the forrester wave™: endpoint detection and response, q3 2018 · the forrester wave™: endpoint...

The Forrester Wave™: Endpoint Detection And Response, Q3 2018The 12 Providers That Matter Most And How They Stack Up

by Josh ZelonisJuly 5, 2018

NOT LICENSED FOR DISTRIBUTION

FoRRESTER.coM

Key TakeawayscrowdStrike, carbon Black, And Digital Guardian Lead The PackForrester’s research uncovered a market in which CrowdStrike, Carbon Black, and Digital Guardian are Leaders; Cylance, ESET, Cybereason, and Endgame are Strong Performers; and SentinelOne, FireEye, Cisco Systems, Symantec, and RSA are Contenders.

S&R Pros Want Automated Detection, Threat Hunting Enablement, And Flexible IntegrationThe endpoint detection and response market is growing because more S&R professionals see EDR as a way to address their top challenges. This market growth is in large part due to S&R pros increasingly trusting EDR providers to act as strategic partners, advising them on top endpoint security decisions.

Enterprise Adoption, Scalability, And Visibility Are Key DifferentiatorsAs legacy endpoint technologies become outdated and malicious cybercampaigns grow more sophisticated, improved threat detection, response, and hunting will dictate which providers will lead the pack. Vendors that can provide depth of visibility as well as detection and response position themselves to successfully deliver remediation, assurance, and certainty to their customers.

Why Read This Report

In our 20-criteria evaluation of endpoint detection and response (EDR) providers, we identified the 12 most significant ones — Carbon Black, Cisco Systems, CrowdStrike, Cybereason, Cylance, Digital Guardian, Endgame, ESET, FireEye, RSA, SentinelOne, and Symantec — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals make the right choice.

2

3

5

11

© 2018 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing is a violation of copyright law. [email protected] or +1 866-367-7378

Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA+1 617-613-6000 | Fax: +1 617-613-5000 | forrester.com

Table Of Contents

EDR Enhances Your Security Posture And Helps Remediate Incidents

Selecting The Right Vendor Starts With Understanding Your Own Capacity

Endpoint Detection And Response Evaluation Overview

Evaluated Vendors And Inclusion Criteria

Vendor Profiles

Leaders

Strong Performers

Contenders

Supplemental Material

Related Research Documents

The Forrester Wave™: Endpoint Security Suites, Q2 2018

The Market For Managed Detection And Response Booms In 2017

Now Tech: Endpoint Detection And Response, Q1 2018

The State Of Endpoint Security, 2018

FOR SECURITY & RISK PROFESSIONALS

The Forrester Wave™: Endpoint Detection And Response, Q3 2018The 12 Providers That Matter Most And How They Stack Up

by Josh Zeloniswith Stephanie Balaouras, Bill Barringham, and Peggy Dostie

July 5, 2018

Share reports with colleagues. Enhance your membership with Research Share.

http://www.forrester.com/go?objectid=RES137973







http://www.forrester.com/go?objectid=BIO11384

http://www.forrester.com/go?objectid=BIO1123

https://go.forrester.com/research/research-share/?utm_source=forrester_com&utm_medium=banner&utm_content=featured&utm_campaign=research_share

https://go.forrester.com/research/research-share/?utm_source=forrester_com&utm_medium=banner&utm_content=featured&utm_campaign=research_share

For Security & riSk ProFeSSionalS

The Forrester Wave™: Endpoint Detection And Response, Q3 2018July 5, 2018

© 2018 Forrester research, inc. unauthorized copying or distributing is a violation of copyright law. [email protected] or +1 866-367-7378

2

The 12 Providers That Matter Most And How They Stack Up

EDR Enhances Your Security Posture And Helps Remediate Incidents

Once launched, a cyberattack may exist in one of three states: 1) prevented attack, 2) detected attack, or 3) undetected attack. While prevented attacks are preferred, it’s critical to have visibility into your environment so you can both detect and remediate attacks as well as adequately hunt for attacks that have evaded your mitigation controls, allowing the attacker to live in the undetected state, also known as dwell time (see Figure 1).1 EDR products enhance your security posture by collecting and storing telemetry data from security-relevant events on your systems — data with which your team can develop a much-needed threat hunting capability.2 Without this capability, you’ll never know what has slipped through the cracks until it’s too late to stop the damage.

FIGURE 1 Threat Hunting Disrupts Dwell Time

Selecting The Right Vendor Starts With Understanding Your own capacity

EDR has come to define any endpoint product that performs behavioral analysis and exposes some ability to respond to threats. Detection and response capabilities vary widely, and the majority now also present themselves as drop-in replacements for traditional endpoint protection (EP) solutions. After considering the strategies of the different vendors and how they have developed solutions to support their visions, we segmented the market into three target customer use cases:

› EP solutions with automated detection for management simplicity. Many of the Strong Performers in this Forrester Wave™ are adding organizational resilience by automating response to detections. The set-it-and-forget-it approach is akin to what EP solutions have traditionally been used for, except that instead of being singularly focused on malware, they are now building behavioral analysis into their models for more-advanced detection.3 A common tradeoff of this

Trustedcon�guration

No

Yes Yes

No

Incidentresponse

Dwell TimeAttack Prevented? Detected?

Threathunting




3


approach is providing less access to your collected data in favor of simplicity of management. This type of solution is proving popular with clients who don’t have capacity or budget for more-advanced security operations.

› Solutions that empower analyst-led threat hunting for detecting sophisticated actors. As soon as your threat model includes sophisticated threat actors, you have to allow the possibility of automated detection not being sufficient.4 The demo portion of this evaluation posed a number of threat hunting challenges to the vendors in order for them to demonstrate the breadth of collected telemetry and to measure how an organization could interact with that data to perform an investigation — without using an alert or detection as an antecedent. The Leaders in this Forrester Wave demonstrated the most robust capabilities for this sophisticated use case.

› Platform vendors that provide key functionality embedded across their portfolio. A number of platform vendors indicated that critical functionality was available elsewhere in their portfolio. Ideally, defense in depth shouldn’t mean you need multiple products to obtain similar capabilities, but most organizations aren’t trying to solve security with a single point solution, anyway. These platform solutions must be considered holistically with considerations for other benefits obtained, such as vendor viability, as well as having a single point of contact for negotiation and support.

Endpoint Detection And Response Evaluation Overview

To assess the state of the EDR market and see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top vendors. After examining past research, user need assessments, and vendor and expert interviews, we developed a comprehensive set of evaluation criteria. We evaluated vendors against 20 criteria, which we grouped into three high-level buckets:

› current offering. Each vendor’s position on the vertical axis of the Forrester Wave graphic indicates the strength of its current offering. Key criteria for these solutions include alerting configurability, agent effectiveness, forensic capabilities, deployment options, and response actions.

› Strategy. Placement on the horizontal axis indicates the strength of the vendors’ strategies. We evaluated vendors’ product visions, planned enhancements, and market approach.

› Market presence. Represented by the size of the markers on the graphic, our market presence scores reflect each vendor’s enterprise install base and number of enterprise customers.

Evaluated Vendors And Inclusion criteria

Forrester included 12 vendors in the assessment: Carbon Black, Cisco Systems, CrowdStrike, Cybereason, Cylance, Digital Guardian, Endgame, ESET, FireEye, RSA, SentinelOne, and Symantec. Each of these vendors has (see Figure 2):




4


FIGURE 2 Evaluated Vendors: Product Information And Inclusion Criteria

Vendor

Carbon Black

Cisco Systems

CrowdStrike

Cybereason

Cylance

Digital Guardian

Endgame

ESET

FireEye

RSA

SentinelOne

Symantec

Product evaluated

Cb Response

Advanced Malware Protection (AMP) for Endpoints

CrowdStrike Falcon

Cybereason Hunt

CylanceOPTICS

Digital Guardian Data Protection Platform

Endgame

ESET Enterprise Inspector

FireEye Endpoint Security

RSA NetWitness Endpoint

SentinelOne

Symantec Advanced Threat Protection (ATP)

Version number

6.2.1

6.0.9

4.1

17.5

2.3

7.4

2.6

1.2

4.4

3.1

Enterprise adoption. The vendor must have signi�cant enterprise adoption, measured by having morethan 100 enterprise clients (1,000+ employees).

Enterprise scalability. A mature EDR offering requires the vendor to have overcome certain technicalchallenges to scalability. The thresholds required for inclusion in this evaluation are 800,000 totalendpoints deployed and with a single deployment of at least 100,000 endpoints.

Endpoint visibility. A de�ning feature of EDR is the collection of security-relevant operations, or telemetry, on the endpoint. Understanding that this research is not intended as a benchmark for detection, it is required they collect a minimum set of telemetry data to ensure products could detect the types of sophisticated attacks that enterprises invest in EDR technologies to combat.

Forrester mindshare. To ensure relevance to Forrester clients and the quality of the references beingprovided, it is required that products have been generally available and not undergone signi�cant changesin the past six months. Further, the vendor must not have plans to signi�cantly change how the product isdelivered in the next 12 months to ensure continued relevance of this research.

Vendor inclusion criteria




5


› Enterprise adoption. The vendor must have significant enterprise adoption, measured by having more than 100 enterprise clients (1,000+ employees).

› Enterprise scalability. A mature EDR offering requires the vendor to have overcome certain technical challenges to scalability. The thresholds required for inclusion in this evaluation are 800,000 total endpoints deployed and with a single deployment of at least 100,000 endpoints.

› Endpoint visibility. A defining feature of EDR is the collection of security-relevant operations, or telemetry, on the endpoint. Understanding that this research is not intended as a benchmark for detection, it is required they collect a minimum set of telemetry data to ensure products could detect the types of sophisticated attacks that enterprises invest in EDR technologies to combat.

› Forrester mindshare. To ensure relevance to Forrester clients and the quality of the references being provided, it is required that products have been generally available and not undergone significant changes in the past six months. Further, the vendor must not have plans to significantly change how the product is delivered in the next 12 months to ensure continued relevance of this research.

Vendor Profiles

This evaluation of the EDR market is intended to be a starting point only. We encourage clients to view detailed product evaluations and adapt criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool (see Figure 3 and see Figure 4). Click the link at the beginning of this report on Forrester.com to download the tool.




6


FIGURE 3 Forrester Wave™: Endpoint Detection And Response, Q3 2018

Challengers Contenders LeadersStrong

Performers

Strongercurrentoffering

Weakercurrentoffering

Weaker strategy Stronger strategy

Market presence

Carbon Black

Cisco Systems

CrowdStrike

Cybereason

Cylance

Digital Guardian

Endgame

ESET

FireEye

RSA

SentinelOne

Symantec

Endpoint Detection And ResponseQ3 2018




7


FIGURE 4 Forrester Wave™: Endpoint Detection And Response Scorecard, Q3 2018

Carbon

Blac

k

Cisco

Syste

ms

CrowdStri

ke

Cyber

easo

n

Cylanc

e

Digita

l Gua

rdian

3.48

2.80

4.00

3.80

2.80

4.60

5.00

3.00

5.00

4.00

5.00

3.00

2.84

4.60

1.80

2.20

3.80

2.20

5.00

1.00

1.00

3.00

3.00

3.00

4.56

4.40

4.80

4.60

4.20

4.60

5.00

3.00

5.00

5.00

5.00

5.00

3.12

2.40

4.00

2.20

3.00

3.00

3.00

3.00

3.00

2.00

1.00

3.00

2.64

2.00

2.00

3.80

3.40

4.40

3.00

5.00

5.00

2.00

1.00

3.00

3.80

3.00

4.20

4.20

3.40

3.40

3.00

5.00

3.00

1.00

1.00

1.00

weight

ing

Forre

ster’s

50%

20%

40%

20%

20%

50%

30%

20%

50%

0%

50%

50%

Current Offering

Endpoint agent

Detection

Response capabilities

Solution usage

Strategy

Product vision

Planned enhancements

Market approach

Market Presence

Number of customers

Total deployed endpoints

All scores are based on a scale of 0 (weak) to 5 (strong).




8


FIGURE 4 Forrester Wave™: Endpoint Detection And Response Scorecard, Q3 2018 (Cont.)

Leaders

› crowdStrike. CrowdStrike understands and articulates the problem of combating sophisticated actors better than anyone. It has built an EDR product company buttressed with threat intelligence and digital forensic services that are widely respected across the industry.5 They do system classification based on processes running on the machine to adjust the prioritization of alerts, and threat hunting is performed using the Splunk query language (SPL), which may be viewed as a competitive advantage for organizations that retain analysts with that skillset.

› carbon Black. Carbon Black helped define the space with its Cb Response product by focusing on increasing the cost to an attacker while reducing dwell time.6 This product is an extremely capable solution that is widely used by forensic investigators and managed security service providers to deliver value to their clients. This is a very sophisticated threat hunting product designed for expert users and lacks some of the more common prevention capabilities of its peers. Users looking for a more accessible product may wish to explore their Cb Defense solution.7

Endga

me

ESETFir

eEye

RSASen

tinelO

ne

Syman

tec

2.48

2.40

3.40

1.40

1.80

3.00

3.00

3.00

3.00

1.00

1.00

1.00

2.72

2.40

3.80

1.80

1.80

4.00

3.00

3.00

5.00

1.00

1.00

1.00

3.08

2.40

3.00

3.40

3.60

2.00

3.00

3.00

1.00

4.00

3.00

5.00

2.48

2.00

2.20

4.20

1.80

1.60

3.00

1.00

1.00

4.00

5.00

3.00

3.32

4.60

2.20

3.40

4.20

2.00

3.00

3.00

1.00

2.00

3.00

1.00

2.72

2.40

2.00

4.20

3.00

2.00

3.00

3.00

1.00

4.00

3.00

5.00

weight

ing

Forre

ste’s

50%

20%

40%

20%

20%

50%

30%

20%

50%

0%

50%

50%

Current Offering

Endpoint agent

Detection

Response capabilities

Solution usage

Strategy

Product vision

Planned enhancements

Market approach

Market Presence

Number of customers

Total deployed endpoints

All scores are based on a scale of 0 (weak) to 5 (strong).




9


› Digital Guardian. Digital Guardian is a newer entrant into the space and has built an extremely exciting EDR solution on top of its data loss prevention (DLP) technology. While there have been many criticisms of the effectiveness of DLP from an enforcement perspective, file analytics capabilities solve one of the biggest challenges for security teams in identifying sensitive data within their environments. Digital Guardian differentiates itself by using these file analytics to help you understand the sensitivity of data that has been accessed as part of detection and alerting. Hopefully in future releases this information will also be used for adjusting prioritization.

Strong Performers

› cylance. Cylance is making noise by applying its machine learning expertise to behavioral data sets to stay ahead of evolving attacker techniques with its CylanceOPTICS solution. Threat hunting is limited when it comes to constructing complex queries, but clients frequently cite the ability to pivot and quickly identify where else artifacts exist in your environment as a strength. CylanceOPTICS is a recent entrant into the EDR market, and clients are overwhelmingly positive about the solution and its integration with CylancePROTECT.

› ESET. ESET offers a combined EDR/EP single-agent solution with reporting and threat hunting capabilities exposed through a unified remote administrator dashboard, which provides a single view into all of your ESET security products. Information is presented thoughtfully with intuitive controls, while more powerful functionality lies just under the hood for more advanced users who wish to define their own alert conditions. This wouldn’t be our weapon of choice in a forensic investigation, but the product does deliver for a majority of enterprise use cases.

› cybereason. Cybereason introduced the concept of a “malop,” a composite of multiple events that individually may or not be bad, but when viewed as a sequence of events indicate a malicious operation. Cybereason provides the prettiest user interface demoed in this Forrester Wave, with graphical threat hunting capabilities that would make it very easy for junior-level analysts to construct queries and investigate alerts. Its behavioral detection and ability to automatically remediate incidents is highly regarded by customers, who also recognize that Cybereason is in a growth stage with the harried delivery of a startup and a lot of enterprise features still on the road map.

› Endgame. Endgame’s prevention-focused solution is driven by a vision of elevating tier 1 SOC analysts and accelerating tier 3 analysts through automation. It has an exciting chatbot named Artemis, which assists investigations in plain English, and maps alerts to the MITRE ATT&CK framework to provide enhanced visibility into the attack life cycle.8 Unfortunately, Endgame provided multiple references who had a financial interest in the company’s performance, so Forrester could not evaluate customer satisfaction as well as for other participants.




10


contenders

› Sentinelone. SentinelOne strives to provide detection and automated response capabilities to organizations that want to improve their endpoint security posture without adding administrative overhead. While it has made design decisions that indicate it would like to embrace a more-sophisticated customer persona, the threat hunting capabilities are not there yet, and the product lacks transparency into remediation, which makes it difficult to make informed risk decisions. This solution is a good choice for EP buyers who are looking to increase organizational resilience by adding behavioral detection with automated response.

› FireEye. FireEye offers a platform play with an endpoint vision of providing antimalware and behavioral detection in a tool designed for enterprise search and forensic acquisition. The ability to detect advanced threats and integrate into the rest of the FireEye suite is seen as beneficial, although some clients would prefer more prevention-based capabilities. This solution is a good choice for organizations looking for a platform play, bringing together multiple products into FireEye Helix.9

› cisco Systems. Cisco understands that you can’t prevent everything, so it has built an endpoint product to prevent everything it can, while providing visibility into detected threats. At this time, search capabilities are limited to hunting for specific artifacts or using an alert as an antecedent, a design decision targeting a specific user persona. Advanced features like real-time endpoint searching are on their future road map. Their dashboards and data visualization capabilities are differentiating, and their partnership with Apple allows Cisco to offer a solution for iOS devices that is unique to the market for organizations prioritizing a single pane of glass that includes mobile.10

› Symantec. Symantec’s Advanced Threat Protection (ATP) product shares an agent and installer with Symantec Endpoint Protection (SEP). While an analyst will spend a majority of his/her time reviewing and remediating threats from the ATP console, management and configuration requires a separate SEP Management Console.11 From a strategy perspective, Symantec will be integrating its EDR cloud (EDRC) solution by the end of 2018, which will allow cloud management of your ATP endpoints while adding advanced response and forensics capabilities via a dissolvable agent — even for devices on your network that are not managed by SEP. SEP customers looking to augment their detection capabilities and prioritize a single security vendor approach should consider Symantec’s ATP solution.

› RSA. RSA has a good understanding of the EDR market and of its specific buyer persona. The strength of this solution is in its data collection and the availability of this data to the end user for investigations. Unfortunately, the user interface design is poor and unintuitive, so to become an experienced user, security analysts will need training to gain competence. In addition, while it actively sells and markets this product based on the integration with its security analytics platform, RSA NetWitness Platform, many of the specific integration benefits are road map priorities. Clients have selected this solution when looking for a platform solution for their environment.12




11


Supplemental Material

online Resource

The online version of Figure 3 is an Excel-based vendor comparison tool that provides detailed product evaluations and customizable rankings. Click the link at the beginning of this report on Forrester.com to download the tool.

Data Sources Used In This Forrester Wave

Forrester used a combination of three data sources to assess the strengths and weaknesses of each solution. We evaluated the vendors participating in this Forrester Wave, in part, using materials that they provided to us by June 20, 2018.

› Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where necessary to gather details of vendor qualifications.

Engage With An Analyst

Gain greater confidence in your decisions by working with Forrester thought leaders to apply our research to your specific business and technology initiatives.

Forrester’s research apps for ioS and Android.Stay ahead of your competition no matter where you are.

Analyst Inquiry

To help you put research into practice, connect with an analyst to discuss your questions in a 30-minute phone session — or opt for a response via email.

Learn more.

Analyst Advisory

Translate research into action by working with an analyst on a specific engagement in the form of custom strategy sessions, workshops, or speeches.

Learn more.

Webinar

Join our online sessions on the latest research affecting your business. Each call includes analyst Q&A and slides and is available on-demand.

Learn more.

http://www.forrester.com/app

http://forr.com/1einFan

http://www.forrester.com/Analyst-Advisory/-/E-MPL172

https://www.forrester.com/events?N=10006+5025




12


› Product demos. We asked vendors to conduct demonstrations of their products’ functionality. We used findings from these product demos to validate details of each vendor’s product capabilities.

› customer reference calls. To validate product and vendor qualifications, Forrester also conducted reference calls with three of each vendor’s current customers.

The Forrester Wave Methodology

We conduct primary research to develop a list of vendors that meet our criteria for evaluation in this market. From that initial pool of vendors, we narrow our final list. We choose these vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate vendors that have limited customer references and products that don’t fit the scope of our evaluation. Vendors marked as incomplete participants met our defined inclusion criteria but declined to participate or contributed only partially to the evaluation.

After examining past research, user need assessments, and vendor and expert interviews, we develop the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we gather details of product qualifications through a combination of lab evaluations, questionnaires, demos, and/or discussions with client references. We send evaluations to the vendors for their review, and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies.

We set default weightings to reflect our analysis of the needs of large user companies — and/or other scenarios as outlined in the Forrester Wave evaluation — and then score the vendors based on a clearly defined scale. We intend these default weightings to serve only as a starting point and encourage readers to adapt the weightings to fit their individual needs through the Excel-based tool. The final scores generate the graphical depiction of the market based on current offering, strategy, and market presence. Forrester intends to update vendor evaluations regularly as product capabilities and vendor strategies evolve. For more information on the methodology that every Forrester Wave follows, please visit The Forrester Wave™ Methodology Guide on our website.

Integrity Policy

We conduct all our research, including Forrester Wave evaluations, in accordance with the Integrity Policy posted on our website.

companies Interviewed For This Report

We would like to thank the individuals from the following companies who generously gave their time during the research for this report.

Optiv

Stroz Friedberg

Trustwave

https://www.forrester.com/marketing/policies/forrester-wave-methodology.html

http://www.forrester.com/marketing/policies/integrity-policy.html

http://www.forrester.com/marketing/policies/integrity-policy.html




13


Endnotes1 According to FireEye’s M-Trends 2018 report, the median time to discover a breach in 2017 was 101 days. Source:

“M-Trends 2018,” FireEye (https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html).

2 See the Forrester report “Now Tech: Endpoint Detection And Response, Q1 2018.”

3 Fraud, theft, compromise, and sabotage are some of the actions that advanced solutions can identify through behavioral analysis. See the Forrester report “Best Practices: Mitigating Insider Threats” and see the Forrester report “Artificial Intelligence Will Revolutionize Cybersecurity.”

4 Source: Mohit Kumar, “A New Paradigm For Cyber Threat Hunting,” The Hacker News, June 11, 2018 (https://thehackernews.com/2018/06/cyber-threat-hunting.html).

5 In Forrester’s most recent evaluation of digital forensics and incident response (DFIR) service providers, CrowdStrike received the highest scores for services delivered and customer satisfaction. See the Forrester report “The Forrester Wave™: Digital Forensics And Incident Response Service Providers, Q3 2017.”

6 See the Forrester report “The Forrester Wave™: Endpoint Security Suites, Q2 2018” and see the Forrester report “Brief: Endpoint Security Innovation Is Intensifying.”

7 Cb Defense was included in Forrester’s recent evaluation of endpoint security suites. See the Forrester report “The Forrester Wave™: Endpoint Security Suites, Q2 2018.”

8 “MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s life cycle and the platforms they are known to target.” Source: “Adversarial Tactics, Techniques & Common Knowledge,” The MITRE Corporation, June 5, 2018 (https://attack.mitre.org/wiki/Main_Page).

9 Forrester chronicled the growth of FireEye’s comprehensive set of offerings. See the Forrester report “Brief: FireEye Is Evolving Into An Enterprise Security Vendor.”

10 Cisco extends its visibility and control capabilities with its Cisco Security Connector for iOS. Source: Kevin Rollinson, “Now Available: Cisco Security Connector for iOS,” Cisco Blogs, December 14, 2017 (https://blogs.cisco.com/security/now-available-cisco-security-connector-for-ios).

11 SEP was included in Forrester’s recent evaluation of endpoint security suites. See the Forrester report “The Forrester Wave™: Endpoint Security Suites, Q2 2018.”

12 RSA was ranked a Leader in Forrester’s most recent evaluation of security analytics platforms. See the Forrester report “The Forrester Wave™: Security Analytics Platforms, Q1 2017.”















We work with business and technology leaders to develop customer-obsessed strategies that drive growth.

Products and services

› core research and tools › data and analytics › Peer collaboration › analyst engagement › consulting › events

Forrester research (nasdaq: Forr) is one of the most influential research and advisory firms in the world. We work with business and technology leaders to develop customer-obsessed strategies that drive growth. through proprietary research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations. For more information, visit forrester.com.

client suPPort

For information on hard-copy or electronic reprints, please contact client support at +1 866-367-7378, +1 617-613-5730, or [email protected]. We offer quantity discounts and special pricing for academic and nonprofit institutions.

Forrester’s research and insights are tailored to your role and critical business initiatives.

roles We serve

Marketing & Strategy ProfessionalscMoB2B MarketingB2c Marketingcustomer experiencecustomer insightseBusiness & channel strategy

Technology Management Professionalscioapplication development & deliveryenterprise architectureinfrastructure & operations

› security & risksourcing & vendor Management

Technology Industry Professionalsanalyst relations

141153