Gartner Blog Network

Lawrence Pingree
Research Director
6+ years with Gartner
19 years industry experience

Lawrence Pingree is a Research Director in Gartner's Security Technology and Service provider group. His responsibilities include providing critical insights to both end users and technology providers. He closely tracks the information security markets, technologies, technology and adoption trends, and competitive market dynamics.… Read Full Bio

2015 is the year of Offensive Deceptions

by Lawrence Pingree  |  December 23, 2014

During the past, security technologies have largely focused on detection and blocking mechanisms to respond to attacks.   Security of course must continuously evolve to detect and defend against attacker strategies, and these past strategies must continue to include new capabilities as well as old to properly defend against the array of attack techniques. A new emerging […]

Read more »

Conflict of interest or not?

by Lawrence Pingree  |  September 3, 2014

I had an interesting question posed during inquiry today. The question was: Client: “Is it a conflict of interest to have a technology provider that specializes in virtual sandbox malware detection also perform incident response and forensic activities?” Me: At first glance, my thought was that as long as there is no official attestation of […]

Read more »

A taste of data on some advanced threat search term results

by Lawrence Pingree  |  August 21, 2014

I was just curious so I picked some search terms that I felt could be relevant to Gartner customers that are attempting to find advanced threat detection solutions. Below is a sample of what Gartner Search Analytics can do. Below is a sorted list of search terms that I pulled from our search analytics tool. […]

Read more »

Four quick steps security practitioners must take to enable the intelligence aware future

by Lawrence Pingree  |  July 31, 2014

Threat intelligence sharing and exchanges are emerging across the security industry. But there are a few hangups we as security practitioners must overcome in order for us to move the needle in our favor against the attackers. 1. You must get over the paranoia associated with sharing your threat intelligence data. 2. Engage with your […]

Read more »

Security Practitioners – Stop being a pwnie pawn!

by Lawrence Pingree  |  July 9, 2014

Although I haven’t written to my blog in quite some time, I wanted to take a moment to address a major issue that I believe continues to plague organizations globally. Far too often, security practitioners face IT management or business executives that either fail to or refuse to implement prevention measures due to concerns of […]

Read more »

My team’s research next year… Intelligence Aware Security Controls (IASC)

by Lawrence Pingree  |  October 31, 2013

Hi Folks, I wanted to give you a brief intro to a new concept emerging for Gartner’s security technology and service provider audience. The concept we will be using for next year’s theme is “Intelligence Aware Security Controls (IASC)” pronounced “I ASK”. This concept will be elaborated much more in our research in 2014 and […]

Read more »

How do you define “defense in depth”?

by Lawrence Pingree  |  August 29, 2013

I’ve had some recent conversations that lead me to believe there may be some misunderstanding of the term defense in depth. Some practitioners may propose that this is a simple architecture that translates into a specific finite set of products and architectures. In a note I wrote last year (which is currently being updated) I […]

Read more »

Advanced Persistent Threat Actor Levels and Goals

by Lawrence Pingree  |  July 18, 2013

Carrying forward an idea to categorize advanced targeted attackers proposed by Eric Ahlm here at Gartner, I am proposing the following profiles and “levels” of attacker. Feel free to comment or propose other ways to portray this information. If you are interested in defending against or detecting advanced targeted attacks, see my research titled “Best […]

Read more »

Threats come from everywhere, so you must deal with it as such.

by Lawrence Pingree  |  March 22, 2013

How great a threat does Gartner perceive state sponsored cyber espionage? Since Gartner does not track individual threats or actors it is difficult to say for certain which attacks are state sponsored or not. The recent mandiant report highlighted China as the threat actor. Gartner does not believe that the country of origin is as […]

Read more »

Where do the most hackers come from?

by Lawrence Pingree  |  March 8, 2013

Recently, there have been a lot of stories surrounding the Chinese and hackers originating from their intelligence agency.  Although I do not want to diminish the findings of a particular technology company that disclosed some of their own investigations, I do believe it is necessary to draw some attention towards  locations of the globe where […]

Read more »