effort to thwart an attack before it can
become a breach.
Curate A Set Of Technologies That Maximize Zero Trust Threat Prevention
Forrester surveyed technology decision makers, suppliers, and other subject matter experts in
our search for the most important ZT threat prevention technologies. The 25 ZT threat prevention
technology categories we analyze in this Forrester Tech Tide™:
›› Help security pros prevent attackers from gaining access to company assets. All companies —
big or small — have critical assets to protect including customer data and differentiating intellectual
property that will cause business damage or market setback if stolen. All the technologies we’ve
included in this report help security pros create a layered prevention approach to protect critical
customer and company information. The core mission of our Zero Trust Model is to stop intrusions;
if it fails to do that, it should at least limit the business impact of the theft of any sensitive data. In
addition to prevention, our model requires security teams to dramatically improve security detection
and response with analytics and automation. A separate report will address the technologies
necessary for ZT threat detection and response.
›› Are applicable to a wide range of companies. Forrester included only technologies that can
protect organizations of various sizes, industries, and regions and that can scale to even the largest
companies with global footprints. As a result, we included technologies that protect a wide range of
assets such as encryption as well as technologies that protect specific assets such as mobile.
›› Have strong market traction or potential. Technologies in this report are in various states of
market maturity, from emergent to long established but declining. We offer our analysis of their
current state to help you track emerging markets and avoid investing in technologies with limited or
decreasing potential. We also offer insight into where technologies are merging, being subsumed
by others, or require higher process maturity to gain full benefit.
Create Your ZT Threat Prevention With A Mix Of Technologies

The central 2x2 graphic offers a summary of the state of the technology categories that comprise Zero
Trust threat prevention (see Figure 1).
© 2018 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 2
[email protected] or +1 866-367-7378
FIGURE 1 Tech Tide™: Zero Trust Threat Prevention, Q3 2018
Zero Trust Threat Prevention Technologies

Q3 2018
Cloud and virtual workload DDoS mitigation

security (CWS) Email security
Cloud security gateway (CSG) Endpoint security suite
High Encryption
business Mobile security suite
value Identity management and Network security policy
governance (IMG) management
Microsegmentation Next-generation firewall (NGFW)
Two-factor authentication (2FA) Web application firewall (WAF)
Vulnerability risk management
(VRM)
Antiphishing training and simulation Network access control (NAC)

Bot management Network intrusion prevention
Breach simulation system (IPS)
Low Web security gateway
business Browser isolation technology (BIT)
value Bug bounty program Wireless intrusion prevention
system (WIPS)
Runtime application self-protection
(RASP)
Runtime container security
Low maturity High maturity
Evaluate Business Value And Maturity For Each Zero Trust Threat Prevention Technology
We plot the categories on two dimensions:
›› Business value describes the benefits each technology provides. Forrester evaluated the
business value of each ZT threat prevention technology on its contribution to the business in three
dimensions: 1) how successful the technology will be over its lifetime; 2) how broad the prevention
use case is for each technology; and 3) ability for security pros to increasingly prevent attacks
without the burden of increasing staff.
›› Maturity describes the stage of each category’s growth. We derived each ZT threat prevention
technology’s maturity level by vetting survey respondents’ inputs such as the speed at which the
technology will mature, vendors’ current product revenue and estimated global market, and our
own knowledge of the technology.
Determine Your Zero Trust Threat Prevention Strategy Based On Tech Tide Positioning
The business value and maturity dimensions, in turn, position each category in one of four quadrants:
›› Experiment. Low maturity and low business value characterize technologies in the Experiment
zone. Most enterprises should limit their exposure to these technologies to bounded experiments,
waiting for the expected business value of these newer categories to improve before investing.
›› Invest. Low maturity and high business value characterize technologies in the Invest zone. These
new technologies have ripened to the point where enterprises can confidently invest.
›› Maintain. High maturity and high business value characterize technologies in the Maintain zone.
These are the bread-and-butter technologies that most enterprises rely on to run their business.
They’re generally stable, well-understood technologies that continue to have high returns to the
business. Most enterprises should maintain their installations and usage of these technologies.
›› Divest. High maturity and low business value characterize technologies in the Divest zone. These older
technology categories have reached a point where their business value has dropped. Most enterprises
should be looking for newer, higher-value replacements and divesting from these categories.
Invest In And Maintain Valuable ZT Threat Prevention Technologies

Once a breach happens, talk inevitably becomes an “if only” conversation about how the breach
could have been avoided if only the company had put into place one of many prevention technologies.
For example, the most basic technologies such as encryption are still the most effective at blocking
breaches. However, for ZT threat prevention technologies to gain broader adoption, features such as
usability, scalability, and automation must continually evolve. Also, the landscape that security pros
must protect is evolving to include cloud and new application types. In mapping the futures of the
technologies in the ZT threat prevention ecosystem, we found that:
›› Tried and true prevention technologies are still around but evolving. Older technologies
are evolving to stay relevant in today’s hybrid environment with web apps, mobile apps and
cloud workloads. For example, developers can implement encryption easier than ever to enable
encrypted data as default. Endpoint security suites have evolved beyond file-based malware
and can now identify and automatically contain malicious application behaviors. And traditional
appliances such as web application firewalls are moving to virtual appliances to protect cloud and
data center applications from a single control point.
›› Threat prevention technologies continue to consolidate into integrated solutions. Mobile

security, endpoint security, and next-generation firewalls (NGFWs) have evolved from point
products solving very specific security pain points to consolidating functions of several security
solutions in one multipurpose security solution. Look for Experiment and Invest ZT threat
prevention technologies such as runtime container security and bot management to follow this
same pattern over time.
›› Threat prevention often becomes a battle against scale. Security pros are faced with a problem
of scale as never before. The scale of types of attacks, sheer size of attacks, infrastructure
to protect and apply consistent prevention across and types of applications to protect are
all increasing for security pros with no end in sight. Although integrated products help create
consistency across complex infrastructures, security pros will increasingly rely on ZT threat
prevention technologies to automate discovery, response, and configuration.
Experiment With Antiphishing Training And Simulation And Others

Seven of the Zero Trust threat prevention technologies fall into the Experiment quadrant of the Tech
Tide, with low maturity and low current broad business value. We see the possibility for each tech
category to reach higher levels and larger range of business value but without a guarantee for future
success. Forrester predicts that many of these experimental ZT threat prevention technologies will be
pulled into bigger integrated solutions.
Antiphishing Training And Simulation Helps Avoid Phishing And Social Engineering Attacks
Antiphishing training and simulation is a key part of a broader threat prevention strategy that also
includes technology controls and can be useful in stemming phishing attacks and social engineering
attacks due to human error or user manipulation (see Figure 2). Antiphishing training and simulations
incorporate eLearning and simulated phrasing attacks to help create a better informed and, therefore,
more secure workforce. Antiphishing training and simulation works best when delivered as an ongoing,
engaging program, not once-a-year PowerPoint-based training.
FIGURE 2 Experiment: Antiphishing Training And Simulation
Strategy: Antiphishing training and

EXPERIMENT
simulation
MATURITY Definition
Low Antiphishing training and simulation solutions educate users to
recognize and avoid malicious emails that use social engineering to
compromise targets. The solutions employ training and testing using
BUSINESS VALUE real-world scenarios as part of an ongoing program.
Low
Maturity rationale
LIFE-CYCLE COST Many security frameworks and regulations require security
awareness training; however, historically, security teams have
struggled to develop effective programs. Modern programs regularly
inform and test users using examples from real phishing campaigns.
SAMPLE VENDORS
Cofense, Digital Defense, Business value rationale
Habitu8, IRONSCALES, Phishing is one of the most common attack vectors, often leading to
KnowBe4, MediaPRO, credential compromise and malware infection. Training alone isn’t
PhishLabs, Wombat sufficient — security pros must also use technical controls — but it is
Security (Proofpoint) effective in helping users make better security decisions.
Bot Management Solutions Must Evolve To Match Complex Attacks At Scale And Speed
Bot management solutions actively profile traffic to determine its intent and perform protection
techniques such as delaying, blocking, or rerouting traffic from bad bots or from partner company bots
(see Figure 3). As over half of internet traffic is already automated and set to rise, these solutions will
be under pressure to operate under heftier scale and speed requirements.2 Currently, bot management
capabilities come from a variety of technologies and service companies, with bot management
specialists, web application firewalls (WAFs), CDN, and advertising verification and brand safety
technologies all claiming some portion of the market.3
FIGURE 3 Experiment: Bot Management
Strategy: Bot management

EXPERIMENT
Definition
Bot management solutions determine the intent of automated traffic
MATURITY directed at an application, rejecting traffic from malicious bots and
Low managing good bots, such as the ones from partners, so as not to
affect performance for paying customers.
BUSINESS VALUE
Maturity rationale
Low Major use cases are still niche but quickly becoming mainstream
such as credential abuse, click fraud, and inventory hoarding and
LIFE-CYCLE COST scraping, especially for specific market verticals such as retail and
financial services.
Business value rationale

SAMPLE VENDORS Bots have matured significantly in recent years. The primary value of
Akamai, Distil Networks, bot management tools will rest in their ability to track and even get
DoubleVerify, Integral Ad ahead of bot trends so as to keep good customer traffic flowing.
Science, Moat, Oracle,
PerimeterX, Shape
Security, ShieldSquare,
Stealth Security, White Ops
Breach Simulation Technologies Help S&R Pros Identify Security Edge Cases
Imagine a world where you’ve checked and remediated all known vulnerabilities within your
environment and you want to identify unique edge cases that an attacker could leverage to infiltrate
your organization. Breach simulation tools continuously monitor for scenarios such as a domain admin
logging into systems, which would briefly allow an attacker to obtain their credentials from the LSASS
process, a privilege escalation that would not exist without the admin being logged into the machine
(see Figure 4). These breach vectors would be almost impossible to identify without a persistent
process waiting for the right confluence of events to make the attack possible.
FIGURE 4 Experiment: Breach Simulation
Strategy: Breach simulation

EXPERIMENT
Definition
Breach simulation technologies deploy threat actor tradecraft with
MATURITY automated workflows to assess an environment. The simulation
Low results allow the security team to identify weaknesses in an
environment that attackers can chain together and lead to a breach.
BUSINESS VALUE
Maturity rationale
Low With most enterprises experiencing at least one breach of sensitive
data in the last 12 months, security teams are eager to identify and
LIFE-CYCLE COST remediate weaknesses. However, this is a highly specialized
capability offered by a small number of vendors with low adoption.

SAMPLE VENDORS This capability has the potential to identify unique attack paths that
AttackIQ, Cymulate, security teams may not surface through traditional vulnerability and
SafeBreach, SecureAuth + configuration management processes. Unfortunately, this level of
Core Security, Stratum, audit only makes sense for mature security teams in sensitive
Threatcare, Verodin industries.
Browser Isolation Technology Protects Employees From Malware And Data Leakage
Web browsers are the norm for user application and system interfaces for employees such as
document sharing, email, and everyday application access. Security pros use browser isolation
technology (BIT) to prevent phishing sites from delivering malware to endpoints or harvesting private
information from employees who click on phishing links, by isolating and executing user web sessions
within a protected sandbox or proxy service where the phishing site is rendered harmless (see Figure
5).4 The goal with these solutions is to be as preemptive as possible and extend the perimeter all the
way out to the actual interaction of the user on the internet.
FIGURE 5 Experiment: Browser Isolation Technology
Strategy: Browser isolation technology

EXPERIMENT
Definition
BIT protects users from potentially malicious websites, emails, and
MATURITY links by isolating and intercepting the interaction before it leads to
Low any possible compromise. BIT doesn’t require endpoint software,
and it’s compatible with any device, OS, browser, or mail client.
BUSINESS VALUE
Maturity rationale
Low This technology is still in its infancy. BIT solutions typically rely on
containers to carry out isolation and other functions. Best practices
LIFE-CYCLE COST for deployment, configuration, and management of containers are
still emerging.

SAMPLE VENDORS BIT’s main benefit is its proactive approach to isolating users from
Authentic8, Light Point malicious links, attachments, and sites. It stops a user from
Security, Menlo Security, becoming the starting point of an infection or compromise, and it
Ntrepid, Symantec extends the perimeter to the most outward point of the defended
area.
Bug Bounty Programs Are Most Beneficial To Companies That Can Fix Vulnerabilities Fast
The US government has launched several very public bug bounty programs, proving increased
acceptance that bug bounty programs won’t adversely increase malicious attacks (see Figure
6).5 Additionally, these bug bounty programs can be cost effective if used as a replacement or
augmentation to application penetration services, as companies can set many vetted security
researchers loose on an application yet pay only for information about valid vulnerabilities. Companies
that will benefit from bug bounty programs are ones that are able to rapidly remediate and release fixes
to vulnerabilities.
FIGURE 6 Experiment: Bug Bounty Program
Strategy: Bug bounty program

EXPERIMENT
Definition
Bug bounty programs facilitate application security testing by vetted
MATURITY security researchers.
Low
Maturity rationale
Adoption is growing primarily among companies with high
BUSINESS VALUE
application security maturity and those organizations that have
Low culturally accepted the idea of setting researchers loose on their
apps. As bug bounty programs gain popularity, they will reduce the
LIFE-CYCLE COST need for penetration tools and testing services.

These programs detail vulnerabilities for apps in production. Once
SAMPLE VENDORS found, the firm is responsible for remediation, augmenting prerelease
Bounty Factory, Bugcrowd security testing, and educating developers to avoid such mistakes.
Security Solutions, For mature security teams, these programs help find corner case
Bugwolf, HackerOne, vulnerabilities.
Sobug, Synack, Zerocopter
Runtime Application Self-Protection Can Only Protect A Narrow Set Of Applications
RASP solutions defend against security threats and unsafe responses in the production environment
(see Figure 7). Unlike WAFs, which need to observe traffic to whitelist expected application behavior,
RASP tools can “see” the code and don’t require such training. However, depending on how the RASP
tool is instrumented into the application, applicability may be limited to applications written in certain
languages (e.g., Java or .NET). RASP solutions are finding a sweet spot with applications that qualify
for the supported languages, are not extremely performance sensitive, have long release cycles, and
are too costly to remediate.
FIGURE 7 Experiment: Runtime Application Self-Protection
Strategy: Runtime application

EXPERIMENT
self-protection
MATURITY Definition
Low RASP solutions, usually in the form of an agent installed on web
servers, protect against attacks on code vulnerabilities and
weaknesses in the production environment.
BUSINESS VALUE
Low Maturity rationale
RASP growth is fueled by companies looking to protect their web
applications without a web application firewall (WAF) tool and by
LIFE-CYCLE COST
those looking to protect code that they cannot actively secure
prerelease.
SAMPLE VENDORS Business value rationale

Avocado Systems, CA Current RASP solutions have limited applicability based on the
Veracode, Contrast coding languages and/or infrastructure they support (e.g., .NET or
Security, Micro Focus, Java). Also, many security teams will continue to require a WAF to
Prevoty, Signal Sciences, prevent malicious attacks from causing performance issues on the
tCell, Waratek app web server or for PCI DSS compliance. The business value of
RASP is predominantly for applications that are not performance
sensitive or as part of a layered threat protection approach.
Runtime Container Security Technologies Are Varied To Secure Entire Container Ecosystem
Developers are using containers en masse to support Agile methodologies; 29% of developers who
develop software for cloud computing environments indicated that they deployed on or with compute
containers on a regular basis in 2017.6 But without the proper controls, developers can knowingly or
unknowingly allow uncontrolled access to running containers. Security pros will have to stitch together
a complete solution themselves, as the market is immature and many vendors only secure part of
the overall container ecosystem such as host OS providers, container and orchestrations platform
providers, PaaS providers, and runtime container security specialists (see Figure 8).7
FIGURE 8 Experiment: Runtime Container Security
Strategy: Runtime container security

EXPERIMENT
Definition
Runtime container security solutions protect containers in the
MATURITY production environment and focus on the ability to defend containers
Low against violations, threats, and vulnerabilities.
Maturity rationale
BUSINESS VALUE
As containers become more common, runtime protection tools will
Low evolve to cover them more completely. Meanwhile, leading container
and orchestration platform providers, along with cloud workload and
LIFE-CYCLE COST host OS providers, will begin to provide security measures natively.

Developers will be the biggest beneficiaries of container
SAMPLE VENDORS technologies, which allow them to develop isolated code quickly and
Aqua Security, independently. The value security pros get from container security
CloudPassage, Deepfence, tools will largely depend on the container adoption by their
Docker, Illumio, development teams.
Kubernetes, NeuVector,
Pivotal Software, Red Hat,
StackRox, Tenable, Trend
Micro, Twistlock
Invest In Cloud And Virtual Workload Security And Others

Seven of the Zero Trust threat prevention technologies fall into the Invest quadrant of the Tech Tide,
with low maturity and high current business value. When evaluating technologies in this category, keep
in mind that they offer value now often by innovating threat protection for security pros but should have
aggressive road maps to increase usability and/or broader applicability.
Cloud And Virtual Workload Security Protects The Unique Qualities Of Cloud Workloads
Cloud adoption is widespread, and it demands that security pros use cloud and virtual workload
security (CWS) technologies to secure workload execution in IaaS and PaaS environments (see Figure
9). These workloads present unique challenges due to their release speed, increasing number, and
ephemeral nature, and they require specialized CWS technologies to properly control and monitor
them. Because CWS technologies are cloud-based themselves, security pros should expect not only
on-premises legacy but also cloud-based pricing and deployment.8
FIGURE 9 Invest: Cloud And Virtual Workload Security
Strategy: Cloud and virtual workload

INVEST
security
MATURITY Definition
Low CWS solutions provide automated and layered controls to secure the
configurations, network, applications, and storage of hybrid cloud
hypervisors and workloads. These solutions are designed specifically
BUSINESS VALUE to handle the scale, speed, and ephemeral nature of cloud workloads.
High
Maturity rationale
LIFE-CYCLE COST With enterprises increasingly adopting private, public, and hybrid
cloud, security is scrambling to protect cloud workloads in these
environments. However, CWS solutions are far from being able to
cover the entire spectrum of functionality required to completely
SAMPLE VENDORS protect them.
Alert Logic, Armor, AWS,
Bitdefender, CloudCheckr, Business value rationale
Cloud Conformity, CWS has the potential of creating centralized visibility, asset
CloudPassage, Dome9, management, and control of all workloads for compliance and security
Illumio, PAN, RedLock, purposes. However, to enable this functionality, enterprises must first
Symantec, Threat Stack, have strong processes for automated creation and configuration of
Trend Micro workloads to bake in CWS agent install and configuration.
Cloud Security Gateways Protect Data And Monitor Activity Of Data In The Cloud
Security pros use cloud security gateways (CSGs) to control user traffic and data to and between a
cloud service as well as report the usage to auditors and other stakeholders (see Figure 10). CSGs
help security pros ensure that proper security and compliance controls are in place and enforced.
CSG capabilities can range from DLP and monitoring to encryption and tokenization to anomalous
behavior detection.9
FIGURE 10 Invest: Cloud Security Gateway
Strategy: Cloud security gateway

INVEST
Definition
Cloud security gateways provide security teams with visibility into
MATURITY how data moves to and from cloud services. Additionally, they offer
Low the ability to enforce policy regarding cloud usage by proxying the
traffic so that policy such as access control rules or encryption can
be applied to the traffic or the data.
BUSINESS VALUE
High Maturity rationale
Cloud adoption is inevitable. To protect data in the cloud and reduce
LIFE-CYCLE COST risk, security pros need solutions to help them discover cloud usage,
encrypt data, provide insight into user behavior and access, and so
on. Many cloud security gateways now combine these key
capabilities into a single offering.
SAMPLE VENDORS
Bitglass, CipherCloud, Business value rationale
Cisco Systems, Forcepoint, Cloud services reduce operational and investment costs and
McAfee, Microsoft, increase business agility. Cloud security gateways can help
Netskope, Oracle, organizations to embrace cloud deployments securely through
Proofpoint, Symantec increased control over their data and reduced risk.
Encryption Evolves To Protect Data By Default
To prevent data misuse and monetization in the case of data theft and to protect privacy, security
pros must employ encryption for data at rest, in transit, and in use (see Figure 11). There is a variety
of dedicated encryption offerings targeting different data types on the market today from application-
level encryption for encrypting data in use, big data encryption for traditional relational databases with
distributed data stores, to email, file-level and full-disk encryption.10 Pair data encryption efforts with
clarity about the data types you seek to protect and least privilege access to data.
FIGURE 11 Invest: Encryption
Strategy: Encryption
INVEST
Definition
Encryption is a cryptographic obfuscation operation that protects the
MATURITY data itself by rendering it unreadable to unauthorized parties via use
Low of a secret key. A wide variety of solutions leverage encryption to
secure data at rest, data in transit, and data in use. Authentication
schemes allow access to the data via decryption.
BUSINESS VALUE
Encryption itself is one of the oldest implementations of data
LIFE-CYCLE COST security. However, new and emerging features like format-preserving
encryption and advances in secure processing allow organizations to
encrypt sensitive data by default.

Baffle, Cyxtera, Dell (EMC), Encryption is one of the most effective implementations of data
Entrust Datacard, Enveil, security. Obfuscating data through encryption means rendering the
Gemalto, IBM, IONIC data unreadable and thus useless to would-be cybercriminals.
Security, McAfee, Micro Security pros must reinvest in encryption as a basic but powerful part
Focus, Symantec, Thales, of a layered security approach.
Trend Micro, Vaultize,
Virtru, Zix
Identity Management And Governance Aids Compliance With Regulation Identity Controls
Manual processes for user account provisioning and deprovisioning increase identity-related risks
and administrative overhead, as well as the potential for compliance and audit issues because such
processes lead to inconsistent enforcement as well as users with excessive privileges (see Figure
12). Identity management and governance (IMG) solutions help address these problems by providing
centralized and automated processes to govern the entire identity life cycle, thus helping to reduce
risks and enable easier adherence to regulation-dictated identity controls.11
FIGURE 12 Invest: Identity Management And Governance
Strategy: Identity management and

INVEST
governance
MATURITY Definition
Low IMG solutions provide user account provisioning/deprovisioning,
enterprise job role management, access governance, ID
administration self-service, separation of duties (SoD) remediation,
BUSINESS VALUE access request management, and compliance and audit support.
High
Maturity rationale
LIFE-CYCLE COST IMG technologies are mature and have been around for more than 15
years. Workflows, cloud support, reporting, and dashboarding have
improved tremendously in the past 24 months.

CA Technologies, IBM, Limiting and strictly enforcing access controls is one of the core
Micro Focus, One Identity, principles of Zero Trust. By limiting access to sensitive data and
Oracle, RSA, SailPoint, SAP, apps, security teams can prevent or limit the damage of breaches
Saviynt, SecureAuth + Core and incidents. Automating IMG processes usually offers at least 30%
Security to 40% reduction in labor and compliance costs, which security pros
will have to weigh against the life-cycle cost of these solutions.
Microsegmentation Improves Network Security Through Granular Attack Resistance
Security pros use microsegmentation technologies to limit the ability of malicious attackers to move
across data centers and cloud deployments (see Figure 13). Security pros use microsegmentation
technologies to create secure zones in hybrid environments down to the workload level without
requiring a hardware appliance. Security pros can set security policies based on virtual network, virtual
machine (VM), operating system (OS), or other virtual security targets. In theory, any tool or technology
that enables your team more granular controls could fit this definition, but Forrester recommends using
tools aimed at enabling virtualization and network control simultaneously.
FIGURE 13 Invest: Microsegmentation
Strategy: Microsegmentation
INVEST
Definition
Microsegmentation solutions use software to subdivide networks into
MATURITY secure enclaves or perimeters where security teams can apply
Low granular security policies to the workloads and data itself.
Maturity rationale
BUSINESS VALUE
Microsegmentation approaches vary by vendor, so there are few
High industrywide best practices. And while many vendor solutions assist
with data flow mapping and visualization, security teams still need to
LIFE-CYCLE COST have a deep understanding of their workloads and data to define the
appropriate segments and granular policies.

SAMPLE VENDORS Microsegmentation allows security teams to apply the right level of
Akamai Technologies, protection to a given workload or workloads based on sensitivity and
Certes Networks, Cyxtera, value to the business. It prevents attacker lateral movement and
Edgewise Networks, limits the potential impact of a breach to only the compromised
Illumio, Safe-T, ShieldX segment. For security teams supporting hybrid environments, it’s an
Networks, Unisys, vArmour, important step toward a more data- and identity-centric model of
VMware, Zentera, Zscaler security.
Two-Factor Authentication Remedies Breakable Passwords
As passwords become easier and easier to undermine, security pros increasingly depend on two-factor
authentication (2FA) solutions for user authentication (see Figure 14). These 2FA solutions offer a what-
you-are (biometric), what-you-do (behavioral biometric), or what-you-have (token) factor, in addition,
typically, to the what-you-know (password or PIN code) single-factor authentication method.12
FIGURE 14 Invest: Two-Factor Authentication
Strategy: Two-factor authentication

INVEST
Definition
2FA solutions provide physical biometrics such as finger, face, and
MATURITY voice, behavioral biometrics, software and hardware tokens, push
Low notifications, one-time passwords (OTPs), and certificate-based
authentication.
BUSINESS VALUE
Maturity rationale
High Improvements in accuracy, Apple iPhone X facial biometric support,
and the quickly maturing FIDO specifications make 2FA a mature,
LIFE-CYCLE COST albeit fragmented, market.

2FA provides significantly stronger protection than passwords. Firms
SAMPLE VENDORS use 2FA to protect critical data and applications, prevent data
Duo, Entrust, Microsoft, breaches, and ensure audit compliance.
OneSpan (Vasco), RSA,
SecureAuth + Core
Security, Symantec,
Thales/Gemalto
Vulnerability Risk Management Prioritizes The Myriad Of Vulnerabilities
Forty-one percent of network security decision makers whose firm experienced an external security
breach in the past 12 months indicated that the attacker exploited a software vulnerability.13 To properly
manage the flood of vulnerabilities in applications, traditional vulnerability scanning technologies are
giving way to vulnerability risk management (VRM) technologies that can present security pros with a
risk-based prioritized view of vulnerabilities making it easier to focus remediation efforts (see Figure
15). Security pros make use of VRM threat modeling to not only inform patch prioritization but also get
a sense of patch urgency.14
FIGURE 15 Invest: Vulnerability Risk Management
Strategy: Vulnerability risk management

INVEST
Definition
VRM enables organizations to combine vulnerability data with
MATURITY information about their environments to construct a risk assessment
Low of their operational footprint and prioritize patching. This is a critical
component of any vulnerability management process and is
replacing traditional processes.
BUSINESS VALUE
VRM was initially introduced to the market as a supplementary tool
LIFE-CYCLE COST to ingest data from traditional vulnerability management (VM)
vendors and assist in prioritization. The traditional VM vendors have
now caught up with and, in many instances, surpassed these initial
forays into the space.
SAMPLE VENDORS
Beyond Security, Business value rationale
BeyondTrust, Digital VRM helps organizations assess, prioritize, and communicate
Defense, IBM, Kenna vulnerability risk and operational effectiveness. Given that software
Security, NopSec, Qualys, exploits were the No. 1 method of external attack in 2017, this is a
Rapid7, Skybox Security, critical capability that will be as ubiquitous as traditional vulnerability
Symantec, Tenable, management within the next three years.
Tripwire
Maintain DDoS Mitigation, Email Security, And Others

Seven Zero Trust threat prevention technologies fall into the Maintain quadrant of the Tech Tide, with
high maturity and high current business value. These technologies continue to evolve to make usage
easier, respond to threats quicker, and provide business value. When evaluating technologies in this
category, keep in mind that they offer value now, review other options first especially in the Invest or
Experiment quadrants, and invest when there is a clear threat prevention gap.
DDoS Mitigation Solutions Gear Up For Greater Threats In Scale
Malicious attackers use DDoS attacks as a method of resource exhaustion to adversely affect
performance and availability of critical assets, services, and applications (see Figure 16). DDoS mitigation
solutions, delivered as cloud-based services or on-premises products, drop the bad traffic before it
affects end user experience.15 DDoS attacks are growing. For example, GitHub recently survived a
1.35-terabits-per-second DDoS attack, and the biggest one ever recorded clocked in shortly thereafter at
1.7 tbps of traffic.16 To protect against these disruptive attacks, DDoS mitigation solutions must evolve to
prevent specific attack types, use various mitigation techniques, and scale the attack response.
FIGURE 16 Maintain: DDoS Mitigation
Strategy: DDoS mitigation

MAINTAIN
Definition
DDoS mitigation solutions reduce or eliminate the impact of DDoS
MATURITY attacks, ensuring availability of critical services and applications.
High These solutions can also mitigate application-level and domain name
system (DNS) DDoS attacks.
BUSINESS VALUE
Maturity rationale
High Although many DDoS mitigation solutions have been in the market for
some time, the market size has been small until recently. Numerous
LIFE-CYCLE COST vendors have entered the space, many delivering DDoS protection as
a complementary capability in a larger product or service portfolio.

SAMPLE VENDORS In the event of a DDoS attack, the business value is high, particularly
A10 Networks, Akamai, for industries that rely on a significant revenue from eCommerce
NETSCOUT Arbor, and/or online transactions. These solutions ensure that customer-
CenturyLink, Cloudflare, facing sites and applications maintain high resiliency, protecting not
Corero, F5, Fastly, Fortinet, only the brand but also revenue-generating transactions.
Huawei, Imperva, Neustar,
Nexusguard, Radware,
VeriSign
Email Security Increasingly Relies On Cloud Deployments To Protect Against Email Threats
As companies migrate from self-managed, on-premises Exchange to cloud email solutions such as
Office 365 and Gmail, email filtering of unwanted and/or malicious inbound content and outbound
leaks of sensitive data is also moving to the cloud (see Figure 17). Security pros use email security
technologies to prevent email-borne malware, spam, phishing attacks, and email fraud. Email fraud
alone continues to plague companies: Between October 2013 and December 2016, US businesses
experienced more than $5 billion in losses due to business email compromise, in which an attacker
tricks an employee into initiating a fraudulent wire transfer.17
FIGURE 17 Maintain: Email Security
Strategy: Email security

MAINTAIN
Definition
Email security technology monitors inbound and outbound email
MATURITY traffic for spam, phishing, viruses, worms, trojans, and other malware.
High Features include antispam, antiphishing, antimalware, data leak
prevention (DLP), and encryption techniques.
BUSINESS VALUE
Maturity rationale
High New abilities to detect and prevent phishing attacks drives security
pros to replace vendors. For example, on-premises gateways are
LIFE-CYCLE COST being disrupted by the migration to Office 365 and Google Apps,
which eliminates the need for on-premises hardware and favors cloud
deployments.

BAE, Barracuda, Cisco, Email security technologies can filter out unwanted and/or malicious
Clearswift, Forcepoint, inbound content without burdening internal infrastructure. This leads
Fortinet, Microsoft, to direct cost savings and operational efficiencies and helps to
Mimecast, Proofpoint, protect the organization from phishing attacks. These solutions also
Retarus, SonicWALL, monitor outbound email traffic to thwart data loss and to encrypt
Sophos, Symantec, Trend sensitive data.
Micro, Trustwave, Zix
Endpoint Security Suites Serve As A Frontline Defense For Employee Devices And Servers
Attackers target endpoints such as employee devices and servers through attack campaigns that can
include file and fileless malware, software exploits, and social engineering of employees themselves.
Therefore, at a minimum, modern endpoint security suites must provide antimalware, application integrity
protection, endpoint visibility and control, and user behavior monitoring and analytics (see Figure 18).
Endpoint security suite responses to identified threats are generally automatic and can involve actions
such as file rollback, registry restoration, behavioral blocking, and process isolation/blocking.18
FIGURE 18 Maintain: Endpoint Security Suite
Strategy: Endpoint security suite

MAINTAIN
Definition
Endpoint security suites offer consolidated malware and exploit
MATURITY prevention, detection, and remediation. Integrated capabilities often
High include antimalware, application integrity protection, application
control, native OS security tool management, and behavioral
detection.
BUSINESS VALUE
Endpoint security suites are preferred over individual endpoint
LIFE-CYCLE COST protection point products by most enterprise buyers. Forrester
expects this trend will continue as suite vendors evolve into
automated threat prevention and detection platforms.

Carbon Black, Check Point, Consolidation will only create more-effective suites such as the ability
CrowdStrike, Cylance, Dell, to automatically identify malicious user and application behavior and
ESET, IBM, Kaspersky contain it without the involvement of skilled security analysts. Security
Labs, McAfee, Palo Alto pros should therefore prioritize vendors offering integrated threat
Networks, SentinelOne, prevention, detection, and response technologies.
Sophos, Symantec, Trend
Micro
Mobile Security Suites Combine Device, Data, And App Security For Your Mobile Workforce
Sixty-eight percent of enterprise telecommunications decision makers that Forrester surveyed cited
improving the experience of their employees as a critical or high priority for the coming 12 months.19
But to make this experience secure, security pros must defend against mobile threats such as
employees with jailbroken devices, vulnerable software, or sensitive data that might be traveling
through unencrypted channels. Mobile security suites are making this easier than ever by combining
the ability to protect mobile devices, data, and apps (see Figure 19).20
FIGURE 19 Maintain: Mobile Security Suite
Strategy: Mobile security suite

MAINTAIN
Definition
Mobile security suites provide comprehensive protection over an
MATURITY enterprise’s mobile devices, data, and installed apps. Depending on
High the vendor and its level of focus on device management, mobile
security suites may be delivered as part of an enterprise mobility
management (EMM) or unified endpoint management (UEM) suite,
BUSINESS VALUE
but often these management-focused products only cover basic
High security features or a limited area of the security stack.
LIFE-CYCLE COST Maturity rationale

To ensure that employees are as productive as possible, enterprises
want to support mobile device usage, but they also need to ensure
that this usage is secure. Security pros must continue to protect
SAMPLE VENDORS against malicious apps, mobile ransomware, and other tools that
Bitdefender, BlackBerry, carry out attacks against your employees’ mobile devices.
Check Point, Cisco, Citrix,
Dell, ESET, FireEye, Business value rationale
Microsoft, MobileIron, These suites help enforce compliance with corporate policies,
Sophos, Symantec, Trend increase visibility over mobile threats, and ensure a safe mobile
Micro, VMware Workspace working environment while also trying to fulfill expectations that
ONE security is seamless.
Network Security Policy Management Enables Consistent Hybrid Network Controls
Network security policy management tools automate and optimize network security controls needed to
support ever changing business requirements and are necessary to any Zero Trust infrastructure (see
Figure 20).21 For firms with hybrid environments, security pros use network security policy management
to create consistent controls across on-premises and cloud environments while decreasing the cost to
manage them. Often, network security policy management tools offer reports to assist with audit and
compliance and discovery tools to help map network connectivity.
FIGURE 20 Maintain: Network Security Policy Management
Strategy: Network security policy

MAINTAIN
management
MATURITY Definition
High Network security policy management solutions automate network
device configuration tasks, such as finding unused rules and objects,
optimizing the rule base to increase device performance, and
BUSINESS VALUE implementing change requests appropriately and quickly.
High
Maturity rationale
LIFE-CYCLE COST For large, complex heterogenous network environments in heavily
regulated industries or industries with a low tolerance for risk, these
tools have become commonplace, and vendors continue to add
value-added features.
SAMPLE VENDORS
AlgoSec, FireMon, RedSeal, Business value rationale
Skybox Security, Tufin These tools are important in a dynamic network environment because
security pros continually add new rules to support business
processes. Network device configurations are generally filled with old,
unnecessary, and sometimes conflicting rules that only impede
device performance and provide attackers with potential avenues for
attack.
Next-Generation Firewall Is A Must-Have Tech For Any Company Embracing Zero Trust
Security pros use next-generation firewalls (NGFWs) to create and enforce network segmentation
to create microperimeters or network segments, apply granular security controls, and even contain
attacks (see Figure 21). NGFW combines multiple controls into a single solution and, as a result, makes
security management more efficient. In many cases, because of this collapsing of various controls,
NGFW technology replaces standalone firewalls and intrusion protection systems. NGFWs can
inspect the entire packet all the way through Layer 7, which is useful in blocking malware attacks from
travelling across your network.22
FIGURE 21 Maintain: Next-Generation Firewall
Strategy: Next-generation firewall

MAINTAIN
Definition
NGFWs are multipurpose security appliances that replace standalone
MATURITY appliances for firewalls (FWs), IPS, and other security controls. There
High will still be a small market for standalone FWs and IPS. NGFWs have
also become a popular hardware-based approach to create
microperimeters in Zero Trust network architecture design.
BUSINESS VALUE
The ready availability of dense multicore CPU appliance architectures
LIFE-CYCLE COST and the rise of low-cost merchant silicon to meet specialized
processing demands (such as SSL offloading and inspection) means
that hardware now has the horsepower to put best-of-breed firewall
and IPS functionality on the same box.
SAMPLE VENDORS
Barracuda Networks, Business value rationale
Check Point, Cisco NGFWs combine core security technologies such as firewalls and
Systems, Forcepoint, IPS, together with other security functionality, into a single appliance.
Fortinet, Palo Alto This greatly simplifies network architecture and management and
Networks, SonicWALL reduces costs because you have fewer security appliances to
manage.
Web Application Firewalls Adapt To Protect Apps No Matter Where They Are Deployed
WAFs continue their role of thwarting malicious Layer 7 traffic (see Figure 22). Bolstered by the PCI
DSS compliance requirement, WAFs have remained a threat prevention staple and have even evolved
to protect against new threats, such as malicious bots. New deployment flexibility means that a single
WAF vendor can protect on-premises and cloud apps through deployment options such as appliance,
virtual appliance, and CDN. However, because WAFs can only observe Layer 7 network traffic and
react by creating rules, their main strength will remain in their ability to protect applications from
unwanted traffic rather than from sophisticated attacks better handled by RASPs.23
FIGURE 22 Maintain: Web Application Firewall
Strategy: Web application firewall

MAINTAIN
Definition
WAF examines input to and responses from web applications to
MATURITY detect and block exploits or attack attempts, and to enforce security
High policies based on attack signatures, protocol standards, and anomaly
detection. Many WAFs provide protection against basic bots, DDoS
Layer 7 attacks, and data leakage.
BUSINESS VALUE
PCI requirements spurred WAF adoption beginning in 2006. However,
LIFE-CYCLE COST these first WAFs were expensive to maintain, requiring staff to
constantly tune rules to provide optimal protection. With the advent of
machine learning, WAFs are now able to suggest and even create
new rules. Pressure from RASPs will decrease the market reach of
SAMPLE VENDORS WAFs, but they will remain viable for companies that need to comply
Akamai Technologies, AWS, with PCI and those with apps sensitive to performance degradation.
Barracuda Networks, Citrix,
Cloudflare, F5, Fastly, Business value rationale
Imperva (Incapsula), Positive The business value of WAFs will remain primarily to satisfy
Technologies, Radware, compliance requirements, provide layered application protection
Rohde & Schwarz strategies, and protect against zero-day vulnerabilities.
Cybersecurity, Trustwave
Divest From Network Threat Protection That Is Offered Elsewhere

Four of the Zero Trust threat prevention technologies fall into the Divest quadrant of the Tech Tide, with
high maturity and low current business value. When evaluating technologies in this category, keep in
mind that they have already reached their business value ceiling, review alternatives first, and invest
only if there is a critical threat prevention need.
Network Access Control Continues To Decline As Data- And Role-Centric Solutions Prevail
Few firms have noted success with network access control (NAC). In the past, NAC found a
niche in enterprises looking to secure guest access but has struggled to find broad adoption, as
implementation is complex to deploy and requires integration with network infrastructure. NAC is
finding a new niche with network security pros and for IoT use cases. Security pros instead should
favor data- and role-based access control in the form of next-generation access (NGA) rather than
device control at the network layer (see Figure 23). Examples of NGA vendors are Centrify, iWelcome,
Microsoft (Office 365), Okta, Ping Identity, and, in some cases, Duo and ForeScout.24
FIGURE 23 Divest: Network Access Control
Strategy: Network access control

DIVEST
Definition
NAC solutions provide pre- and post-admission control to assess
MATURITY device state to IT policy, automated remediation to update out-of-
High compliance devices, multiple enforcement options, dedicated access
management for third parties and customers, and rogue device
detection to identify unsanctioned devices.
BUSINESS VALUE
NAC solutions have been around for years, but overall adoption
LIFE-CYCLE COST remains low. There are several reasons. Solutions are complex to
deploy, scale, and manage. There are several NAC architectures, and
most require integration with network infrastructure components.

Bradford Networks, Cisco NAC functionality has a place in highly regulated industries that need
Systems, Extreme to provide guest network access for contractors, suppliers, and even
Networks, ForeScout, HPE customers and also as a means to facilitate employee BYOD
(Aruba), Pulse Secure initiatives. Interest in NAC has also risen as a means to provide
network segmentation in IoT and OT environments. The decision
maker and buyer for NAC has shifted from security to networking
teams. For these teams, NAC will have a higher business value.
Network Intrusion Prevention System Technologies Surrender To NGFWs
In the past, security pros placed network intrusion prevention systems (IPS) inline of network traffic to
inspect the traffic and mitigate threats. IPS was also often used to help fulfill PCI DSS requirements
that mandate this capability. However, NGFWs include this functionality and are well placed to overtake
the IPS market (see Figure 24). Unless your team can’t migrate away from these outdated tools and
technologies, you should seek to remove them from being piecemeal solutions that aren’t part of the
broader technically integrated network and endpoint security platforms that are currently available.
FIGURE 24 Divest: Network Intrusion Prevention System
Strategy: Network intrusion prevention

DIVEST
system
MATURITY Definition
High A network intrusion prevention system (IPS) device monitors network
and/or system activities for malicious or unwanted behavior and can
react in real time to block or prevent those activities.
BUSINESS VALUE
The intersection of NGFWs with traditional IPS solutions has created
LIFE-CYCLE COST a more integrated multifunction gateway in which firewall and
intrusion prevention are just two of many other features. The
standalone IPS is in decline as NGFWs continue to overtake it.

Check Point, Cisco IPS functionality, inspecting the entire network packet, looking for
Systems, Fortinet, IBM, malicious traffic that is often invisible to Layer 3 firewalls, is still
Juniper Networks, McAfee, important; however, security teams see it as functionality that
Palo Alto Networks, complements other network-based security controls in an integrated
Radware, SonicWALL, gateway.
Trend Micro
Web Security Gateways Yield To Cloud Security Gateways As Apps Move To The Cloud
Security pros use standalone web security gateways to enforce acceptable use policies, defend
against content-borne threats, manage HTTP bandwidth, and prevent data leaks. However, as more
and more applications move to the cloud, security pros will favor filtering the data in integrated
products that are cloud native, such as cloud security gateways and even NGFWs, rather than
standalone appliances (see Figure 25). As your team builds out its Zero Trust planning and journey,
insure that you evaluate all NGFW and cloud security gateways with a focus on their ability to integrate
without your Zero Trust strategy.
FIGURE 25 Divest: Web Security Gateway
Strategy: Web security gateway

DIVEST
Definition
A web security gateway provides management of URL filtering,
MATURITY antimalware, internet application control, DLP, and bandwidth.
High
Maturity rationale
The standalone market for web security gateways is in transition.
BUSINESS VALUE
Traditional web security vendors have invested significantly in SaaS
Low services as well as hybrid solutions. In addition, vendors are
increasingly embedding the functionality in next-generation firewalls
LIFE-CYCLE COST and in cloud security gateways. In the near future, Forrester does not
expect security teams will invest in web security gateways as
standalone solutions. There will also be some market cannibalization
from solutions such as browser isolation technology.
SAMPLE VENDORS
Barracuda Networks, Cisco Business value rationale
Systems, Forcepoint, Web content filtering can provide protection from threats embedded
McAfee, Microsoft, in websites visited by corporate employees. Additionally, web
Symantec, Trend Micro, content filtering is used to enforce acceptable use policies in many
Trustwave, Zscaler organizations and offers value to other departments such as legal
and human resources.
Wireless Intrusion Prevention System Loses Traction In Favor Of Software Tools
Malicious attackers try to enter the wireless network to then gain access into the rest of an internal
enterprise network. Wireless intrusion prevention system (WIPS) technology is many years old, and
many wireless infrastructure systems already include this functionality, causing WIPS to fall into
decline. However, PCI DSS still mandates wireless scanning, and this will be the main driver for
continued adoption, regardless of necessity or functionality. For those firms that don’t require PCI
DSS certification, look to implement microsegmentation in combination with network security policy
management tools to help prevent threats that try to enter from wireless networks (see Figure 26).
FIGURE 26 Divest: Wireless Intrusion Prevention System
Strategy: Wireless intrusion prevention

DIVEST
system
MATURITY Definition
High A WIPS proactively prevents wireless attacks and discovers rogue
access points. WIPS solutions will automatically scan the air for
malicious traffic and rogue devices, substantially mitigating the risk of
BUSINESS VALUE wireless attacks.
Low
Maturity rationale
LIFE-CYCLE COST WIPS has become embedded into most wireless infrastructure
systems. Expect this technology to stall until wireless hackers devise
some new ways of exploiting wireless networks.

Cisco Systems, Extricom, As attack vectors evolve, more cybercriminals target wireless
Fluke Networks, Fortinet, networks that are not properly protected. A WIPS provides business
HPE (Aruba Networks, value two ways: by reducing the cost of the PCI compliance and by
ProCurve), Juniper reducing the risk for wireless.
Networks, Mojo Networks,
Motorola
Engage With An Analyst

Gain greater confidence in your decisions by working with Forrester thought leaders to apply
our research to your specific business and technology initiatives.
Analyst Inquiry Analyst Advisory Webinar
To help you put research Translate research into Join our online sessions
into practice, connect action by working with on the latest research
with an analyst to discuss an analyst on a specific affecting your business.
your questions in a engagement in the form Each call includes analyst
30-minute phone session of custom strategy Q&A and slides and is
— or opt for a response sessions, workshops, available on-demand.
via email. or speeches.
Learn more.
Learn more. Learn more.
Forrester’s research apps for iOS and Android.

Stay ahead of your competition no matter where you are.
Supplemental Material
Survey Methodology
The Forrester Analytics Global Business Technographics® Developer Survey, 2018, was fielded in
March and April 2018. This online survey included 3,228 respondents in Australia, Canada, China,
France, Germany, India, the UK, and the US. Forrester Analytics Business Technographics ensures that
the final survey population contains only those with significant involvement in the planning, funding,
and purchasing of business and technology products and services.
The Forrester Analytics Global Business Technographics Mobility Survey, 2017 was fielded between
March and May 2017. This online survey included 3,378 respondents in Australia, Brazil, Canada, China,
France, Germany, India, New Zealand, the UK, and the US from companies with two or more employees.
The Forrester Analytics Global Business Technographics Security Survey, 2017 was fielded between
May and June 2017. This online survey included 3,752 respondents in Australia, Brazil, Canada, China,
France, Germany, India, New Zealand, the UK, and the US from companies with two or more employees.
Forrester Analytics Business Technographics ensures that the final survey population contains only
those with significant involvement in the planning, funding, and purchasing of business and technology
products and services. Research Now fielded this survey on behalf of Forrester. Survey respondent
incentives include points redeemable for gift certificates.
Please note that the brand questions included in this survey should not be used to measure market
share. The purpose of Forrester Analytics Business Technographics brand questions is to show usage
of a brand by a specific target audience at one point in time.
Companies Interviewed For This Report
We would like to thank the individuals from the following companies who generously gave their time
during the research for this report.
Akamai Technologies Landrian Networks
Arbor Networks Lastline
BAE Systems Mimecast
Bitdefender Netfort
CA Veracode Neustar
Cisco Systems Phantom Cyber
Citrix Q6 Cyber
Cylance Rapid7
Cyxtera Retarus
Digital Shadows RSA
Farsight Security SafeBreach
FireMon SonicWALL
Forcepoint Splunk
Fortinet SS8 Networks
Huntsman Security Stratum Security
IBM Symantec
Illumio Tanium
Interset Tenable
Juniper Networks Trend Micro
Tripwire VMware
Unisys
Endnotes
For more information on how to calculate the cost of a breach, see the Forrester report “Calculate The Business
1
Impact And Cost Of A Breach.”
It pays to plan. Make sure your breach response plan is in place, as it’s no longer a question of “if” but “when.” See
the Forrester report “Planning For Failure: How To Survive A Breach,” see the Forrester report “The Forrester Wave™:
Digital Forensics And Incident Response Service Providers, Q3 2017,” and see the Forrester report “The Forrester
Wave™: Customer Data Breach Notification And Response Services, Q4 2017.”
Source: Adrienne LaFrance, “The Internet Is Mostly Bots,” The Atlantic, January 31, 2017 (https://www.theatlantic.
2
com/technology/archive/2017/01/bots-bots-bots/515043/).
For more information about which industries are bracing for bots, see the Forrester report “The State Of Application
3
Security, 2018.”
For more information about BIT technologies, see the Forrester report “Protect Your Digital Workforce With Browser
4
Isolation Technology (BIT).”
Source: Lindsey O’Donnell, “U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program,” Threatpost, April 2,
5
2018 (https://threatpost.com/u-s-dod-hopes-to-stamp-out-threats-with-bug-bounty-program/130908/).
When we asked 1,637 global developers who developed software for a cloud computing environment which public
6
cloud-based services they or their team deployed on or with on a regular basis, 33% said that this was true for
compute containers. Source: Forrester Analytics Global Business Technographics Developer Survey, 2018.
For more information on how to create a holistic container security solution, see the Forrester report “Ten Basic Steps
7
To Secure Software Containers.”
For more information about vendors in the CWS space, see the Forrester report “Vendor Landscape: Cloud Workload
8
Security Solutions, Q3 2017.”
For more information about vendors in the CSG space, see the Forrester report “The Forrester Wave™: Cloud Security
9
Gateways, Q4 2016.”
10
For more information on different types and uses of encryption, see the Forrester report “TechRadar™: Data Security
And Privacy, Q4 2017.”
11
For more information on how to understand the gaps and potential security vulnerabilities related to identity
management, see the Forrester report “The Forrester Identity Management And Governance Maturity Model.”
12
For more information about how to make use of behavioral biometrics to boost web and mobile app protection, see
the Forrester report “Best Practices: Behavioral Biometrics.”
13
When we asked 404 global network security decision makers whose firms had an external security breach in the
past 12 months how the external attack was carried out, 41% said that it was a software vulnerability or exploit; 38%
said that it was a web application via means such as SQL injection, cross-site scripting, or remote file inclusion. Note
that respondents were permitted to select multiple responses, so the total of the 12 categories we asked about far
exceeded 100%. Source: Forrester Analytics Global Business Technographics Security Survey, 2017.
14
For more information on VRM technologies, see the Forrester report “The Forrester Wave™: Vulnerability Risk
Management, Q1 2018.”
For more information on DDoS mitigation solutions, see the Forrester report “Now Tech: DDoS Mitigation Solutions,
15
Q2 2018” and see the Forrester report “The Forrester Wave™: DDoS Mitigation Solutions, Q4 2017.”
Source: Lily Hay Newman, “GitHub Survived The Biggest DDoS Attack Ever Recorded,” Wired, March 1, 2018 (https://
16
www.wired.com/story/github-ddos-memcached/) and Carlos Morales, “NETSCOUT Arbor Confirms 1.7 Tbps DDoS
Attack; The Terabit Attack Era Is Upon Us,” NETSCOUT blog, March 5, 2018 (https://asert.arbornetworks.com/
netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/).
Source: “Business E-mail Compromise E-mail Account Compromise The 5 Billion Dollar Scam,” Internet Crime
17
Complaint Center, May 4, 2017 (https://www.ic3.gov/media/2017/170504.aspx).
For more information about endpoint security products, see the Forrester report “TechRadar™: Endpoint Security, Q1
18
2017” and see the Forrester report “The Forrester Wave™: Endpoint Security Suites, Q2 2018.”
We asked 1,802 global telecommunications decision makers at organizations with 1,000 or more employees which
19
initiatives were likely to be top business priorities for their organization over the next 12 months. Sixty-eight percent
said that improving the experience of their employees was a high or critical priority; 24% said it was a moderate
priority; and 8% said it was a low priority or not on their agenda. Source: Forrester Analytics Global Business
Technographics Mobility Survey, 2017.
For more information about the mobility security suite market landscape, see the Forrester report “Now Tech: Mobile
20
Security, Q1 2018.”
Network security policy management tools touch the network and visibility and analytics and automation and
21
orchestration functions of the ZTX framework. For more information, see the Forrester report “The Zero Trust eXtended
(ZTX) Ecosystem.”
Without NFGW technologies in place, it is impossible to achieve Zero Trust with the current suite of tools that are
22
available. For more information, see the Forrester report “The Zero Trust eXtended (ZTX) Ecosystem” and see the
Forrester report “TechRadar™: Zero Trust Network Threat Mitigation Technologies, Q4 2016.”
For more information about WAF tools, see the Forrester report “Vendor Landscape: Web Application Firewalls” and
23
see the Forrester report “The Forrester Wave™: Web Application Firewalls, Q2 2018.”
Organizations considering a Zero Trust security strategy should also consider the application and use of next-
24
generation access. Source: Chase Cunningham, “Next-Generation Access and Zero Trust,” Forrester Blogs, March 27,
2018 (https://go.forrester.com/blogs/next-generation-access-and-zero-trust/).
We work with business and technology leaders to develop
customer-obsessed strategies that drive growth.
Products and Services
›› Core research and tools
›› Data and analytics
›› Peer collaboration
›› Analyst engagement
›› Consulting
›› Events
Forrester’s research and insights are tailored to your role and

critical business initiatives.
Roles We Serve
Marketing & Strategy Technology Management Technology Industry
Professionals Professionals Professionals
CMO CIO Analyst Relations
B2B Marketing Application Development
B2C Marketing & Delivery
Customer Experience Enterprise Architecture
Customer Insights Infrastructure & Operations
eBusiness & Channel ›› Security & Risk
Strategy Sourcing & Vendor
Management
Client support
For information on hard-copy or electronic reprints, please contact Client Support at
+1 866-367-7378, +1 617-613-5730, or [email protected]. We offer quantity
discounts and special pricing for academic and nonprofit institutions.
Forrester Research (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We work with
business and technology leaders to develop customer-obsessed strategies that drive growth. Through proprietary
research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a
singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations.
For more information, visit forrester.com. 137207

Forrester TechTide

Uploaded by

Copyright:

Available Formats

Forrester TechTide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Forrester TechTide

Uploaded by

Copyright:

Available Formats

What are the main technologies discussed in the report?

What are the main technologies discussed in the report?

What does the report recommend for implementing zero trust threat prevention?

What does the report recommend for implementing zero trust threat prevention?

NOT LICENSED FOR DISTRIBUTION

The Forrester Tech Tide™: Zero Trust Threat

by Amy DeMartine, Chase Cunningham, Joseph Blankenship, and Josh Zelonis

Why Read This Report Key Takeaways

The Future Demands Automated Discovery,

The Forrester Tech Tide™: Zero Trust Threat Prevention, Q3 2018

by Amy DeMartine, Chase Cunningham, Joseph Blankenship, and Josh Zelonis

Table Of Contents Related Research Documents

5 Experiment With Antiphishing Training And

27 Divest From Network Threat Protection That

Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA

Leverage Threat Prevention Technologies To Avoid Costly Breaches

Curate A Set Of Technologies That Maximize Zero Trust Threat Prevention

Create Your ZT Threat Prevention With A Mix Of Technologies

FIGURE 1 Tech Tide™: Zero Trust Threat Prevention, Q3 2018

Zero Trust Threat Prevention Technologies

Cloud and virtual workload DDoS mitigation

Antiphishing training and simulation Network access control (NAC)

Low maturity High maturity

We plot the categories on two dimensions:

Invest In And Maintain Valuable ZT Threat Prevention Technologies

›› Threat prevention technologies continue to consolidate into integrated solutions. Mobile

Experiment With Antiphishing Training And Simulation And Others

FIGURE 2 Experiment: Antiphishing Training And Simulation

Strategy: Antiphishing training and

FIGURE 3 Experiment: Bot Management

Strategy: Bot management

Business value rationale

FIGURE 4 Experiment: Breach Simulation

Strategy: Breach simulation

Business value rationale

FIGURE 5 Experiment: Browser Isolation Technology

Strategy: Browser isolation technology

Business value rationale

FIGURE 6 Experiment: Bug Bounty Program

Strategy: Bug bounty program

Business value rationale

Runtime Application Self-Protection Can Only Protect A Narrow Set Of Applications

FIGURE 7 Experiment: Runtime Application Self-Protection

Strategy: Runtime application

SAMPLE VENDORS Business value rationale

FIGURE 8 Experiment: Runtime Container Security

Strategy: Runtime container security

Business value rationale

Invest In Cloud And Virtual Workload Security And Others

FIGURE 9 Invest: Cloud And Virtual Workload Security

Strategy: Cloud and virtual workload

FIGURE 10 Invest: Cloud Security Gateway

Strategy: Cloud security gateway

Encryption Evolves To Protect Data By Default

FIGURE 11 Invest: Encryption

SAMPLE VENDORS Business value rationale

FIGURE 12 Invest: Identity Management And Governance

Strategy: Identity management and

SAMPLE VENDORS Business value rationale

Microsegmentation Improves Network Security Through Granular Attack Resistance