KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Every year the number of cyber attacks is increasing. The types of targets include just about everyone, ranging from Fortune 500 companies, small and medium-sized businesses, critical infrastructure, and government agencies.
Cyber-attacks are becoming more sophisticated as well as growing in frequency. Up to a million new malware variants are created every day. Each new threat group can be significantly different from previous ones and can be used in damaging attacks around the world.
The Cybersecurity Innovation Night will focus on cutting-edge approaches and advanced solutions in the various areas of cybersecurity by utilizing Machine Learning (ML) and Deep Learning (DL) technologies. ML and DL have had many successful applications in image recognition and language processing, and now these techniques are the fastest growing trends in cybersecurity. These tools are gaining more traction in cybersecurity because they facilitate more efficient analysis and allow faster, automated responses to various threats.
The slam-style talks will present various approaches of combating cyber attacks and cybercrime using ML and DL techniques. Slammers will entertain and at the same time, try to convince the crowd that the world will be a safer place with their contribution.
An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and identifying anomalies and outliers. There are various technologies for doing so, focusing on network traffic, privileged user behavior, or access to unstructured data. All of these deliver to the one target: Mitigating risk of attacks.
We got security wrong. Enterprise security is failing with two-thirds of organizations experiencing an average of five or more security breaches in the past two years, according to Forrester. Adding to the fervor is the impact of Cloud, Mobile, DevSecOps, Access. The entire experience of developing, deploying and protecting applications has forever changed. In today’s network perimeter-free world, organizations must adopt a Zero Trust Security model – and shift from ‘trust but verify; to assume users inside a network are no more trustworthy than those outside. And with the digital economy in full swing, the adoption of continuous integration and deployment brings with it new challenges, including greater attack surfaces as well as increased, complex compliance.
In this session, Dr. Torsten George, cybersecurity evangelist, will explain how the velocity of DevSecOps, security breaches, access to applications is creating the mandate for Zero Trust, and in doing so ushering in a new era of experiences – everything from how we securely develop and deploy apps, to how we authorize access for consumers and privileged users. Dr. George will outline how to enforce risk-based policy in real time, at the point of access. He’ll also provide tips on how to speed up analysis and greatly minimize the effort required to assess risk across today’s hybrid IT environments through the use of machine learning.
Internet content providers rely on fast, modern webapps and feature-rich web frameworks to drive customers to their sites. In a landscape of accelerating change and continuous code deployment, my keynote will discuss how a company’s cybersecurity program must evolve to remain effective in such fast-paced environments.
IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm.
Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's micro-service-enabled, service-mesh-oriented infrastructure expects simple, resilient, self-discovery services instead of brittle monoliths that rely on manual configuration.
Operating IAM products with a DevOps setting in terms of automation, repeatability, and continuous improvement is possible through close collaboration between IAM, application, and infrastructure experts.
In today’s cloud-connected world, the way we work has changed. But security has not. When over half of the PCs in most organisations are mobile, you need to protect your workforce wherever they access the internet – not just when they are in the office. You need to identify attacks as they are staged on the internet, so you can block them before they launch.
Join us as Dr. Michael von der Horst, Senior Director for Cybersecurity Germany at Cisco, takes us through what we see out there “in the wild”. He will present effective defence and remediation strategies based on an integrated security architecture. Learn how you can gain the intelligence to uncover current and emerging threats, the visibility of activity across all devices and ports, anywhere, and stop phishing, malware, and ransomware earlier.
"Zero Trust" is the latest security buzzword from the vendors marketing department; but what it actually means for you means should vary depending on your business requirements.
Properly aligning security architecture to enable the business strategy of the organisation is the key to deliver a Zero Trust architecture. But the solution could be anything from implementing identity-aware firewalls to the extremes of "BeyondCorp"; Google's firewall-less global network when the security posture is identical whether you are in Starbucks or on the Google campus.
In this presentation, SailPoint will explain why Identity Analytics will change the way companies will think about CyberSecurity, by adapting ‘Predictive Governance’.
Predictive Governance will enable organizations to be more effective and efficient at governing access without increasing the risk.
Businesses are more data-driven than ever, but inaccurate and manipulated information threatens to compromise the insights that companies rely on to plan, operate, and grow. Unverified digital resource is a new type of vulnerability - one that is
chronically overlooked by digital enterprises. With autonomous, data-driven decision making, the potential harm from unverified digital resources become an enterprise-level existential threat. And then, there's a wider cybersecurity aspect and how to address the following:
- Data provenance verification - the history of data from its origin throughout its lifecycle (cradle to grave)
- Data Integrity verification - continually maintain good health and predictable state of data
- Data context usage - keep an eye on behaviour and context around data's use
User Behavior Analytics (UBA) or UEBA (User & Entity Behavior Analytics) is an important capability of a variety of products: Specialized solutions for UBA; IAM tools with built-in UBA capabilities; and various cyber-security products that also come with built-in UBA capabilities.
The question to start with is: What is UBA really and how does it differ from e.g. Threat Analytics, SIEM, Access Governance, and other capabilities? Where is the benefit of UBA? Is it a nice-to-have or must-have in these days of ever-increasing cyber-threats? And if we go for UBA: How do we do it right? As a separate tool or built-in capability? As an IAM capability, where identities and user accounts are managed, or as a SOC (Security Operations Center) capability? And what about privacy?
This session will look at the state of UBA and how to do it right to leverage the potential of UBA for increasing your cyber-attack resilience in your Enterprise Security initiative.
Having cloud software tools and services entering our core business processes, it becomes even more critical that we govern information across platforms, the diverse forms of data and at scale. Artificial Intelligence plays a significant role in enabling companies keep their business running faster, more protected in hybrid cloud environments, while optimizing the Hardware and Software stack.
Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.
The promise of every security solution is to detect the next attack, but verifying that claim is almost impossible. Attacks are extremely rare and tend to change: the ability to catch attacks that happened in the past say little about the ability to find things that will happen in the future and those breached are unlikely to share information and data about how that happened. In this presentation I will show the different approaches and metrics we found to measure the efficiency of the unsupervised machine learning algorithms commonly used in UBA products.
The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.
For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.
As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.
To stay competitive during the times of digital transformation, when business models and technology landscapes change daily, enterprises must reinvent many of their business processes to achieve new levels of agility and flexibility, and nowhere else this is more evident than in software development. As the demand for faster design, development and delivery of software is growing, organizations are adopting the DevOps methodology that fundamentally changes the ways software is produced.
With a strong focus on practices like continuous delivery, infrastructure as code and test automation, DevOps can do wonders for development productivity. Unfortunately, quite often this is done at the expense of governance and security, which many developers see more as obstacles that prevent them from achieving the desired level of agility. Adding the newest disruptive technologies like containers or microservices to the mix only makes the matters worse by opening an entire range of new possible attack vectors.
In this session, we’ll talk about the organizational and technological measures needed to close the rift between DevOps agility and strong IT security as well as have a look at some of the today’s most popular DevOps trends and discuss their biggest security challenges.
For many years now, the management of incidents has been a challenging, dynamic and somewhat accidental in response. Today, whatever the threat we face, there is zero margin for errors if affected and excuses are certainly a thing of the past. Planning for the worst-case scenario is now commonplace, yet is it tested? and who is involved? Developing the right strategy for your organisation and its operations is key to continued success and minimising the impact of any incident. This presentation intends to encourage the consideration of different approaches, thinking, and conversations upon your return to your organisation.
This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools. Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.
In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that allow them transforming the essence of their job from infrastructure protector to business enabler. In this keynote, we will explore how and why CISOs should now focus on value creation instead of value protection, getting from a defensive to a proactive approach.
Make or buy? Budget annihilator or business driver? Only 2 questions which must be answered when building up a Security Operation Center. How to address these questions and how to start a project to establish a Security Operation Center in a traditional German manufacturing company is content of this session.
- Start small, think big: Understand how to start a SOC project and deliver an added-value fast - Think big: Identify a SOC target vision which maps to your individual company situation - Be prepared: Learn about typical challenges during the SOC ramp-up process
Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. -API security basics -Avoiding bad security practices -Overcoming OAuth limitations -Managing authorization as a microservice
When we think of security in the OT / IoT space, we are very focused on technological measures and controls. However, the recent incidents in this field showed that security events are not only based on a failure of technical controls. The 2017 Triton malware attack on SaudiAramco is a good example of what can happen based on human behaviour. While the attacked Triconex SIS controller is protected by a physical switch, it seems that this switch has been left in program mode. The ongoing digitalization of operational technologies presents cyber security professionals a whole new challenge. Technical controls are just one part to successfully protect critical infrastructure, but we have to consider the human factor too. As 90% of cyber incidents are human-enabled (Verizon Data Breach Report 2017), this will be one of the main topics in security for critical infrastructure. How can these challenges be addressed, what are new and innovative ways to develop security solutions, create resilience and protection?
To handle the digital identities of customers efficiently is key to deliver valuable digital services. This entails a change of the core infrastructure, leading to a critical operation for many stakeholders and raising challenges in different domains. These challenges not only affect technical architecture and implementation, but also processes, communication and even organizational structures.
In this talk, we will give an overview of how Steinbergapproached those challenges. This includes topics like: - How to handle the huge complexity of such a project, technically and organizationally? - What is the impact and what are possible pitfalls of choosing a DevSecOps approach for such a project? - How to keep cost and development speed in balance? - How to handle shared responsibilities?
We will go into detail about the lessons learned: what went well, what went wrong, and what we would do differently, if we could start over again.
Zero Trust Security assumes that nothing in a companies ITinfrastructure like including users, endpoint devices, networks, and resources, is ever trusted. All interactions must be verified to decrease the chance of a security breach. Zero Trust Security ensures secure access to resources while significantly reducing the possibility of access by bad actors. In this paneldiscussion we will discuss the considerations companies should make before implementing Zero Trust Security and Zero Trust Security by Design.
Advanced analytical technologies will help organizations in their fight against cyber-attacks. These technologies assist in detecting potential attacks at an earlier stage, as well as enabling the identification of complex attack patterns that span various systems. In this panel we will discuss the role of AI in the future of cybersecurity, possibilities of using it as a weapon by adversaries and the possibility of developing preventing techniques using Machine Learning and Deep Learning.
The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.
More often we hear about the devastating effects the attack on critical infrastructure can have on the citizens of an affected city or a country. Yet we don't see large scale attacks yet being conducted. Panellist will discuss possible threats in todays world as well as the ways private sector and governments can collaborate to prevent such assaults on critical infrastructure.
In this discussion the panellists will speak about the types of attacks which enterprises should expect in coming years. The ways of DevOps integration into an enterprise security program will also be discussed together with best practice highlights.
Modern software development for cloud-native world requires continuous application security to go along with continuous integration, continuous delivery, and continuous deployment. Sadly, even well-established application security programmes often can’t operate at the speed and scale required. We will look into the ways of rethinking legacy security infrastructure and processes and how to adapt in the complex world of digital business and advanced attacks.
The principle of defense-in-depth remains a key design element for enterprise organizations. Although many have said that perimeters are going away, or identity is the new perimeter, the fact is that almost all enterprises still have perimeters. The names may have changed, and components may be declared “next-gen”, but there are still firewalls, VPNs, intrusion detection and prevention systems, etc. We will look at how new kinds of tools have become available to help protect against attacks from the application to the network layers.
Consumer Identity and Access Management (CIAM) encompasses many aspects. On the one hand, it is about optimizing the usability of services through technologies and practices to make it easier and secure for users sign up for a service. For the service providers, CIAM is all about lifecycle management of identities of many kinds - ensuring that accounts are set up, changed, and deactivated (or deleted) in a timely, accurate and secure manner. And for even more people, it focuses on security and compliance through technologies and practices that facilitate auditing and governance activities, such as recertification, easily and comprehensively.
Choosing and using the right components and services are critical to a successful CIAM deployment.
There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.
- More aggressive, complex and well organized: Cyber threat landscape on the rise
- Cyber Security – added value for industry 4.0?
- Industry 4.0 needs company-specific security strategies
The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels.
Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within the industry. This time, however, there has been a significant change not only in technology, but also within the fundamental business model of companies
Die Identitätslandschaft ist voll von IAM-Systemen, Identifikations- und Authentifizierungsanbietern, verschiedenen Technologiestandards und wird durch nationale sowie branchenspezifische Normen geregelt.
Die Lösung für dieses Problem ist die Interoperabilität der Lösungen indem der Markt vereint wird und die Integration bestehender Identitätsanbieter vereinfacht wird. Obwohl Blockchain neue ID-Lösungen liefern kann, löst sie nicht die Kernproblematik des Identitätsmarktes. Revolution wird durch die Evolution des bestehenden Marktes erreicht, nicht durch einen Big Bang.
Viele der neuen DID und Self-Sovereign Identitäts-Konzepten verlangen weitreichende neue Strukturen und Verfahren. Ihr Schwerpunkt ist der Austausch maschinell lesbarer Identitäts-Unterlagen zwischen Behörden und vertrauenden Geschäftspartnern. Anstatt Zwischenhändler abzuschaffen, so wie von den Blockchain Propheten versprochen, werden neue Führungsnetzwerke aufgebaut um technische Neuigkeiten traditionell zu verwalten.
Um den Dschungel von Authentifizierungsverfahren und digitalen Identitäten zu bändigen, werden oftmals Single Sign-on (SSO) Strukturen geschaffen. Dadurch wird es Nutzern ermöglicht viele Logins mit nur einer digitalen Identität zu verwalten und Authentifizierungsverfahren je nach Bedarf einer Applikation anzupassen. SSO-Applikationen haben jedoch einen entscheidenden Nachteil: Sie setzen ein Vertrauen in nur eine Instanz, z. B. den Entwickler der Applikationen, oder mehrere Instanzen voraus. Was wäre, wenn wir für jeden Onlinedienst oder berufliche Anwendungen nur einen einzigen Account bräuchten, der zudem noch ohne zentrale kontrollierende Instanz auskommt und ein hohes Maß an Sicherheit bietet? Blockchains erlauben mit inhärenter Sicherheit und Kryptographie die Entwicklung völlig neuartiger Identitätsstandards, die durch andere Lösungen wohl nur schwer zu realisieren sind. In diesem Vortag werden die Vorzüge der Blockchain Technologie dargestellt.
Wenn es um die Integration von Mobile Apps in die Single Sign-On-Umgebung geht, dann entstehen oft Interessenskonflikte zwischen Designern, der IT-Sicherheit und dem, was der Kunde wirklich möchte.
Welchen Einfluss hat das gewählte Login-Verfahren auf die Sicherheit und welche Ansätze haben sich in der Praxis bewährt? Wie kann ein Kompromiss aussehen, der sowohl den Kunden zufriedenstellt, aber trotzdem ein ausreichendes Sicherheitsniveau bietet? Erfahren Sie, welche Best Practices es gibt und welche Rolle OAuth 2.0 dabei spielt.
Customer Identity & Access Management und API Management sind als Business Enabler bekannt. Aber in Kombination sind sie sogar mehr als die Summe ihrer Teile.
Erfahren Sie, wie digitale Identitäten Ihrer Kunden und Ihrer APIs das digitale Ökosystem Ihrer Kunden infiltrieren, um sie noch stärker an Ihr Unternehmen zu binden. Verstehen Sie, warum die Weitergabe von Kontrolle an Dritte und externe Entwickler der Schlüssel zum Erfolg dieses Ansatzes ist und dass die Einhaltung von Standards Voraussetzung dafür ist.