Security Information and Event Management

Video

KCLive Speaker Spotlight: Dirk Wahlefeld

Cyber-Attacks are increasing in frequency and they are getting smarter at an amazing pace, with each successful hit being potentially more disastrous than the last, causing greater destruction and incurring higher recovery costs. At the same time, we are working hard to increase resilience…

Blog

Arrival of the Digital Services Act (DSA)

The Digital Services Act (DSA), along with the Digital Market Act (DMA) are initiatives from the European Union Commission, proposed in December 2020 and agreed upon in April 2022. The main goal is to provide and ensure an accountable online environment in the EU, and regulate the…

Blog

Web 3.0 Creates a World Without Perimeters

Web and the metaverse is a trendy topic, so it is even nicer to enjoy a more nuanced view of the subject. An optimistic but still realistic sneek peak of our digital future. Katryna Dow from Meeco will elaborate on the challenges of Web3 in her Keynote The Omniverse SWOT on Thursday, May 12,…

Blog

The European Identity & Cloud Conference celebrates its 15th edition – time for looking back

As one of the founders of KuppingerCole Analysts, I’m also an EIC (European Identity & Cloud Conference) veteran. Looking back to the start in 2007, a lot has changed since then, but the core of EIC is what it has been from the very beginning: A conference that provides both…

Blog

Public-Private Cooperation in Cyberspace

Managing business in today's geopolitical context In the face of a geopolitical crisis, concerns are growing about the threat of cyber-attacks to global supply chains and private organizations, which are already in a precarious state due to the Covid-19 pandemic. When a crisis occurs,…

Blog

Software Supply Chain Risks: How to re-assess when there is a ban?

Over the past 16 months, Software Supply Chain Risks have risen to a top concern of CISOs, caused by several software supply chain attacks as well as major risks induced by vulnerabilities in extensively used standard software components, specifically Log4j/Log4shell. Understanding and…

Blog

Prepare, Prevent and Protect

Is your Digital Supply Chain your weakest Link? In the 1950’s the Lyons restaurant chain in the UK built their own computer and wrote all the applications that they needed to manage and optimize their operations. This was called LEO – Lyons’ Electronic Office.  Today,…

Webinar

Apr 26, 2022: The Machine Monitoring Mandate

Governments world-wide are increasingly worried about the social unrest that could result from a cybersecurity compromise of critical infrastructure. This has highlighted the fact that the underlying operational technology (OT) is often inadequately protected, and that this must change.

Video

Analyst Chat #111: From SIEM to Intelligent SIEM and Beyond

A comprehensive cybersecurity strategy typically includes the use of modern, intelligent Security Information and Event Management (SIEM) platforms. These go far beyond simply aggregating and analyzing log files. Alexei Balaganski outlines the latest market developments based on his…

Blog

Adding Bread to the Sandwich: Beyond MITRE D3FEND

Commissioned by HCL Software Over the past years, various frameworks and models for defending against cyber-attacks have been published. A popular one is the NIST CSF (Cybersecurity Framework), another one is MITRE D3FENDTM. Both have overlaps and differ in other areas. But, when looking…

Blog

Google Cloud Advances Security Capabilities by Acquiring SOAR Vendor Siemplify

Yesterday, Google has announced that it has acquired Siemplify, a well-known provider of security orchestration, automation and response (SOAR) solutions, for an undisclosed amount. The stated strategic goal of this acquisition is to “change the rules on how organizations hunt, detect,…

Blog

Log4j – How Well Did You Perform?

Over the past few weeks since this vulnerability was made public much has been written by many on what your organization should do about it.  This is not the end of the story; Apache has already released 3 patches for related vulnerabilities, and you need to be ready for the next one…

Video

Analyst Chat #106: 2021 - A Retrospective

Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.

Video

Analyst Chat #102: Impressions and Insights From the CSLS 2021

From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event. The recordings and slide decks are available…

Blog

CSLS Speaker Spotlight: Martin Kuppinger on Cloud Security

Martin Kuppinger, Principal Analyst at KuppingerCole, will give a presentation entitled Cloud Security 2025 – Perspective & Roadmap on Thursday, November 11 from 11:00 am to 11:20 am at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect, we asked…

Blog

CSLS Speaker Spotlight: Joe Sullivan on Securing the Cloud

Joe Sullivan, Chief Security Officer at Cloudflare, Inc., will give a presentation entitled Securing the Cloud - From the Inside Out on Thursday, November 11 from 15:40 pm to 16:00 pm at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect, we asked Joe some…

Blog

CSLS Speaker Spotlight: Stefan Würtemberger on Successful Cyberattacks

Stefan Würtemberger, Vice President Information Technology at Marabu Inks, will give a presentation on the impact of cyber attacks on businesses entitled And Suddenly It Burns Without Fire on Wednesday, November 10 from 10:10 am to 10:30 am at Cybersecurity Leadership Summit 2021. To…

Blog

CSLS Speaker Spotlight: Vodafone's Andrzej Kawalec on Ransomware

Andrzej Kawalec, Head of Cybersecurity at Vodafone Business, will give a presentation entitled Ransomware: What Happens When the Tech Stops? on Thursday November 11 from 09:30 pm to 09:50 am at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect, we asked…

Blog

CSLS Speaker Spotlight: MasterCard's Donnie Wendt on Machine Learning in Cybersecurity

Donnie Wendt, Principal Security Researcher at MasterCard, will give a presentation entitled Machine Learning: Cybersecurity’s Friend & Foe on Wednesday, November 10 from 14:20 pm to 14:40 pm at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect,…

Blog

CSLS Speaker Spotlight: Deutsche Telekom CSO Thomas Tschersich on His Cybersecurity Predictions for 2022

Thomas Tschersich, Chief Security Officer at Deutsche Telekom, served as an advisor in the preparation for the Cyber Council Panel on Cybersecurity Predictions 2022 which will see CISOs, CIOs, and CSOs discuss next year's cybersecurity threatscape on Wednesday, November 10 from 09:30 pm to…

Blog

CSLS Speaker Spotlight: Oliver Carr on Maximizing the Value of Security

Oliver Carr, cybersecurity evangelist and strategist will discuss the Maximizing the Value of Security on Wednesday, November 10 from 12:00 pm to 12:20 pm at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect, we asked Oliver some questions about his…

Blog

Complex Modern Business Needs Trusted IT Partners to Be Secure

In today’s business environment, companies have three major challenges – making a profit, finding great people, and staying ahead of the competition. That’s quite enough, but they also have major operational challenges with IT, cyber security, and compliance. For example,…

Blog

CSLS Speaker Spotlight: KC Analyst Alexei Balaganski on the Human Factor in Cybersecurity

Alexei Balaganski, Lead Analyst and Chief Technology Officer at KuppingerCole will discuss the Human Factor in Cybersecurity on Wednesday, November 10 from 11:00 am to 13:00 pm in the first track at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect, we…

Blog

CSLS Speaker Spotlight: Twitter CISO Rinki Sethi on Transforming Security Culture

Rinki Sethi, Vice President and CISO at Twitter will discuss Transforming Security Culture in a Fireside Chat on Wednesday, November 11 starting at 17:40 pm at Cybersecurity Leadership Summit 2021. To give you a sneak preview of what to expect, we asked Rinki some questions about her…

Video

Analyst Chat #96: How to Combine Security And Convenience (EIC 2021 Special)

While moderating and speaking at KuppingerCole's flagship EIC 2021 event in Munich, Matthias also took the opportunity to sit down one-on-one with his fellow analysts in the conference studio for some EIC special analyst chat episodes. In the third and final special episode, Martin…

Blog

IT for the Digital Age: Introducing BASIS – Business-Driven Agile Secure IT as a Service

A paradigm for unified delivery of IT services to the business demand, based on automated, policy-based management, and supported by the unification of heterogeneous multi-cloud multi-hybrid IT environments following a services-based approach. Businesses need to reinvent themselves…

Video

Analyst Chat #92: How the Cybersecurity Market Is Evolving

Cybersecurity is one of the areas where virtually every business will need to invest because of ever-growing cyber risks and ever-tightening regulations, and in the post-Covid era, the cybsersecurity market continues to evolve and grow, having gained even greater importance. Warwick Ashford…

Video

Analyst Chat #88: What (and why) is XDR?

XDR (eXtended Detection & Response) solutions are an emerging category of security tools that are designed to consolidate and replace multiple point solutions. John Tolbert and Alexei Balaganski join Matthias and share their views on this market, the existing offerings, and how it might…

Blog

Dark Side Ransomware Attacks

Last week Colonial Pipeline, one of the largest pipelines in the US, was hit by a ransomware attack from the Dark Side cybercrime group. While many pertinent specifics about the attack are not known, FireEye and US Cybersecurity and Infrastructure Security Agency (CISA) have shed some light…

Blog

Why Digital Trust Is at the Top Of CXOs’ Agenda… Even if They Don’t Realise It

When thinking about the C-suite’s priorities, people tend to focus on growth, security, digital transformation or, more recently, keeping a remote workforce running. All of these aspects are important to keep the business profitable, remain at the forefront of innovation, maintain…

Video

Die Angriffsfläche Ihres Unternehmens aus den Augen eines Hackers

Mit zunehmender Digitalisierung und der Nutzung von Cloud-Services steigt das Angriffspotenzial auf die digitale Infrastruktur von Unternehmen. Hacker nutzen neuste Technologien, um Schwachstellen ausfindig zu machen und starten mit diesem Wissen Ihre Angriffe.

Video

Analyst Chat #73: Cybersecurity Vulnerabilities of Remote Work

Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.  

Video

Analyst Chat #72: WfH Global Technology Trends 2021

Annie and Matthias continue their conversation on the COVID-related trends in 2021. They conversate about different technology and internet usage trends, and also mention some potential topics that will become more prominent in the future as a learning from these trends.

Video

Jochen Fischer: SAP Applications Under Attack! How to Enforce the Three Lines of Defense

Video

Marco Hammel: How to Avoid Costly SAP Security Pitfalls. Why to Make Security Start With People and Not With Tools

Video

Hernan Huwyler: Security and Governance Done Right

Video

Analyst Chat #71: Cybercriminal Behavior in the COVID Era

While the world tries to cope up with the on-going pandemic, cybercriminals have got their hands on a gold mine. Annie and Matthias sit down again to chat about the overall picture of cyberattacks, including COVID-related lures.

Blog

OneTrust Acquisition of Convercent

OneTrust, provider of data privacy, security, and governance solutions has announced that it will acquire Convercent, an enterprise GRC solution with an ethics and compliance portal. Slotting itself as a strategic acquisition, the two companies will be aligning and merging their products to…

Blog

Time CISOs Stopped Trying to Speak to the Board?

I have been covering cybersecurity issues, first as a journalist then as an analyst, since 2006. In that 15 years I have heard the mantra that security is a boardroom issue hundreds of times. The subject has filled countless conference talks and media articles. It appears that the message…

Blog

Why Enterprises Are Choosing SOAR for SOCs

Security Orchestration, Automation, and Response (SOAR) platforms are attracting a lot of attention from many organizations, from enterprises to government agencies and even those on the upper end of Small-to-Mid-Sized Businesses (SMBs). The reason for this is clear: the cybersecurity…

Blog

Symphony Technology Group (STG) Acquires McAfee Enterprise Business

STG announced that they intend to acquire McAfee’s enterprise business for around $4B. The McAfee brand will continue to operate and focus on consumer cybersecurity. STG will pick up MVISION, Global Threat Intelligence, database security, unified endpoint security, CASB, CSPM, CWPP,…

Video

Analyst Chat #62: The SOCaaS Market Segment - A First Look

The Security Operations Center-as-a-Service (SOCaaS) market has emerged and continues to develop in response to demand for security monitoring, analysis, detection, response, and improvement recommendations either instead of or as a supplement to permanent on-premises SOCs. KuppingerCole…

Blog

Ivanti’s Zero Trust Journey

Ivanti has completed its acquisition of MobileIron and Pulse Secure. Ivanti, headquartered in Salt Lake City, had its roots in desktop management (LANDESK), evolved into endpoint and patch management, and had added full IT asset, service, and workspace management, as well as IAM…

Video

Zero Trust for the Workforce

While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially.

Blog

We Are Detective: Data Scientists to the Rescue for Cybersecurity and Governance

If the line "We are detective" only reminds you of "guilty pleasure" radio songs from the 1980s, despite the fact that you are responsible for cybersecurity or compliance in your company, then you should read on. In any case, you probably should read on because this is a trend that is…

Hybrid Event

Nov 09 - 11, 2021: Cybersecurity Leadership Summit 2021

The Cybersecurity Leadership Summit brings together top security leaders to discuss latest trends and developments in the cyber space. CSLS goes beyond IT troubleshooting and primarily focusses on the managerial aspects of cybersecurity. The COVID-19 pandemic has unequivocally accelerated…

Blog

Cybersecurity Awareness – Are We Doing Enough?

It’s October and it means that we are having the European Cybersecurity Month again. ECSM is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organizations. To be completely honest, I do not remember it being much of a thing in…

Video

The Role of Data-Centric Security in the Cloud

As modern businesses across all verticals continue their rapid digitalization, the need to store, process and exchange data securely is becoming an essential factor for any company. However, this is particularly challenging for high-tech companies dealing with highly-sensitive R&D data.

Video

Die Demokratisierung der Cybersicherheit

Im Laufe der vergangenen Jahrzehnte haben Unternehmen vielen Anstrengungen auf sich genommen, um ihre IT-Sicherheit zu verbessern und so ihre Daten und Netzwerke zu schützen. Eine Konsequenz daraus wird immer deutlicher sichtbar: CISOs und ihre Teams müssen sich um eine (zu)…

Webinar

Dec 01, 2020: Zero Trust for the Workforce

While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially.

Blog

10 Use Cases for Universal Privilege Management

Even before COVID-19 entered our lexicon, privileged access management (PAM) was widely recognized as a foundational cybersecurity technology. In recent years, almost every cyberattack has involved compromised or misused privileges/privileged credentials. Most malware needs privileges to…

Blog

AI-Powered Data for All – Informatica's Acquisition of GreenBay Technologies

Informatica has just announced that they have made another acquisition this summer: GreenBay Technologies, a startup focused on AI and machine learning. Read about their July 2020 acquisition here. GreenBay Technologies brings CloudMatcher to Informatica’s Intelligent Data Platform…

Blog

A Look at NIST’s Zero Trust Architecture

NIST, the US National Institute for Standards and Technology, recently released SP 800-207 Zero Trust Architecture. The NIST special publication examines the principles of and motivations for ZTA, as well as implementation considerations, security concerns, and suggestions for improvements…

Webinar

Sep 28, 2020: The Role of Data-Centric Security in the Cloud

As modern businesses across all verticals continue their rapid digitalization, the need to store, process and exchange data securely is becoming an essential factor for any company. However, this is particularly challenging for high-tech companies dealing with highly-sensitive R&D data.

Video

Remote Work and IAM – A Unique Opportunity for Security Leaders

Nowadays, Identity and Access Management (IAM) is undeniably the first line of defense for organizations worldwide. It enables employees to securely access applications while enhancing control and transparency. But IAM is also on the change. It is already more than just the traditional…

Video

Analyst Chat #33: Vendor Consolidation in Cybersecurity

Matthias Reinwarth and Jonh Tolbert discuss the ongoing consolidation of the cybersecurity market and talk about its reasons and potential consequences.

Video

Security Fabric: Building a Secure Future With a Flexible IT Architecture

IT security is of central importance to companies. There are many requirements that must be met so that users with different roles and rights can use the various computers and networks securely and efficiently.

Blog

The Latest Twitter “Hack” Raises Inconvenient Questions

It looks like the whole world is currently talking (at least, tweeting) about the latest large-scale Twitter hack. High profile accounts of the likes of Barack Obama, Joe Biden, Bill Gates, and Jeff Bezos, as well as companies like Apple or Uber, were suddenly promoting a cryptocurrency…

Webinar

Sep 10, 2020: Die Demokratisierung der Cybersicherheit

Im Laufe der vergangenen Jahrzehnte haben Unternehmen vielen Anstrengungen auf sich genommen, um ihre IT-Sicherheit zu verbessern und so ihre Daten und Netzwerke zu schützen. Eine Konsequenz daraus wird immer deutlicher sichtbar: CISOs und ihre Teams müssen sich um eine (zu) große Zahl an…

Video

Analyst Chat #25: The Cargo Cult of Cybersecurity

Matthias Reinwarth and Alexei Balaganski talk about the reasons many companies are still failing to protect themselves from cyberattacks and data breaches even after spending so much on security tools.

Blog

Security Fabric: Investing in the Right Architecture for a Secure Future

Modern and hybrid operating models, Software-as-a-Service, regulatory requirements, working from home, various types of internal and external users, and the phenomenon of BYOD (bring your own device) are challenges we have to face today. Such challenges are constantly emerging, which demands…

Webinar

Jul 23, 2020: Remote Work and IAM – A Unique Opportunity for Security Leaders

Nowadays, Identity and Access Management (IAM) is undeniably the first line of defense for organizations worldwide. It enables employees to securely access applications while enhancing control and transparency. But IAM is also on the change. It is already more than just the traditional…

Video

Analyst Chat #23: When is a Security Product not a Security Product?

Matthias Reinwarth and John Tolbert talk about profound implications of security products not having their administrative interfaces sufficiently secured with technologies like multi-factor authentication.

Webinar

Jul 22, 2020: Security Fabric: Building a Secure Future With a Flexible IT Architecture

IT security is of central importance to companies. There are many requirements that must be met so that users with different roles and rights can use the various computers and networks securely and efficiently.

Video

Cybersecurity Investment Priorities - Set Your Focus Right

Blog

Cybersecurity Investment Priorities - Portfolio Optimization

Video

Cybersecurity Investment Priorities - Portfolio Optimization

Blog

Microsoft Adding New Capabilities to Azure Active Directory

Over the past years, Microsoft has spent significant effort to make Azure Active Directory (Azure AD) the central platform for identities in Microsoft environments and beyond. Microsoft now announced several new capabilities that help to support further use cases. New features in Azure AD…

Blog

KuppingerCole Analyst Chat: The Alphabet Soup of Security Analytics

Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.

Video

Analyst Chat #14: The Alphabet Soup of Security Analytics

Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.

Video

Analyst Chat #13: Cybersecurity Portfolio Optimization

Matthias Reinwarth and Christopher Schütze talk about how to efficiently identify and rate your investments into Cybersecurity.

Blog

3 Steps to Improve Your Cybersecurity with Enterprise Risk Management

If you start considering the topic of cybersecurity in your company, you’ll quickly realize that there are many facets. In traditional companies, IT has grown in parallel to meet the requirements in digitization and production in a timely manner. These traditional companies and their…

Blog

Why BCM/BCRM and Cybersecurity Must Converge

Video

Why BCM/BCRM and Cybersecurity Must Converge

Blog

KuppingerCole Analyst Chat: How to Ensure Your Video Conference’s Security

Matthias Reinwarth and Martin Kuppinger discuss the measures necessary for securing your favorite online communication platform.

Video

Analyst Chat #11: How to Ensure Your Video Conference’s Security

Matthias Reinwarth and Martin Kuppinger discuss the measures necessary for securing your favorite online communication platform.

Blog

Security Should Not Become a "Business Disabler"

Video

Security Should Not Become a "Business Disabler"

Blog

CoronaApp: Time to Act Now, Not to Talk

Kuppingercole's Principal Analyst Martin Kuppinger gives his opinion on problems and arguments surrounding various apps for tracking the spread of the virus. And privacy is not the biggest challenge here... You can watch his speech in English or in German below.

Video

CoronaApp: Time to Act Now, Not to Talk

Kuppingercole's Principal Analyst Martin Kuppinger gives his opinion on problems and arguments surrounding various apps for tracking the spread of the virus. And privacy is not the biggest challenge here...

Blog

Cybersecurity of Tomorrow: Delivered Entirely From the Cloud

As businesses embrace the Digital Transformation and become increasingly cloud-native, mobile and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide…

Blog

Sind die BSI Richtlinien für Gesundheitsanwendungen richtig und ausreichend?

Nie war Digital Healthcare so wichtig wie heute, in Zeiten von COVID-19. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat eine Richtlinie für sichere Anwendungen im Gesundheitswesen vorgestellt. Richtig und wichtig, auch Security by Design und Privacy by Design…

Blog

Zero Trust Paradigm for the Future of Security

Martin Kuppinger explains the meaning behind the popular buzzword.

Blog

KuppingerCole Analyst Chat: Five Key Topics for Cybersecurity

Matthias Reinwarth and Martin Kuppinger identify the key topics for cybersecurity in the times of crisis. Get a complete overview on Business Resilience Management for free and read the Analyst Advice from Senior Analyst Warwick Ashford!

Video

Analyst Chat #6: Five Key Topics for Cybersecurity

Matthias Reinwarth and Martin Kuppinger identify the key topics for cybersecurity in the times of crisis. Get a complete overview on Business Resilience Management for free and read the Analyst Advice from Senior Analyst Warwick Ashford!

Blog

KuppingerCole Analyst Chat: Beyond Prevention - the Bigger Picture of Cyber Security

Matthias Reinwarth and Christopher Schütze are taking a look at five different phases of cyber security.

Video

Analyst Chat #5: Beyond prevention - The Bigger Picture of Cyber Security

Matthias Reinwarth and Christopher Schütze are taking a look at five different phases of cyber security.

Blog

AI Landscape: More Complicated Than You Might Have Thought

I’m by no means an AI expert. Sure, I’ve been following the topic with much curiosity ever since reading an article about thinking machines back in 1990. Also, having a degree in mathematics sometimes helps to understand certain technicalities behind product labels. Still,…

Blog

KuppingerCole Analyst Chat: Setting Your Cybersecurity Priorities Right

Matthias Reinwarth and Martin Kuppinger explain what you could be doing wrong with regards to cybersecurity priorities.

Video

Analyst Chat #4: Setting Your Cybersecurity Priorities Right

Matthias Reinwarth and Martin Kuppinger explain what you could be doing wrong with regards to cybersecurity priorities.

Blog

KuppingerCole Analyst Chat: Cybersecurity in the Enterprises in the Age of WFH

Matthias Reinwarth and Martin Kuppinger are discussing the security challenges enterprises are now facing with the majority of employees working from home.

Video

Analyst Chat #2: Cybersecurity in the Enterprises in the Age of WFH

Matthias Reinwarth and Martin Kuppinger are discussing the security challenges enterprises are now facing with the majority of employees working from home.

Blog

Was die IT in der Krise NICHT machen sollte

Martin Kuppinger spricht über die Dinge, die IT-Teams in der Krise in jedem Fall vermeiden sollten.

Video

Was die IT in der Krise NICHT machen sollte

Martin Kuppinger spricht über die Dinge, die IT in jedem Fall in der Corona-Krise vermeiden sollte.

Blog

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

Today, Lead Analyst John Tolbert gives his five work from home cybersecurity recommendations for enterprises.

Video

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

John Tolbert is talking about the current situation with regards the pandemic crisis and the cybersecurity-related things to consider for enterprises.

Video

Data Sovereignty in Public Clouds

Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the attacker  could enter.

Blog

Die fünf wichtigsten Cybersecurity Maßnahmen für Unternehmen in Zeiten des Home Office

Martin Kuppinger spricht in seinem Video über die wichtigsten Cybersecurity-Maßnahmen für Unternehmen während der Corona-Pandemie.

Video

Die fünf wichtigsten Cybersecurity Maßnahmen für Unternehmen in Zeiten des Home Office

Martin Kuppinger spricht über die wichtigsten Cybersecurity-Maßnahmen für Unternehmen während der Corona-Pandemie.  

Blog

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

As the business world moves to rapidly enable work-from-home (WFH), enterprise IT teams need to shift resources and priorities to ensure that remote workers are protected. Already we see malicious actors adapting and targeting remote workers more. My colleague Alexei Balaganski published a…

Blog

Malicious Actors Exploiting Coronavirus Fears

Security researchers are discovering a number of malicious attacks designed to exploit public fears around COVID-19, more commonly just called coronavirus. The attacks to date take two major forms: a map which looks legitimate but downloads #malware, and various document attachments that…

Video

Holen Sie sich das SIEM, das Sie schon immer wollten: intelligent, automatisiert, mit unbegrenzter Kapazität

Vor 15 Jahren wurden Security-Information-and-Event-Management-Produkte (SIEM) als die ultimative Lösung für alle Sicherheitsprobleme in Unternehmen gefeiert, und das nicht ohne Grund: Schließlich ist die zentrale Erfassung und Verwaltung sicherheitsrelevanter Daten…

Webinar

Mar 26, 2020: Data Sovereignty in Public Clouds

Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the attacker  could enter.

Blog

Top 5 Recommendations for Reducing Cyber Risks in 2020

The turn of the year has been an occasion for many cybersecurity news outlets to talk about trends and challenges in cybersecurity. Despite the importance of knowing what the trends and challenges are, we want to give you some hands-on recommendations to increase security for your company.…

Blog

Why C-SCRM Is Becoming so Essential for Your Digital Business

The current discussion around Huawei and whether or not it should be endorsed as a supplier for 5G mobile network hard- and software has reminded us on how dependent we are on the integrity and reliability of such manufacturers and how difficult it is to trust their products if they are…

Video

Cybersecurity Trends and Challenges 2020

Digitalization evolves with the increased use of microcomputers in everyday objects like cars and smart fridges, but also in industrial applications. Therefore, communication between devices is growing accordingly. While connecting devices is supposed to make our lives easier, it poses a…

Blog

Three Critical Elements Required to Close the Cybersecurity Skills Gap

The status on cybersecurity is fairly clear: 82% of employers report that their cybersecurity skills are not enough to handle the rising number of cyber incidents (Center for Strategic & International Studies, 2019. The Cybersecurity Workforce Gap). There is a gap – a gap between…

Virtual Academy KC Master Class

Feb 18, 2020: Incident Response Management

In this KC Master Class you learn how to react adequately when a cyberattack has occurred in your company. Our analysts will prepare you for this worst case scenario by showing you how to rate risks realistically and integrate these ratings into your general incident response strategy. This…

Blog

The C5:2020 - A Valuable Resource in Securing the Provider-Customer Relationship for Cloud Services

KuppingerCole has accompanied the unprecedented rise of the cloud as a new infrastructure and alternative platform for a multitude of previously unimaginable services – and done this constructively and with the necessary critical distance right from the early beginnings (blog post from…

Video

Improve Security With Critical Infrastructures Requirements

Organizations or institutions that are essential for the public are called Critical Infrastructures (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant…

Blog

The Next Best Thing After "Secure by Design"

There is an old saying that goes like this: “you can lead a horse to water, but you can’t make it drink”. Nothing personal against anyone in particular, but it seems to me that it perfectly represents the current state of cybersecurity across almost any industry. Although…

Blog

Quantum Computing and Data Security - Pandora's Box or a Good Opportunity?

Not many people had heard of Schroedinger's cat before the CBS series "The Big Bang Theory" came out. Dr. Sheldon Cooper used this thought experiment to explain to Penny the state of her relationship with Lennard. It could be good and bad at the same time, but you can't be sure until you've…

Blog

Proper Patch Management Is Risk-Oriented

With regard to cybersecurity, the year 2020 kicks off with considerable upheavals. Few days ago, my colleague Warwick wrote about the security problems that arise with some of Citrix's products and that can potentially affect any company, from start-ups and SMEs to large corporations and…

Webinar

Feb 18, 2020: Holen Sie sich das SIEM, das Sie schon immer wollten: intelligent, automatisiert, mit unbegrenzter Kapazität

Vor 15 Jahren wurden Security-Information-and-Event-Management-Produkte (SIEM) als die ultimative Lösung für alle Sicherheitsprobleme in Unternehmen gefeiert, und das nicht ohne Grund: Schließlich ist die zentrale Erfassung und Verwaltung sicherheitsrelevanter Daten über alle IT-Systeme…

Blog

More SEs + TEEs in Products = Improved Security

Global Platform announced in 4Q2019 that more than 1 billion TEE (Trusted Execution Environment) compliant devices shipped in 2018, and that is a 50% increase from the previous year. Moreover, 6.2 billion SEs (Secure Elements) were shipped in 2018, bringing the total number of SEs…

Blog

The 20-Year Anniversary of Y2K

The great non-event of Y2K happened twenty years ago. Those of us in IT at that time weren’t partying like it was 1999, we were standing by making sure the systems we were responsible for could handle the date change. Fortunately, the hard work of many paid off and the entry into the…

Webinar

Jan 30, 2020: Cybersecurity Trends and Challenges 2020

Digitalization evolves with the increased use of microcomputers in everyday objects like cars and smart fridges, but also in industrial applications. Therefore, communication between devices is growing accordingly. While connecting devices is supposed to make our lives easier, it poses a…

Blog

Breaches and Regulations Drive Better Security, AWS re:Invent Shows

The high proportion of cyber attacks enabled by poor security practices has long raised questions about what it will take to bring about any significant change. Finally, however, there are indications that the threat of substantial fines for contravening the growing number of data protection…

Webinar

Jan 23, 2020: Improve Security With Critical Infrastructures Requirements

Organizations or institutions that are essential for the public are called Critical Infrastructures (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations.

Blog

Benchmarking Cybersecurity Environments

Addressing cybersecurity within a company often occurs in response to an incident which impacts a business’ operations. A cyber incident could be a data breach or malicious disclosure of internal information to the public. Ideally a company starts thinking about cybersecurity before…

Blog

VMware’s New Idea for Fixing Cybersecurity: Intrinsic Security

At VMworld Europe 2019, Pat Gelsinger, CEO of VMware said security is fundamentally broken and that the overabundance of vendors is making the problem worse. I’m not sure this is true. Gelsinger had some good lines: applications that are updated and patched on a regular basis should be…

Blog

Renovate Your IAM-House While You Continue to Live in It

Do you belong to the group of people who would like to completely retire all obsolete solutions and replace existing solutions with new ones in a Big Bang? Do you do the same with company infrastructures? Then you don't need to read any further here. Please tell us later, how things worked…

Blog

Cyber-Attacks: Why Preparing to Fail Is the Best You Can Do

Nowadays, it seems that no month goes by without a large cyber-attack on a company becoming public. Usually, these attacks not only affect revenue of the attacked company but reputation as well. Nevertheless, this is still a completely underestimated topic in some companies. In the United…

Virtual Event

Nov 09 - 11, 2020: Cybersecurity Leadership Summit 2020

In order to follow the footsteps of digital and technological advancements, have yourself prepared for the future and gain critical knowledge on emerging trends, KuppingerCole Analysts holds its second Cybersecurity Leadership Summit (#CSLS20) virtually, offering the remarkable world-class…

Blog

Akamai to Block Magecart-Style Attacks

Credit card data thieves, commonly known as Magecart groups, typically use JavaScript code injected into compromised third-party components of e-commerce websites to harvest data from shoppers to commit fraud. A classic example was a Magecart group’s compromise of Inbenta…

Blog

Microsoft Partnership Enables Security at Firmware Level

Microsoft has partnered with Windows PC makers to add another level of cyber attack protection for users of Windows 10 to defend against threats targeting firmware and the operating system. The move is in response to attackers developing threats that specifically target firmware as the IT…

Blog

Can Your Antivirus Be Too Intelligent Sometimes?

Current and future applications of artificial intelligence (or should we rather stick to a more appropriate term “Machine Learning”?) in cybersecurity have been one of the hottest discussion topics in recent years. Some experts, especially those employed by anti-malware vendors,…

Blog

Privileged Access Management Can Take on AI-Powered Malware to Protect Identity-Based Computing

Much is written about the growth of AI in the enterprise and how, as part of digital transformation, it will enable companies to create value and innovate faster. At the same time, cybersecurity researchers are increasingly looking to AI to enhance security solutions to better protect…

Blog

As You Make Your KRITIS so You Must Audit It

Organizations of major importance to the German state whose failure or disruption would result in sustained supply shortages, significant public safety disruptions, or other dramatic consequences are categorized as critical infrastructure (KRITIS). Nine sectors and 29 industries currently…

Blog

Stell Dir vor, es ist KRITIS und keiner geht hin

„Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit…

Blog

HP Labs Renewed Focus on Endpoint Security Is Worth Watching

A visit to HP Labs offices in central Bristol, about 120 miles west of London, was a chance to catch up with the hardware part of the former Hewlett Packard conglomerate, which split in two four years ago. The split also meant that there are now two HP Labs, one for the HP business and the…

Blog

Redefining the Role of the CISO – Cybersecurity and Business Continuity Management Must Become One

Cyberattack resilience requires way more than just protective and defensive security tools and training. Resilience is about being able to recover rapidly and thus must include BCM (Business Continuity Management) activities. It is time to redefine the role of CISOs. I made this point in…

Video

Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off. Cybersecurity is one of the areas where virtually every…

Blog

Need for Standards for Consumable Risk Engine Inputs

As cybercrime and concerns about cybercrime grow, tools for preventing and interdicting cybercrime, specifically for reducing online fraud, are proliferating in the marketplace. Many of these new tools bring real value, in that they do in fact make it harder for criminals to operate, and…

Blog

The Best Security Tool Is Your Own Common Sense

Earlier this week, Germany’s Federal Office for Information Security (popularly known as BSI) has released their Digital Barometer 2019 (in German), a public survey of private German households that measured their opinions and experience with matters of cybersecurity. Looking at the…

Blog

Facebook Breach Leaves Half a Billion Users Hanging on the Line

It seems that there is simply no end to a long series of Facebook’s privacy blunders. This time, a security researcher has stumbled upon an unprotected server hosting several huge databases containing phone numbers of 419 million Facebook users from different countries. Judging by the…

Blog

How Do You Protect Your Notebook?

The other day I found a notebook on a train. It was in a compartment on the seat of a first-class car. The compartment was empty, no more passengers to see, no luggage, nothing. And no, it wasn't a laptop or tablet, it was a *notebook*. One made of paper, very pretty, with the name of a big…

Blog

Google Revelations Shatter Apple’s Reputation for Data Privacy

It’s not been a good couple of weeks for Apple. The company that likes to brand itself as superior to rivals in its approach to security has been found wanting. Early in August it was forced to admit that contractors had been listening in to conversations on its Siri network. It has…

Blog

Mastercard Breach Shows Third Party Security Is Priceless

Reports of a data breach against Mastercard began surfacing in Germany early last week with Sueddeutsche Zeitung (in German) one of the first news outlets to report on the loss. As is often the case in major corporate breaches, the company was slow to react officially. On Monday it said only…

Blog

Ransomware Criminals Have Raised the Stakes with Sodinokibi

A new strain of Sodinokibi ransomware is being used against companies in the United States and Europe. Already notable for a steep increase in ransoms demanded ($500,000 on average), the malware can now activate itself, bypassing the need for services users to click a phishing link for…

Boot Camp

Nov 12, 2019: Incident Response Boot Camp

Webinar

Sep 25, 2019: Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off.

Blog

Account Takeovers on the Rise

Account Takeover (ATO) attacks are on the rise. The 2019 Forter Fraud Attack Index shows a 45% increase in this type of attack on consumer identities in 2018. ATOs are just what they sound like: cybercriminals gain access to accounts through various illegal means and use…

Blog

How to Train Your AI to Mis-Identify Dragons

This week Skylight Cyber disclosed that they were able to fool a popular “AI”-based Endpoint Protection (EPP) solution into incorrectly marking malware as safe. While trying to reverse-engineer the details of the solution's Machine Learning (ML) engine, the researchers found that…

Blog

Assuming High Criticality: Resilience, Continuity and Security for Organizations and Infrastructures

Acronyms are an ever-growing species. Technologies, standards and concepts come with their share of new acronyms to know and to consider. In recent years we had to learn and understand what GDPR or PSD2 stand for. And we have learned that IT security, compliance and data protection are key…

Blog

Cybersecurity Pen-Tests: Time to Get Smart About Testing?

One of my favorite stories is of a pen-test team who were brought in and situated next door to the SOC (Security Operations Centre); and after a week on-site they were invited for a tour of the SOC where they queried a series of alarms [that they had obviously caused] only to be told…

Blog

M&A Activity in Cybersecurity and IAM

It seems almost every week in cybersecurity and IAM we read of a large company buying a smaller one. Many times, it is a big stack vendor adding something that may be missing to their catalog, or buying a regional competitor. Sometimes it’s a medium-sized technology vendor picking up a…

Video

Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices

When discussing the matters of industrial cybersecurity with IT experts, lamenting the historical divide between OT and IT seems to be a popular topic: you would often hear that the OT engineers are stubbornly ignoring the latest cyberthreats and do not see security as a priority in general.

Virtual Event

Nov 24 - 25, 2020: cybernetix.world 2020

cybernetix.world is the first decentralized event for global communities. This event offers you talks, panel discussions and workshops relevant for an enterprise executive but also for a private citizen. The event will cover all aspects of digitalization and the interaction of humans and technology.

Blog

Artificial Intelligence in Cybersecurity: Are We There Yet?

Artificial Intelligence (along with Machine Learning) seems to be the hottest buzzword in just about every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop…

Blog

Smart Manufacturing: Locking the Doors You've Left Open When Connecting Your Factory Floor

Smart Manufacturing or, as the Germans tend to say, Industry 4.0, has already become a reality for virtually any business in manufacturing. However, as just recently demonstrated by the attack on Norsk Hydro, this evolution comes at a price: There are doors created and opened for attackers…

Webinar

Jun 13, 2019: Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices

When discussing the matters of industrial cybersecurity with IT experts, lamenting the historical divide between OT and IT seems to be a popular topic: you would often hear that the OT engineers are stubbornly ignoring the latest cyberthreats and do not see security as a priority in general.

Blog

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded……

Blog

The Wrong Click: It Can Happen to Anyone of Us

The Wrong Click: It Can Happen to Anyone of Us

Blog

Are You Prepared for a Cyber-Incident?

According to the Ponemon Institute - cyber incidents that take over 30 days to contain cost $1m more than those contained within 30 days. However, less than 25% of organizations surveyed globally say that their organization has a coordinated incident response plan in place. In the UK, only…

Blog

Who's the Best Security Vendor of Them All?

This week I had an opportunity to visit the city of Tel Aviv, Israel to attend one of the Microsoft Ignite | The Tour events the company is organizing to bring the latest information about their new products and technologies closer to IT professionals around the world. Granted, the Tour…

Conference

Nov 12 - 14, 2019: Cybersecurity Leadership Summit 2019

In order to follow the footsteps of digital and technological advancements, have yourself prepared for the future and gain critical knowledge on emerging trends, KuppingerCole Analysts holds its second Cybersecurity Leadership Summit (#CSLS19) in Berlin, Germany, offering the remarkable…

Blog

BAIT and VAIT as Levers to Improving Security and Compliance (And Your IAM)

Usually, when we talk about special compliance and legal requirements in highly regulated industries, usually one immediately thinks of companies in the financial services sector, i.e. banks and insurance companies. This is obvious and certainly correct because these companies form the…

Blog

Top 5 CISO Topics for 2019

Where to put your focus on in 2019