Trail of Bits has been recognized as a leader in cybersecurity consulting services according to The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024. In this evaluation, we were compared against 14 other top vendors and emerged as a leader for our services.
Read the report on our website.
What is the Forrester Wave™?
Forrester is a prominent global research and advisory firm that produces a variety of market reports, research, analysis, and consulting services. The Forrester Wave™ is an evaluation that serves as a comprehensive guide for CISOs considering their purchasing options in a technology marketplace.
Forrester’s evaluations are highly regarded for their rigorous and thoughtful approach:
- A trusted source of truth: Forrester reports are essential for their in-depth analysis and are highly respected across industries.
- An unbiased assessment: Forrester does not require payment to be considered in its assessment. Instead, for this report, they evaluated firms that “offer a comprehensive set of cybersecurity consulting services capabilities across the extended business scenarios,” Forrester also considered “the level of interest from [Forrester] clients based on inquiries, advisories, consulting engagements, and other interactions,” and included firms that meet certain revenue amounts.
- Comprehensive criteria: The evaluation criteria are designed for Forrester and CISOs to fully understand how the companies compare and which are industry leaders. They look at each firm’s current offering, strategy, and market presence.
What happened?
Forrester invited us and 14 other top vendors to participate in The Forrester Wave(™): Cybersecurity Consulting Services, Q2 2024 report.
Participation was optional, but we would still be included in the report regardless of our choice. We opted to actively participate and were given a list of 24 criteria to address with data and metrics, which you can see below. Each of our team leaders contributed to this effort, detailing our vision, goals, and areas where we excel. Following this, we delivered a management presentation focused on three key areas: strategy, market presence, and offerings.
Dan, our CEO, highlighted our unique approach to consulting, emphasizing the continuous feedback loop between our Research and Assurance practices. Additionally, he underscored our commitment to open-sourcing everything possible, from tools to reports and handbooks.
Dan’s presentation showcased three key client projects, demonstrating our comprehensive client engagement from Day 0 to completion.
- Scenario 1: Strategy and Vision
- The first focused on a Fortune 500 client implementing AI, where we set an industry-leading standard with our innovative approach while tools and methodologies are still emerging.
- Scenario 2: Tech Stack Consolidation
- The second featured an AI client, HuggingFace, where we consolidated safer approaches and alternatives to pickle files.
- Scenario 3: Demonstration of Tech-Enabled IP
- The third demonstrated our use of Echidna for Primitive Finance, showcasing the technical tools we’ve developed and their application to client work.
Forrester also solicited feedback directly from three of our clients about our project performance. Although we didn’t see their individual responses, the summarized feedback in the report noted:
Forrester scoring
After we submitted our self review against their criteria and delivered a management presentation, they sent us a draft copy of their score rating. They assigned each vendor a 1, 3, or 5 for each criterion.
5 = Superior relative to others in this evaluation.
3 = On par relative to others in this evaluation.
1 = Below par relative to others in this evaluation. The provider lacks meaningful key differentiators.
0 = No capability
In 12 criteria, we received the highest possible score of 5. Here’s our take on why.
Our clients benefit from high-quality technical assessments and team upskilling through our public educational resources and office hours, even before the engagement begins. We ensure continuous knowledge transfer, delivering code, scripts, and testing tools for independent use throughout the assessment. Depending on client interest or need, we also offer specific educational sessions for immediate training on new tools or techniques.
Our strong focus on R&D and open-source software keeps clients ahead of emerging threats. We train teams on the best security practices throughout the SDLC, ensuring a proactive and robust approach to evolving challenges, even after the assessment is complete.
For compliance delivery, tech stack consolidation, budget optimization, and staff augmentation, where we scored a 1, our focus remains on providing best-in-class technical security services, with no plans to offer any of the above services.
Strategic initiatives for future growth and client support
The 2024 Forrester report notes a few areas for future enhancement and growth. We have several ongoing initiatives that we believe will rank us even higher in the future:
- We are developing a partnership program to expand our current offerings with top-of-the-market partners like GitHub and Semgrep.
- We’re expanding our services to include AI Safety & Security training to help red teams understand and evaluate AI-based system risks.
- Our project management team is implementing prescriptive plans to guide clients throughout their SDLC. These plans include a clear security roadmap with long-term recommendations and extended office hours with our technical teams.
- We provide clients with various pricing models and solutions based on their priorities. Our services are flexible, extending beyond traditional assessments to include custom tooling, training, and essential solutions for operational teams.
We are honored to come out as a leader in The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024 report. If you’re facing a cybersecurity challenge, consider leveraging the expertise of a recognized leader among the top vendors in the market. Contact us today to see how we can help.