Gartner Blog Network

Lawrence Pingree Research Vice President 8+ years at Gartner 24+ years IT security Industry Lawrence Pingree's responsibilities include providing critical insights to technology providers and product leaders on emerging technologies and trends. Mr. Pingree closely tracks the security markets, emerging technologies, trends and competitive market dynamics. He regularly reviews security technologies, provider businesses and their go-to market strategies and focuses on helping Gartner clients plan, choose and evolve as market dynamics shift. His analysis includes an examination of emerging technologies, market changes, go-to-market strategies, end-user buying behaviors, development plans and various business attributes to identify key competitive differentiation and competitive strategies. Read Full Bio

Is deception effective at delaying or detecting an attacker?

by Lawrence Pingree  |  June 30, 2016

The first question that many folks ask about using deceptions in their security programs is, can’t a deception be easily detected? The answer is yes but also no. IN fact, this is really the core reason the technique is so effective in detecting and misdirecting attackers in an enterprise environment. Recently, I did a webinar for […]

Read more »

Software Defined Perimeter Technology is More than a Fancy VPN

by Lawrence Pingree  |  September 23, 2015

It’s been a while since I’ve blogged, but I wanted to expand a bit on how Software Defined Perimeter technology works. The key reason that this technology helps reduce the network attack surface is that before SDP is deployed onto a host, the  default TCP/IP stack will automatically strip, parse and process all headers/packets and […]

Read more »

Are Software Defined Perimeters (SDP) in your Future?

by Lawrence Pingree  |  April 30, 2015

Increasingly, we are seeing solutions emerge to address advanced threats that have penetrated the internal network (even internal threats) – most solutions focus on micro-segmentation,  network behavior analysis or multi-domain analytics.  I continue to have clients that are working to perform internal network and cloud-based  segmentation of their networks for security purposes. There are many ways […]

Read more »

Top 5 things AR professionals should consider when doing a Vendor Briefing

by Lawrence Pingree  |  February 4, 2015

1. Be prepared to share remotely. Briefings are a professional pitch to an influential party. Imagine you are pitching to the CEO of a large company, this is the impact that you want to make from an impression standpoint. This means that you must be prepared ahead of time. Vendor briefings should include a presentation deck […]

Read more »

2015 is the year of Offensive Deceptions

by Lawrence Pingree  |  December 23, 2014

During the past, security technologies have largely focused on detection and blocking mechanisms to respond to attacks.   Security of course must continuously evolve to detect and defend against attacker strategies, and these past strategies must continue to include new capabilities as well as old to properly defend against the array of attack techniques. A new emerging […]

Read more »

Conflict of interest or not?

by Lawrence Pingree  |  September 3, 2014

I had an interesting question posed during inquiry today. The question was: Client: “Is it a conflict of interest to have a technology provider that specializes in virtual sandbox malware detection also perform incident response and forensic activities?” Me: At first glance, my thought was that as long as there is no official attestation of […]

Read more »

A taste of data on some advanced threat search term results

by Lawrence Pingree  |  August 21, 2014

I was just curious so I picked some search terms that I felt could be relevant to Gartner customers that are attempting to find advanced threat detection solutions. Below is a sample of what Gartner Search Analytics can do. Below is a sorted list of search terms that I pulled from our search analytics tool. […]

Read more »

Four quick steps security practitioners must take to enable the intelligence aware future

by Lawrence Pingree  |  July 31, 2014

Threat intelligence sharing and exchanges are emerging across the security industry. But there are a few hangups we as security practitioners must overcome in order for us to move the needle in our favor against the attackers. 1. You must get over the paranoia associated with sharing your threat intelligence data. 2. Engage with your […]

Read more »

Security Practitioners – Stop being a pwnie pawn!

by Lawrence Pingree  |  July 9, 2014

Although I haven’t written to my blog in quite some time, I wanted to take a moment to address a major issue that I believe continues to plague organizations globally. Far too often, security practitioners face IT management or business executives that either fail to or refuse to implement prevention measures due to concerns of […]

Read more »

My team’s research next year… Intelligence Aware Security Controls (IASC)

by Lawrence Pingree  |  October 31, 2013

Hi Folks, I wanted to give you a brief intro to a new concept emerging for Gartner’s security technology and service provider audience. The concept we will be using for next year’s theme is “Intelligence Aware Security Controls (IASC)” pronounced “I ASK”. This concept will be elaborated much more in our research in 2014 and […]

Read more »