AI for the Future of Your Business

Webinar

Jan 30, 2020: Cybersecurity Trends and Challenges 2020

Digitalization evolves with the increased use of microcomputers in everyday objects like cars and smart fridges, but also in industrial applications. Therefore, communication between devices is growing accordingly. While connecting devices is supposed to make our lives easier, it poses a…

Blog

Breaches and Regulations Drive Better Security, AWS re:Invent Shows

The high proportion of cyber attacks enabled by poor security practices has long raised questions about what it will take to bring about any significant change. Finally, however, there are indications that the threat of substantial fines for contravening the growing number of data protection…

Webinar

Jan 23, 2020: Improve Security With Critical Infrastructures Requirements

Organizations or institutions that are essential for the public are called Critical Infrastructures (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations.

Webcast

On the Way to Becoming a Cognitive Enterprise

The digitalization has resulted in the "digital enterprise". It aims at leveraging previously unused data and the information hidden in it for the benefit of the enterprise. The “cognitive enterprise” comes with the promise to use this information to do something productive,…

Blog

Benchmarking Cybersecurity Environments

Addressing cybersecurity within a company often occurs in response to an incident which impacts a business’ operations. A cyber incident could be a data breach or malicious disclosure of internal information to the public. Ideally a company starts thinking about cybersecurity before…

Blog

VMware’s New Idea for Fixing Cybersecurity: Intrinsic Security

At VMworld Europe 2019, Pat Gelsinger, CEO of VMware said security is fundamentally broken and that the overabundance of vendors is making the problem worse. I’m not sure this is true. Gelsinger had some good lines: applications that are updated and patched on a regular basis should be…

Executive View

Executive View: IBM Cloud Pak for Security - 80172

IBM Cloud Pak for Security is an innovative solution that can run in a variety of deployment models that supports security analytics and incident response for today’s complex, hybrid and multi-cloud environments. It provides a consolidated view on security and threat information…

Blog

Renovate Your IAM-House While You Continue to Live in It

Do you belong to the group of people who would like to completely retire all obsolete solutions and replace existing solutions with new ones in a Big Bang? Do you do the same with company infrastructures? Then you don't need to read any further here. Please tell us later, how things worked…

Blog

Cyber-Attacks: Why Preparing to Fail Is the Best You Can Do

Nowadays, it seems that no month goes by without a large cyber-attack on a company becoming public. Usually, these attacks not only affect revenue of the attacked company but reputation as well. Nevertheless, this is still a completely underestimated topic in some companies. In the United…

Virtual Event

Nov 09 - 11, 2020: Cybersecurity Leadership Summit 2020

In order to follow the footsteps of digital and technological advancements, have yourself prepared for the future and gain critical knowledge on emerging trends, KuppingerCole Analysts holds its second Cybersecurity Leadership Summit (#CSLS20) virtually, offering the remarkable world-class…

Executive View

Executive View: One Identity Safeguard Suite - 80074

Privileged Access Management (PAM) has evolved into a set of crucial technologies that addresses some of the most urgent areas of cybersecurity today against a backdrop of digital transformation. One Identity Safeguard Suite is a PAM solution that uses a modular approach across password…

Blog

Akamai to Block Magecart-Style Attacks

Credit card data thieves, commonly known as Magecart groups, typically use JavaScript code injected into compromised third-party components of e-commerce websites to harvest data from shoppers to commit fraud. A classic example was a Magecart group’s compromise of Inbenta…

Leadership Brief

Leadership Brief: Penetration Testing Done Right - 70359

Penetration Testing should be a key part of any business's assurance process, providing a level on independent testing that they are not wide open to hackers or other malicious actors; however, a penetration test is not a simple “off-the-shelf” test and needs careful design and…

Blog

Microsoft Partnership Enables Security at Firmware Level

Microsoft has partnered with Windows PC makers to add another level of cyber attack protection for users of Windows 10 to defend against threats targeting firmware and the operating system. The move is in response to attackers developing threats that specifically target firmware as the IT…

Blog

Can Your Antivirus Be Too Intelligent Sometimes?

Current and future applications of artificial intelligence (or should we rather stick to a more appropriate term “Machine Learning”?) in cybersecurity have been one of the hottest discussion topics in recent years. Some experts, especially those employed by anti-malware vendors,…

Blog

Privileged Access Management Can Take on AI-Powered Malware to Protect Identity-Based Computing

Much is written about the growth of AI in the enterprise and how, as part of digital transformation, it will enable companies to create value and innovate faster. At the same time, cybersecurity researchers are increasingly looking to AI to enhance security solutions to better protect…

Blog

As You Make Your KRITIS so You Must Audit It

Organizations of major importance to the German state whose failure or disruption would result in sustained supply shortages, significant public safety disruptions, or other dramatic consequences are categorized as critical infrastructure (KRITIS). Nine sectors and 29 industries currently…

Webinar

Dec 02, 2019: On the Way to Becoming a Cognitive Enterprise

The digitalization has resulted in the "digital enterprise". It aims at leveraging previously unused data and the information hidden in it for the benefit of the enterprise. The “cognitive enterprise” comes with the promise to use this information to do something productive, profitable and…

Blog

Stell Dir vor, es ist KRITIS und keiner geht hin

„Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit…

Blog

Cognitive! - Entering a New Era of Business Models Between Converging Technologies and Data

Digitalization or more precisely the "digital transformation" has led us to the "digital enterprise". It strives to deliver on its promise to leverage previously unused data and the information it contains for the benefit of the enterprise and its business. And although these two terms can…

Blog

HP Labs Renewed Focus on Endpoint Security Is Worth Watching

A visit to HP Labs offices in central Bristol, about 120 miles west of London, was a chance to catch up with the hardware part of the former Hewlett Packard conglomerate, which split in two four years ago. The split also meant that there are now two HP Labs, one for the HP business and the…

Blog

Redefining the Role of the CISO – Cybersecurity and Business Continuity Management Must Become One

Cyberattack resilience requires way more than just protective and defensive security tools and training. Resilience is about being able to recover rapidly and thus must include BCM (Business Continuity Management) activities. It is time to redefine the role of CISOs. I made this point in…

Webcast

Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off. Cybersecurity is one of the areas where virtually every…

Leadership Brief

Leadership Brief: Responding to Cyber Incidents - 80209

The overwhelming majority of organizations now depend upon online services to support their business and this exposes them to cyber security risks. While most have security protection technologies in place few have a plan for how they would respond to a cyber incident. Today, the question…

Blog

Need for Standards for Consumable Risk Engine Inputs

As cybercrime and concerns about cybercrime grow, tools for preventing and interdicting cybercrime, specifically for reducing online fraud, are proliferating in the marketplace. Many of these new tools bring real value, in that they do in fact make it harder for criminals to operate, and…

Leadership Brief

Leadership Brief: PSD2: New business opportunities and risks - 80303

The Revised Payment Service Directive (PSD2) Regulatory Technical Specifications (RTS) take effect this autumn across the EU. The directive will provide new benefits and rights for consumers, and create new business opportunities in the financial sector. However, new opportunities also…

Webcast

How to Stop Attacker Movement in Your Network Before They Reach your “Crown Jewels”

Nearly all high-impact cyberattacks have a phase in which the attacker must conduct lateral movement from their initial landing point to their ultimate target. To do this, the attacker needs a combination of credentials and available connections between one system and another. This is the…

Blog

The Best Security Tool Is Your Own Common Sense

Earlier this week, Germany’s Federal Office for Information Security (popularly known as BSI) has released their Digital Barometer 2019 (in German), a public survey of private German households that measured their opinions and experience with matters of cybersecurity. Looking at the…

Blog

Facebook Breach Leaves Half a Billion Users Hanging on the Line

It seems that there is simply no end to a long series of Facebook’s privacy blunders. This time, a security researcher has stumbled upon an unprotected server hosting several huge databases containing phone numbers of 419 million Facebook users from different countries. Judging by the…

Blog

How Do You Protect Your Notebook?

The other day I found a notebook on a train. It was in a compartment on the seat of a first-class car. The compartment was empty, no more passengers to see, no luggage, nothing. And no, it wasn't a laptop or tablet, it was a *notebook*. One made of paper, very pretty, with the name of a big…

Blog

Google Revelations Shatter Apple’s Reputation for Data Privacy

It’s not been a good couple of weeks for Apple. The company that likes to brand itself as superior to rivals in its approach to security has been found wanting. Early in August it was forced to admit that contractors had been listening in to conversations on its Siri network. It has…

Blog

Mastercard Breach Shows Third Party Security Is Priceless

Reports of a data breach against Mastercard began surfacing in Germany early last week with Sueddeutsche Zeitung (in German) one of the first news outlets to report on the loss. As is often the case in major corporate breaches, the company was slow to react officially. On Monday it said only…

Blog

Ransomware Criminals Have Raised the Stakes with Sodinokibi

A new strain of Sodinokibi ransomware is being used against companies in the United States and Europe. Already notable for a steep increase in ransoms demanded ($500,000 on average), the malware can now activate itself, bypassing the need for services users to click a phishing link for…

Boot Camp

Nov 12, 2019: Incident Response Boot Camp

Webinar

Sep 25, 2019: Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off.

KCx Talks

Sep 18, 2019: AI in Finance - Boosting Efficiency Through Innovation

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive…

Blog

Account Takeovers on the Rise

Account Takeover (ATO) attacks are on the rise. The 2019 Forter Fraud Attack Index shows a 45% increase in this type of attack on consumer identities in 2018. ATOs are just what they sound like: cybercriminals gain access to accounts through various illegal means and use…

Advisory Note

Advisory Note: Protect Your Cloud Against Hacks and Industrial Espionage - 72570

Hacks against on-premises and cloud infrastructure happen every day. Corporate espionage is not just the stuff of spy novels. Unethical corporate competitors and even government intelligence agencies use hacking techniques to steal data. Reduce the risk of falling victim to hackers and…

Executive View

Executive View: Radiflow SCADA Security Suite - 80053

Radiflow SCADA Security Suite is a comprehensive set of hardware products, software solutions, and managed services offering risk-based insights into ICS/SCADA networks, intelligent detection of IT and OT-related cyberthreats, as well as proactive protection against any deviations from…

Leadership Brief

Leadership Brief: Do I Need Endpoint Detection & Response (EDR)? - 80187

EDR products are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? If so, do you have the expertise in-house to properly deploy, operate, and get value out of it? We’ll look at reasons to consider EDR or EDR as a managed…

Blog

How to Train Your AI to Mis-Identify Dragons

This week Skylight Cyber disclosed that they were able to fool a popular “AI”-based Endpoint Protection (EPP) solution into incorrectly marking malware as safe. While trying to reverse-engineer the details of the solution's Machine Learning (ML) engine, the researchers found that…

Blog

Assuming High Criticality: Resilience, Continuity and Security for Organizations and Infrastructures

Acronyms are an ever-growing species. Technologies, standards and concepts come with their share of new acronyms to know and to consider. In recent years we had to learn and understand what GDPR or PSD2 stand for. And we have learned that IT security, compliance and data protection are key…

Webinar

Sep 12, 2019: How to Stop Attacker Movement in Your Network Before They Reach your “Crown Jewels”

Nearly all high-impact cyberattacks have a phase in which the attacker must conduct lateral movement from their initial landing point to their ultimate target. To do this, the attacker needs a combination of credentials and available connections between one system and another. This is the…

Blog

M&A Activity in Cybersecurity and IAM

It seems almost every week in cybersecurity and IAM we read of a large company buying a smaller one. Many times, it is a big stack vendor adding something that may be missing to their catalog, or buying a regional competitor. Sometimes it’s a medium-sized technology vendor picking up a…

Blog

Cybersecurity Pen-Tests: Time to Get Smart About Testing?

One of my favorite stories is of a pen-test team who were brought in and situated next door to the SOC (Security Operations Centre); and after a week on-site they were invited for a tour of the SOC where they queried a series of alarms [that they had obviously caused] only to be told…

Webcast

Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices

When discussing the matters of industrial cybersecurity with IT experts, lamenting the historical divide between OT and IT seems to be a popular topic: you would often hear that the OT engineers are stubbornly ignoring the latest cyberthreats and do not see security as a priority in general.

Webcast

The No. 1 Rule of Secure Cloud Migration: Know Your Unstructured and Dark Data and Where It Is Located

With a huge amount of data around, cloud migration is the ideal solution today. A necessary stage in migrating data to the cloud is putting it in order. This is particularly important when it comes to unstructured, so-called dark data: files and documents that are undermanaged (excel files…

Buyer's Compass

Buyer’s Compass: Endpoint Protection - 80110

Malware remains a global cybersecurity threat. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for…

Executive View

Executive View: Darktrace Enterprise Immune System - 80003

Darktrace Enterprise Immune System is a cyber-defense platform that utilizes a self-learning AI-based technology to detect, investigate and neutralize various cyber-threats in real time, across the whole corporate IT infrastructure, including physical and virtualized environments,…

Leadership Brief

Leadership Brief: Artificial Intelligence in Cybersecurity - 70278

Artificial Intelligence remains the hottest buzzword in almost every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop millions of complex rules sounds amazing:…

Webcast

Artificial Intelligence: Disruption Ahead?

When AI comes to mind, many people, maybe in Europe a bit more than in other parts of the world, fear some kind of terrestrial robot overlords taking over control, forcing us humans to surrender and devote our freedom to their understanding of a well-organized society without all those…

Blog

Artificial Intelligence in Cybersecurity: Are We There Yet?

Artificial Intelligence (along with Machine Learning) seems to be the hottest buzzword in just about every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop…

Blog

Smart Manufacturing: Locking the Doors You've Left Open When Connecting Your Factory Floor

Smart Manufacturing or, as the Germans tend to say, Industry 4.0, has already become a reality for virtually any business in manufacturing. However, as just recently demonstrated by the attack on Norsk Hydro, this evolution comes at a price: There are doors created and opened for attackers…

Webinar

Jun 13, 2019: Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices

When discussing the matters of industrial cybersecurity with IT experts, lamenting the historical divide between OT and IT seems to be a popular topic: you would often hear that the OT engineers are stubbornly ignoring the latest cyberthreats and do not see security as a priority in general.

Webinar

May 21, 2019: The No. 1 Rule of Secure Cloud Migration: Know Your Unstructured and Dark Data and Where It Is Located

With a huge amount of data around, cloud migration is the ideal solution today. A necessary stage in migrating data to the cloud is putting it in order. This is particularly important when it comes to unstructured, so-called dark data: files and documents that are undermanaged (excel files…

Executive View

Executive View: Amazon GuardDuty - 80005

Amazon GuardDuty is a fully managed, simple, and affordable security monitoring and threat detection service that combines machine learning and anomaly detection to enable quick and uncomplicated identification of suspicious activities and malicious behavior across AWS cloud accounts and…

Blog

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded……

Blog

The Wrong Click: It Can Happen to Anyone of Us

The Wrong Click: It Can Happen to Anyone of Us

Advisory Note

Advisory Note: Maturity Level Matrix for Cyber Security - 72555

KuppingerCole Maturity Level Matrixes for the major market segments within cyber security. These provide the foundation for rating the current state of your cyber security projects and programs.  

Blog

Are You Prepared for a Cyber-Incident?

According to the Ponemon Institute - cyber incidents that take over 30 days to contain cost $1m more than those contained within 30 days. However, less than 25% of organizations surveyed globally say that their organization has a coordinated incident response plan in place. In the UK, only…

Blog

Who's the Best Security Vendor of Them All?

This week I had an opportunity to visit the city of Tel Aviv, Israel to attend one of the Microsoft Ignite | The Tour events the company is organizing to bring the latest information about their new products and technologies closer to IT professionals around the world. Granted, the Tour…

Conference

Nov 12 - 14, 2019: Cybersecurity Leadership Summit 2019

In order to follow the footsteps of digital and technological advancements, have yourself prepared for the future and gain critical knowledge on emerging trends, KuppingerCole Analysts holds its second Cybersecurity Leadership Summit (#CSLS19) in Berlin, Germany, offering the remarkable…

Blog

BAIT and VAIT as Levers to Improving Security and Compliance (And Your IAM)

Usually, when we talk about special compliance and legal requirements in highly regulated industries, usually one immediately thinks of companies in the financial services sector, i.e. banks and insurance companies. This is obvious and certainly correct because these companies form the…

Blog

AI in a Nutshell

What AI is and what not

Blog

Top 5 CISO Topics for 2019

Where to put your focus on in 2019


KuppingerCole PLUS

Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

We Are Detective: Data Scientists to the Rescue for Cybersecurity and Governance

We Are Detective: Data Scientists to the Rescue for Cybersecurity and Governance

If the line "We are detective" only reminds you of "guilty pleasure" radio songs from the 1980s, despite the fact that you are responsible for cybersecurity or compliance in your company, then you should read on. In any case, you probably should read on because this is a trend that is becoming increasingly important in times of growing uncertainty and loss of trust – in contracts, in companies in the supply chain, in "the Internet", and in nation-states. Trust as the foundation for [...]

Stay Connected

Latest Insights

Hot Topics

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00