The landscape for Security & Risk professionals today is constantly in flux – new security products and services are released almost daily, and disruptive technologies impact the marketplace frequently. Sifting through these to separate the 9 day wonders from the trends and technologies that are here to make a lasting impact can be a daunting task.

Forrester interviewed end users and industry experts, and compiled their findings into this report “Top 11 Trends S&R Professional Should Watch in 2015”, which outlines several significant key developments in the market this year. One of the macro trends outlined in the report which could affect you if you happen to work at a small to mid-size security company is the pervasiveness of private equity funding as the new growth catalyst. As more VCs look to add cyber-security firms to their portfolios, changed ownership brings changes to vendor relationships too.

A longer term trend, according to Forrester, is the consolidation of previously silo-ed security domains into single entities, as an example - the network, endpoint and identity domains becoming more homogeneous as vendors break the barriers across these technologies to deliver solutions that focus on the three pillars of identity, data and visibility.

The report also highlights key technologies which are evolving into smarter solutions to deliver higher than before levels of protection to users, with details on what S&R professional should know to enable them to make smarter decisions when selecting vendors. The list includes: Endpoint Security Options, Customer Facing Identity Management Solutions, Application Security Solutions, and Cloud Security Solutions. For several years now, Endpoint Security Solutions delivered prevention, detection or control at the endpoint. This is now evolving as providers are integrating all these capabilities into one comprehensive solution to make their products actionable through control and remediation for end users. Application Security Solutions historically focusedon specific types of testing, with some vendors focusing on Static Application Security (SAST), while others solely offered Dynamic Application Security Testing (DAST), but vendors are now offering combinations of SAST, DAST, SCA (Software Composition Analysis), and RASP (Runtime Application Security Testing) in an effort to deliver all application security needs in a single solution.

One of the key takeaways at the end of the report urges S&R professionals to closely integrate threat intelligence into the defenses being used at the enterprise. Absence of this integration will weaken the effectiveness of the strongest defenses in any organization.