Gartner Blog Network

Lawrence Pingree
Research Director
6+ years with Gartner
19 years industry experience

Lawrence Pingree is a Research Director in Gartner's Security Technology and Service provider group. His responsibilities include providing critical insights to both end users and technology providers. He closely tracks the information security markets, technologies, technology and adoption trends, and competitive market dynamics.… Read Full Bio

Deception related technology – its not just a “nice to have”, its a new strategy of defense

by Lawrence Pingree  |  September 28, 2016

Deception Techniques “Can be”, and “Are” being used in other Security Solutions In my earlier Emerging Technology note on deception (see “Emerging Technology Analysis: Deception Techniques and Technologies Create Security Technology Business Opportunities“), I called out that there’s a broad-based opportunity for providers of prevention and detection technologies to apply the principles of deception into […]

Read more »

My Latest Research: Competitive Landscape: Distributed Deception Platforms, 2016

by Lawrence Pingree  |  August 4, 2016

4 August 2016  |  Distributed deception platforms are now a viable option for enhancing detection within enterprise security programs. Product marketing managers must understand the competitive positioning of their products and crucial market dynamics in order to compete effectively in the DDP market. Gartner client’s may access this research by clicking here.

Read more »

Imagine the next Security News Headlines….

by Lawrence Pingree  |  July 27, 2016

Just for a moment, imagine the following scenario: “RandomCompany implements distributed deception platform technology, deploys fake databases and data throughout their environment.” News story breaks that “underground news sites report that RandomCompany’s data has been breached and offered for sale  in underground forums”. News outlets ask RandomCompany for comment. RandomCompany reports to news outlets that […]

Read more »

Are Gartner client’s interested in threat deception?

by Lawrence Pingree  |  July 6, 2016

From time to time, I get client inquiries that ask, “Is someone interested in this technology?”.  I have recently covered deception techniques and technologies, and because of that I’ve received quite a few calls asking that question on this technology. Well, in the spirit of giving, I figured I’d give folks a taste of how much […]

Read more »

Is deception effective at delaying or detecting an attacker?

by Lawrence Pingree  |  June 30, 2016

The first question that many folks ask about using deceptions in their security programs is, can’t a deception be easily detected? The answer is yes but also no. IN fact, this is really the core reason the technique is so effective in detecting and misdirecting attackers in an enterprise environment. Recently, I did a webinar for […]

Read more »

Software Defined Perimeter Technology is More than a Fancy VPN

by Lawrence Pingree  |  September 23, 2015

It’s been a while since I’ve blogged, but I wanted to expand a bit on how Software Defined Perimeter technology works. The key reason that this technology helps reduce the network attack surface is that before SDP is deployed onto a host, the  default TCP/IP stack will automatically strip, parse and process all headers/packets and […]

Read more »

Are Software Defined Perimeters (SDP) in your Future?

by Lawrence Pingree  |  April 30, 2015

Increasingly, we are seeing solutions emerge to address advanced threats that have penetrated the internal network (even internal threats) – most solutions focus on micro-segmentation,  network behavior analysis or multi-domain analytics.  I continue to have clients that are working to perform internal network and cloud-based  segmentation of their networks for security purposes. There are many ways […]

Read more »

Top 5 things AR professionals should consider when doing a Vendor Briefing

by Lawrence Pingree  |  February 4, 2015

1. Be prepared to share remotely. Briefings are a professional pitch to an influential party. Imagine you are pitching to the CEO of a large company, this is the impact that you want to make from an impression standpoint. This means that you must be prepared ahead of time. Vendor briefings should include a presentation deck […]

Read more »

2015 is the year of Offensive Deceptions

by Lawrence Pingree  |  December 23, 2014

During the past, security technologies have largely focused on detection and blocking mechanisms to respond to attacks.   Security of course must continuously evolve to detect and defend against attacker strategies, and these past strategies must continue to include new capabilities as well as old to properly defend against the array of attack techniques. A new emerging […]

Read more »

Conflict of interest or not?

by Lawrence Pingree  |  September 3, 2014

I had an interesting question posed during inquiry today. The question was: Client: “Is it a conflict of interest to have a technology provider that specializes in virtual sandbox malware detection also perform incident response and forensic activities?” Me: At first glance, my thought was that as long as there is no official attestation of […]

Read more »