KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the concepts behind Decentralized ID and its current state. Based on that introduction, he will share his perspectives on how Decentralized IDs can improve the cybersecurity posture of organizations for different use cases, including workforce, business partners, customers, and citizens.
At first, some insights into the background, purpose and history of the e-IDAS regulation are provided and the difference between the previous and the currently proposed e-IDAS version are explained very shortly. Core part of the presentation addresses the impact and main challenges, including the concerns expressed by various stakeholder groups. Finally, the expected timeline is given.
The promise of the DIW (Digital Identity Wallet), which is inspired by SSI (Self-Sovereign Identity), is to give the user more control of which data they are sharing with whom. But do the users really want this? User control was also the intention behind "The cookie law", which brings up annoying dialogs, where only the most dedicated will do anything but accept the default option. This is very similar to the GDPR consents, where you in most cases have no option but to accept, to be able to continue.
Artificial Intelligence is transforming how we live, work, and interact, bringing groundbreaking opportunities and notable challenges. As the influence of AI continues to grow, the pressing issues of governance and ethical considerations come to the forefront.
Martin, Scott, and Spray dive into this crucial discourse. Together, they will navigate the intricate landscape of AI regulations, exploring how to ensure these systems align with human values and societal standards. From the nuances of biases in decision-making algorithms to the broader societal implications of unchecked AI, the panelists will provide insights, debate solutions, and address the need for universally accepted ethical guidelines.
With diverse policy, ethics, and technology backgrounds, this panel promises a holistic overview of the ongoing challenges in AI governance. Attendees will gain insights into the path forward, ensuring AI serves humanity responsibly and ethically.
How do key human behaviours influence on how we look at AI and turn technology use in long term strategic advantage. Reflecting on learnings gained when operationalizing AI in a large multi-national starting more than 5 years ago, Christian is going to share how we can boost cyber resilience with a focus on security operations. We are going to investigate navigating common challenges when leveraging AI in a corporate environment and how to become a front runner within your organisation.
The results of a comprehensive 2023 study by KuppingerCole will be presented, providing invaluable foresight into cybersecurity trends and threats anticipated for 2024. Based on in-depth research, the discussion will illuminate a series of predictions and prepare participants for the evolving cyber landscape.
The conversation will touch upon emerging trends, new threat vectors, potential vulnerabilities, and anticipated advancements in cyber defense strategies. Insights from this study will equip organizations to preemptively bolster their cyber defenses, enhance resilience, and navigate the forthcoming challenges of the cyber domain with confidence and competence.
Anomaly & outlier detection today is far beyond human capacities. Artificial intelligence has become an important technology in cybersecurity, as algorithms can solve many problems better and faster than humans. AI-Driven data intelligence automates the discovery, management, and control of all user access. This allows you to not only make better and faster access decisions, but also to quickly spot and respond to potential threats. It empowers every worker with correct and timely access when they need it, proactively engages business users to identify risky access, and helps security professionals intelligently create and maintain access models in today’s dynamic IT environment. After all, Identity Governance is not just about security. It is Trust and Reputation Management.
Immerse yourself in an in-depth exploration of the strategies of incident management. Through critical examination of real-world cases and emerging trends, they illuminate the integral stages of effective incident response. The dialogue underscores the importance of strategic foresight, seamless communication, and constant progress, providing indispensable insights to strengthen cyber defenses and build resilience. This discussion ensures a compelling exchange of knowledge and tactics, serving as an indispensable tool for organizations in the ever-evolving landscape of cybersecurity threats.
The Elastic InfoSec team is responsible for securing Elastic’s globally distributed, remote-first workforce, and the planet scale, multi-cloud, Elastic Cloud platform.
Taking data driven approaches beyond the SIEM and applying them to the full scope of our InfoSec program, the resulting data fabric is the bedrock upon which insights, automation and AI can flourish. Learn how this approach has increased Elastic InfoSec visibility and enabled the team to distribute security responsibilities across the organisation, exponentially expanding our capability to protect Elastic from the threats of today and tomorrow, and establishing a robust foundation for AI implementation.
Paul Fisher delves into the multifaceted approach required to foster trustworthiness within complex software supply chains. This discussion begins by delineating the critical components of software supply chains and the potential risks associated with each link—from development and deployment to maintenance and decommissioning.
Key to establishing a chain of confidence is the adoption of transparent processes and tools that provide verifiable evidence of security at each step. The audience will be introduced to Software Bill of Materials (SBOM), cryptographic signing, and continuous integration/continuous deployment (CI/CD) pipelines fortified with automated security checks.
The talk will also consider the human aspect, emphasizing the need for cultivating a culture of security awareness and collaboration among stakeholders. This includes not only developers and security professionals but also suppliers, distributors, and end-users.
Finally, the talk will provide actionable insights and strategies for organizations to audit, monitor, and continuously improve their software supply chains.
In a world where everything and everyone is interconnected, traditional cybersecurity is outdated.
Zero Trust, a security framework that assumes nothing can be trusted implicitly, is the future.This presentation, "Zero Trust in a World of Everything, Everyone, Everywhere, All at Once," explores the fundamentals of Zero Trust and its relevance to our hyperconnected world.
The German railroad system is part of the national Critical Infrastructure, and hence all major train stations are fall under the KRITIS regulation. Recently, OT-(in)Security has drawn the attention of Threat Actors, and it is due time, to focus on securing Building Automation and Control system. The talk introduces to the challenges of managing a diverse and distributed technology landscape and how established solutions can help protect the infrastructure - or not...
This session provides palpable illustrations of the latest LLM technologies and hands-on suggestions on how to tackle the challenges arising from automated, emotionally aware, and generative AI prompted with malicious intent.
What will digital deception and trickery look like in the age where today’s youth become the standard bearers of our digital world? Times of e.g. required proof of personhood, predicted behavioural biometrics, and advanced data brokerage.
How are social engineering tools, tactics, and procedures evolving? What can we expect? And how can we prepare?
In this presentation, Emilie van der Lande, certified information privacy professional (CIPP/E) and certified by MIT in Artificial Intelligence’s implications on business and strategy, will explore prevention and detection tips to be a step ahead of the shifting paradigms of Cyber Deceptology.
In today’s volatile cyber landscape, threats are increasingly sophisticated (e.g. AI-powered ransomware and data exfiltration techniques), and the regulatory environment is ever-changing. Now more than ever, the responsibility falls on executives to spearhead effective incident response plans. This fireside chat with industry leaders Navroop Mitter, Matthew Welling, and Evan Wolff, unpacks the complexities executives face around incident response in this new cyber-normal. The panel will delve into the intricate interplay between AI-driven threats, end-to-end encrypted communications, and new regulatory landscapes both in the U.S and Europe, particularly in the light of recent legislative developments like the U.K.'s Online Safety Bill.
We will also introduce our groundbreaking joint publication featuring specialized tabletop exercises designed for the C-suite.
Asset management used to be easy, but not anymore. Where and how we work, the types and amount of devices we use, and the ways and places we store information have all changed.
What’s stayed the same, though, is the fact that knowing what’s in our environment is absolutely essential to securing it.
So, it’s time we say goodbye to manual asset inventory approaches, and hello to a modern approach to asset management — one that leverages existing data and automation to solve the challenges specific to cybersecurity.
Join this session to learn:
Security should cover more than just what we know. As a common practice, we define the scope of assessment including the systems, networks, applications, and data that will be assessed. Hackers, by their very nature, have no predefined scope. They often seek to exploit any entry points they can find, those we may consider less significant or even we aren't aware of yet. Unknown threats are lurking in the shadows! This talk will delve into how attack surface discovery and management contribute significantly to visibility, a pivotal foundation of effective cyber defense strategies.
When it comes to cybersecurity, many people focus on red/blue teams and technical measures such as servers, firewalls, encryption, and intrusion prevention systems. However, one crucial factor that is often overlooked is the human factor. All of these technical measures will count for nothing when it comes to matter of insider threats. Even the most robust cybersecurity measures can be rendered ineffective by social engineering threats.
In this keynote, I will present several use cases to demonstrate why it is essential to consider the human factor in any organization’s cyber threat landscape.
The word no company wants to hear became an unfortunate reality for one of the world’s largest independent development partners to the automotive and aviation industries — ransomware. The EDAG Group fell victim to an encryption Trojan that shut down their business-critical systems and IT systems. During this session Maria will be sharing her lessons learned and will be explaining her strategy that helped EDAG successfully restore their systems by leaning on Vectra AI as one of her anchors of trust.
Learn why the use of artificial intelligence (AI) through threat actors makes a "new security awareness" on the user side essential.
Key areas of focus:
- How can AI-based approaches increase the effectiveness of security awareness campaigns?
- Which security awareness measures have been proven to increase your security without spending a lot of resources?
- How does Threat Intelligence and Security Awareness as-a-Service work?
The speakers will show you how AI in threat intelligence and security awareness campaigns strengthen your threat protection!
The 2023 Cybersecurity Workforce Study identifies a daunting 4 million-person workforce gap. This shortfall in qualified candidates hampers industry growth. To tackle this challenge, the industry must broaden its recruitment scope, targeting individuals with potential to learn, including those from diverse backgrounds like business, arts, or engineering. Cultivating entry-level opportunities for students, young professionals, and career changers is vital for industry expansion. However, assessing cybersecurity aptitude in candidates without direct experience poses a challenge. Traditionally, the industry has lacked accessible entry points for newcomers. In this presentation, ISC2's CEO, Clar Rosso, advocates for a clear and adaptable pathway to cybersecurity careers, offering data-driven insights and strategies to ignite recruitment efforts and welcome new talent into the field.
Fraud is a major cost to businesses worldwide. Banking, finance, payment services, and retail are some of the most frequent targets of fraudsters. However, insurance, gaming, telecommunications, health care, cryptocurrency exchanges, government assistance agencies, travel and hospitality, and real estate are increasingly targeted as cybercriminals have realized that most online services trade in monetary equivalents. After years of being the focus of cybercriminals, banking and financial institutions are more likely to be better secured than other industries, meaning that fraudsters are increasingly likely to attack any potentially lucrative target if given the opportunity. Fraud perpetrators are continually diversifying and innovating their Tactics, Techniques, and Procedures (TTPs).
The most prevalent types of fraud businesses, non-profit organizations, and government agencies experience today are:
Account Takeover (ATO) Fraud - occurs when fraudsters use breached passwords, phishing, social engineering and credential stuffing attacks to execute unauthorized transactions.
Account Opening (AO) Fraud – also called New Account Fraud or Synthetic Fraud, often happens as a result of using stolen identities or assemblages of personal information to create synthetic digital IDs.
In this session we will provide an overview of Fraud Reduction Intelligence Platforms and show the highlights of our latest research in this area.
Join us on a journey through the current cybersecurity threat landscape and discover how Mimecast is the perfect companion to Microsoft Defender for Office 365 in order to defend against evolving email-based attacks using AI technology. Learn how you can make your everyday SOC and XDR processes more efficient through improved integration and automation of your security architecture thereby avoiding alert fatigue and the unnecessary repetition of manual, redundant tasks. By adopting a quantified risk-based approach, you can have increased efficacy of multi-layered security while simultaneously reducing complexity, all without the necessity of consolidating and increasing vendor dependency.
The realm of cloud security has been extensively covered in books and articles, yet a crucial aspect remains ripe for exploration. It revolves around the fundamental understanding of what your cloud service provider offers and, equally vital, where your responsibilities lie in the realm of cloud security.
When embarking on the journey of adopting a cloud service, the foremost question to answer is, "What aspects of security do I need to oversee?" In a traditional on-premises setting, roles are distinct: IT manages infrastructure, information and cybersecurity handles security, and application developers bear the responsibility for code integrity. However, the landscape is evolving, with many organizations embracing DevOps, where these responsibilities are often shared, and the lines between development and operations blur or vanish.
Regardless of organizational structure, the majority of security obligations reside within your company's domain when you use an on-prem environment. Transitioning from an on-premises environment to a cloud environment presents one of the most intricate challenges—a more intricate shared responsibility model for security.
In the context of cloud security, two paramount concerns need close attention.
The first is the risk of misconfiguration. In a cloud environment, misconfigurations can inadvertently expose sensitive data and vulnerabilities, underscoring the critical importance of ensuring that cloud services and resources are set up correctly to mitigate such risks.
The second concern is insider attacks. Cloud users often lack influence over the staff of cloud service providers, making it essential to consider the possibility of insider threats. While cloud service providers typically promise robust security measures in place, it's crucial for organizations to implement their own layers of security to safeguard against insider attacks and unauthorized access, fortifying the shared responsibility model in the cloud.
In my presentation, I will delve into these intricacies, providing valuable insights and real-world examples of what your cloud service provider can do, irrespective of your specific needs and/or preferences.
In today's dynamic cybersecurity landscape, safeguarding sensitive data and infrastructure from insider threats, while effectively monitoring supply chain and third-party users, is paramount. This presentation delves into the critical intersection of Insider Threat Management and NIS2 compliance, anchored in a detailed case study of a company subject to NIS2 regulations. We will explore a diverse toolkit and industry best practices tailored not only for achieving compliance, but also for streamlining cybersecurity processes through robust technical controls. Attendees will gain invaluable insights into seamlessly integrating cutting-edge tools and proven methodologies, ensuring unwavering compliance with NIS2 regulations while fortifying your security posture.
Zero trust is being embedded into law across the world enforcing privacy, data residency and consent. How do companies and governments share patient data global during a pandemic to measure the efficacy of a vaccine? How do financial services organisations share intelligence on suspected terrorist funding, money laundry or sanctions evasion? How is this achieved in the emerging world of data nationalism?
Developing a secure data sharing service is a complex proposition that need to embed change into operations.
Join this session to discuss:
Virtual Reality (VR) has moved beyond its status as a gaming technology. From sales events to military trainings, VR found its way into business applications, were security matters the most. However, along with its benefits, VR also introduces security and data protection challenges such as tracking of eye movements, deep fakes, and impersonation attacks.
This presentation introduces the risks of VR and explores strategies for securely integrating virtual worlds into our business environments.
As artificial intelligence continues its upward trajectory, a radical proposition emerges: Could AI take the helm of cybersecurity leadership? This bold discourse dives into the heart of this debate, exploring whether AI can effectively shoulder responsibilities traditionally assigned to a chief information security officer. Areas of exploration include AI's potential in threat detection, vulnerability assessment, and incident response.
But where does human judgment fit into this AI-dominated picture? Is the seasoned expertise of a CISO irreplaceable? This electrifying discussion stirs the pot of the future of cybersecurity leadership, grappling with the balance between emerging AI capabilities and indispensable human expertise.
Most contemporary digital identity discussions deserve another label: They are mostly about electronic trust ecosystems, considering all kinds of attributes beyond just pure identity. Additionally, nowadays they include natural persons, legal entities and (internet of) things. Everyone seems to agree the future is decentralized and all this only works with these curious wallets. Andre Kudra takes us on a journey through electronic trust ecosystems, diving into questions like: Which ones do we already have today? Some are successful, others not – why? Regulators are on it, too: What will eIDAS 2.0 and the EUDIW bring? What’s in the pipeline in other parts of the world? Will organizational digital identity (ODI) now invoke the breakthrough of decentralized identity overall? Why is decentralized identity the only way for Zero Trust Architectures which deserve the name?
Cyber risk isn’t just a technical problem but a strategic one. Through Cyber Risk Quantification CISO’s are enabled to quantify the financial benefit of their cyber security strategy and are empowered to communicate with the Executive Board on eye-level and get the buy-in that you need. Join this session to learn how other companies are finally getting full transparency on their cyber exposure, ensuring not only they’re making the right investments in cyber security but also getting the right ROI of such investments.
Comprehensive protection of networks, system infrastructures, hardware and software, applications and data is part of every cyber security strategy. But what does this actually mean for identity and access management? Unloved for many years and repeatedly declared dead: passwords. Large IT companies have been promising us a password-free future for a long time. Is it really that easy to finally turn your back on passwords? The fact is that we have to deal with a large number of passwords every day in order to complete our professional and private tasks. Every password should be unique, highly complex and as long as possible. But what does the frightening everyday life with passwords look like today, what will it hopefully look like in the future and why it is essential to deal with the topic right now, explains Daniel Holzinger in his lecture.
In the realm of cybersecurity, there's one truth we can't escape: Building secure products from the get-go is the most effective, cost-efficient, and innovative approach to achieving cyber resilience. With GenAI, we're in a new era of software industrialisation. Let's explore how crucial secure software engineering is in this new wave and what lessons we can learn from the past to avoid repeating our mistakes.
In this presentation Paul Fisher connects the dots between Henry Ford, Stanley Kubrick and AI. He explains how AI is useless without good data and good data for cybersecurity can only be prepared with expert human help. The end is not nigh, instead the AI tools now coming will make our jobs easier while elevating cybersecurity to new levels.
Automated Threats to web applications are according to the Open Web Applications Project (OWASP) a misuse of their inherent valid functionality by applying automated means. Usually, those automations are referred to as `bots´. The attackers usually reverse engineer the web application, e.g. an e-commerce platform, and based on their discovery, craft bots to exploit vulnerabilities or gaps that allow them to pursue their goal on the platform in an undesirable way. A famous example are sneaker bots, whose goal is to obtain a competitive advantage over human clients in purchasing hyped articles like sneakers. Addressing automated threats is a company-wide effort and requires to tackle the problem from many angles reaching from DevSecOps, architectural changes, raising awareness, establishing transparency in the business, implementing preventive controls, to detective controls. In the first phase of our research, we tackled the problem in a big e-commerce company on this entire spectrum of challenges and are now at the position to enhance our approach in a second phase. In the second phase, we aim for an approach to harden a web-application platform with existing detective and reactive controls using aspects of generative approaches and adversarial attacks while also considering explainability.
In the talk, we are going to explain and motivate the problem space, explain the insights from the first phase and outline the goals of the second phase of our research.
In the fast-paced and intricate world of cyber defense, the challenges are numerous and ever-evolving. Our "Forging Stronger Shields" panel convenes a group of esteemed Chief Information Security Officers who dive deep into the complexities of this digital age, drawing from their hands-on experiences and daily challenges. These seasoned professionals will delve into the nuances of the present-day cyber threat landscape, from advanced persistent threats to state-sponsored cyberattacks. They'll emphasize collaboration's crucial role in establishing effective defense strategies.
As they share tales from the trenches, the CISOs will explore the blend of human expertise and cutting-edge technology required to construct formidable barriers against cyber threats. Furthermore, they will shed light on fostering a pervasive culture of cybersecurity, emphasizing that this responsibility doesn't just lie with the IT department but spans from the boardroom to the break room.
This session will be an engaging dialogue as these experts navigate the intricate cybersecurity maze, reiterating that our collective strength and unity are vital in defending against sophisticated cyber adversaries. Be part of this conversation that aims to inform and catalyze a united front against cyber threats.
In today's digital age, traditional security models are no longer sufficient to protect against sophisticated cyber threats. That's where Zero Trust comes in – a security model that assumes that every user, device, and application is a potential threat until proven otherwise.
In this session, we will go through the criticality of the IAM in a zero trust security model. How by leveraging and implementing core IAM Technologies (IGA, Identity Federation and PAM) organisations can effectively manage identities, devices, enforcing access control principals like least privilege, continuous authentication, user behaviour analytics and can ensure that only authorised users have access to sensitive data and mission critical resources.
The panel will discuss the role of endpoint security in today’s world of WfA (Work from Anywhere), BYOD (Bring Your Own Device), and people commonly using multiple devices, as well as “beyond PC” and “beyond mobile” types of endpoints, including printers. How can efficient endpoint security become implemented, which are the obstacles, and how to overcome them? And which role does endpoint security play in the bigger picture.
In this session, I will give an overview of a number of emerging security and privacy technologies, such as advanced cryptography (e.g., lightweight cryptography, post-quantum cryptography, etc.), privacy-enhancing technologies (e.g., confidential computing, zero-knowledge proof, etc.), and blockchain, and discuss why and how organizations should consider building their cybersecurity strategies with these emerging technologies.
Discover the power of full-scale microsegmentation! Join us for an exciting presentation on this cutting-edge security solution that prevents lateral movement. Automated and agentless, effortlessly fortify your network against lateral movement attacks.
Don't miss this opportunity to safeguard privileged protocols like RDP, SSH, and WinRM required by IT but loved by attackers. As a bonus, unlock the ability to MFA any port, protocol, or app.
Deploys in one hour and protects your environment in just 30 days. Come see why Zero Networks was awarded “Best Global Startup” at GISEC & gain a competitive edge in today's rapidly evolving threat landscape.
1. Make a massive leap in your Zero Trust journey in just 30 days
2. Understand how auto-rule creation allows you to microsegment all your assets with little operational costs
3. Provide the ability to Just-in-Time MFA privileged protocols such as RDP, without the use of agents
4. Address 70%+ of the MITRE ATT&CK framework
5. Understand why Zero Networks is awarded the “Best Global Startup” at GISEC
The best CISO’s are never surprised! But now that SaaS apps like Salesforce, ServiceNow, or M365 have become mission-critical for organisations and process sensitive data, it's getting harder to keep track of the security metrics. CISO’s tell us they are flying blind and hope for the best. You shouldn't have to simply trust your app teams or run periodic third-party assessments to stay on top of how your SaaS is configured. What if you could define the security guardrails, which identities have access to which data, continuously monitor for drift, and be automatically alerted when a metric needs your attention? Nothing falls through the cracks. No more hope for the best, spreadsheets, and surprises.
Attackers follow the money. In a digital economy, this means targeting web apps and APIs to exploit vulnerabilities and abuse business logic, leading to data breach, account takeover, and fraud that can devastate your business. To effectively prevent these attacks, you need comprehensive, consistent security that protects your entire digital footprint.
F5 solutions reduce complexity in a hybrid and multi-cloud world so you can deliver secure digital experiences at scale—in the architecture you have now, and for the architecture you aspire to evolve your business into.
Traditional federation agreements are relatively static. It takes some effort to onboard an IdP and RP to each other, but once that trust is established, it's good until some exceptional event breaks the federation.
But what about a more dynamic world, one where trust comes and goes based on context? What if users could be provisioned dynamically into a space based on trust from elsewhere? What if an isolated space could still function in a disconnected state and still have powerful security properties? What if these isolated spaces could reconnect to the network and provide audit capabilities and security signaling to other components throughout the wide ecosystem? And what if all of this could be built on a layer of trusted software that didn't rely on pre-placing keys or accounts ahead of time?
Come to this talk to learn about Federation Bubbles, the proof of concept being built out on top of a suite of technology including OpenID Connect, OAuth, SPIFFE, Verifiable Credentials, and more.
The risk of being digitally vulnerable, or not being able to access basic services, affects us all. There can be no doubt that enhancing accessibility features across digital access journeys is tremendously important in helping people simply and safely connect with the digital world. But this doesn’t go far enough.
What you’ll learn from this session: How can adaptive, connected, and balanced digital identity go further in addressing universal digital vulnerability at the root, making sure no one gets left behind.
Attackers don’t sleep and find new ways to get into a company and move laterally through the environment. This session starts with an overview where we come from and the pure reactive approach of detecting someone in our network and then moving into the proactive way of security. Using the same tools for asset discovery, risk assessment and automatic checks for compliance of the customers environment.
So the solution should not just stop the attack, but before check automatically how an attacker possibly could come in and have a full overview of the environment including automatic risk factors for assets and overview combined with integrations with other solutions.
Additionally the task of risk management is stated in the new NIS2 directive and should be clearly a topic for all companies that are affected.
Vulnerability Management is more then ever an important building block when it comes to early detection of issues to allow a proactive counter measure. This is only possible if various organizational areas work hand in hand starting from the information security strategy, over architecture, engineering, operations and the business side. This needs to be embedded in an according information security framework that defines the rules and requirements based on which the vulnerability management service is operated. However, this approach is only complete with an according target operating model that defines the various building blocks that contribute to a successful end-to-end service.
As governments around the world increasingly turn to artificial intelligence (AI) to enhance their security, a myriad of complex challenges emerge. This presentation delves into the multifaceted landscape of applying AI to secure government operations.
Matthias offers a critical analysis of the EU's NIS2 Directive's intricate demands, drawing attention to the limitations of one-size-fits-all solutions. He advocates for customized compliance plans, underscoring the unique challenges across various entities, with special attention to the constraints faced by SMEs. And obviously the future interpretation of this EU directive into national regulation adds another layer of complexity.
Essential strategies such as comprehensive risk evaluations, continuous educational efforts, and advanced incident management protocols are emphasized as crucial for effective compliance, integrating cybersecurity deeply into the organization's core values beyond just adherence. The talk concludes with a perspective that views NIS2 compliance as a dynamic goal necessitating enduring dedication and flexible approaches.
As organizations seamlessly navigate between on-premises, cloud-based, and offline resources while harnessing the power of AI, the need to verify and manage user identities with precision has never been more vital. Strong identity-based access to applications not only fortifies security by allowing organizations to grant privileges based on verified identities, buy it also enables real-time threat detection, compliance adherence, and adaptive scalability. You’ll always know with certainty who is connecting to what and what they’re doing while they’re connected. Join us to explore how this approach empowers modern hybrid organizations to strike the delicate balance between safety, security, user experience and the transformative potential of true digitalization.
This session aims to explore the practicalities and paradigms of integrating AI identities into current and future digital infrastructures. Topics will include the regulatory and governance challenges posed by autonomous AI operations, the technical requirements for creating and managing AI identities, and the technical and even legal considerations of recognizing AI as identifiable entities, focusing on accountability and traceability within various frameworks.
Lack of control and controllability is increasingly a problem in many internal IT departments today. The complexity of the solutions used has steadily increased. It is therefore all the more important that information security systems are optimally set up and easy to operate and administer.
Establishing a risk class-based access management system makes sense for many reasons. In addition to meeting compliance requirements such as ISO27001, BSI IT-Grundschutz or industry standard 62443 and integrating seamlessly into a risk-based approach followed in the information security management system, this approach promotes the regaining of control over all possible accesses to company or organisational systems, regardless of these requirements.
Organizations nowadays are agile and tech-dependent, deploying updates frequently and relying ons 3rd parties. This leads to dynamic and complex digital systems with exposed and vulnerable assets. Testing frequency does not keep pace with development, is very noisy, and more than one-third of an organization’s attack surface is unknown to the organization. Autonomous ethical hacking powered by hackers and AI, can help tech teams to identify and mitigate vulnerabilities and manage their digital infrastructure continuously and accurately. By combining machine hacking with human hacking in a symbiotic relationship, machines can go in-breadth and automated (80% of tasks with 20% of impact ); while ethical hackers go customized and in-depth (20% of tasks with 80% of impact). The knowledge flows from humans to machines and the platform learns continuously through ML & AI. This allows to uniquely provide instant, continuous, accurate, and affordable security.
The surge in ransomware attacks has become one of our most pressing cybersecurity challenges. With attackers continuously adapting and refining their tactics, staying abreast of the latest developments and trends in this ever-evolving threat landscape is crucial.
Florian and Stefan explore the modern nuances of ransomware attacks in this panel. Discussions will revolve around cutting-edge techniques such as double extortion, where attackers deny access to data and threaten its public release, and the shift towards targeting operational technology, leading to real-world disruptions. Moreover, the panel will highlight the rise of decentralized ransomware models that utilize networks of affiliates and delve into the contentious debate around the ethics and implications of paying ransomware.
Beyond understanding the current ransomware landscape, attendees will be introduced to preventive measures, effective response strategies, and potential future trajectories of ransomware evolution. Join this insightful discussion to equip yourself with the tools and knowledge needed to navigate the complexities of ransomware in today's interconnected digital ecosystem.
Modelling Cyber Risk is hard. Only a few historical data in known quality exist. Cyber Risks occur with a low frequency but their impact and severity might be high in case they come to pass. In my session I will give an inside how we got started to quantify Cyber Risks and what the challenges are to derive conclusions for risk steering and capital allocation.
How can I effectively address cybersecurity vulnerabilities within my organization? Also, what are the implications of the Cyberresilience Act for this? EDITH, the European Digital Innovation Hub for Hesse, has extended an invitation to Dr. Steven Arzt, a cybersecurity expert from the Fraunhofer Institute for Secure Information Technology SIT, for a #DigiTalk session discussing best practices for Coordinated Vulnerability Disclosure.
Coordinated Vulnerability Disclosure (CVD) is the process with which ethical hackers report vulnerabilities in software and systems to manufacturers and system operators. Researchers commonly often assess the security status of a system or product independently, i.e., without a formal invitation, contract or integration into a company’s strategy. While these unasked-for vulnerability reports are still considered an insult by some companies, others openly embrace their value for strengthening the company’s IT security by interacting with the hacking and research communities. In his talk, Dr. Arzt shows how a proper CVD process can greatly benefit companies and the wider IT security community at the same time. It is shown how CVD can not only help identify and fix vulnerabilities, but also send a strong positive message about a company’s attitude towards IT security.
This presentation delves into the imperative task of redefining risk management in the era of Artificial Intelligence (AI). As AI reshapes industries, it also introduces unique risks and challenges. This abstract offers a glimpse into how traditional risk management approaches must evolve to effectively address the intricacies of AI-related uncertainties. Through real-world examples, it explores emerging concerns like algorithmic bias, privacy infringements, and unforeseen consequences. Attendees will gain insights into proactive strategies, including leveraging AI itself for risk assessment and mitigation. By the presentation's conclusion, participants will grasp the essential steps needed to navigate the uncharted territory of AI-driven risks, ensuring responsible and secure integration of this transformative technology.
The Digital Operational Resilience Act (DORA), which entered into force on 16 January 2023 and will apply from 17 January 2025, aims to enhance the digital operational resilience of entities across the EU financial sector and to further harmonise key digital operational resilience requirements for all EU financial entities. DORA sets out uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information and Communication Technologies) services to them, such as cloud computing or data analytics services. DORA creates a regulatory framework on digital operational resilience, whereby all financial entities need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across the EU, with the core aim to prevent and mitigate cyber threats. DORA is complemented with several “regulatory technical standards (‘RTS’)” which give more details on requirements for cyber security.
As the whole DORA legislation cannot be presented in a short timeframe, I will focus on the part that is most important to ensure cybersecurity and the part that is the most interesting one for the audience, the RTS on ICT Risk Management Framework. I will give a quick overview and highlight the topics, which will bring the most workload to the industry. The biggest challenges will be in the areas of Asset Management, Operations Security, Network Security and Encryption.
Hacked and what legally to do now? What are the most important steps and measures that companies should take to avert or minimise liability and reputational damage? Fabian Bauer will give exciting insights into the legal consulting practice and explain the essential legal do's and don'ts after a cyber-attacks.
When doing business in China, there are unique cybersecurity risks and complexities to consider. Experts in this field discuss these challenges in depth, pointing out potential vulnerabilities and strategies for prevention. The conversation covers topics such as China's cyber laws, the difficulties of technology collaboration, risks to intellectual property, and the importance of strong risk management strategies.
Additionally, the panel will explore how the business environment in China is changing and provide advice on how companies can secure their digital presence while striving for success in this market. The insights gained from this panel are invaluable for organizations looking to safely navigate this complex terrain.
What's happening with the growth and increase in Cyber Regulations in Europe? Why are authorities pushing more and more regulations that focus on Cyber Security and Risk Management? Does it really bring value for actual Cyber Security at a business? And how can (if not must) one prepare for this wind of change?
Picture this: your defenses are breached, and chaos ensues. What's your next move? In this engaging keynote address, led by an experienced CISO, we explore those crucial first hours in the wake of a cyber-attack. Through gripping real-world tales and firsthand insights, this keynote sheds light on the immediate steps and vital strategies necessary to minimize damage and restore normalcy. Discover the on-the-ground responses needed during high-stress moments and gain valuable guidance on crafting a resilient response plan for your organization.
AI actors are poised to eclipse the number of human users on the internet. Many industry observers have decried such growth, pointing to the immense risks that such a brave new world poses. How can security systems even keep up with the rate of expansion in AI technologies? How can enterprises hope to compete with the vast amounts of money, time, and resources that AI companies use to train their models? Such questions presage a significant evolution in the way the tech industry envisions, develops, and deploys security systems.
Fortunately, there’s a way forward, but it requires the cybersecurity market to shift toward a pattern that follows what AI vendors have done: make the science of biological systems the template for cybersecurity. Breakthroughs in social science, political science, evolutionary biology, and neuroscience demonstrate that our focus should be on establishing trustful relationships rather than a direct reliance on structural interventions such as identity management, attack surface management, and zero trust practices. The pathways that enable biological entities to come to trust and successfully collaborate with each other are known to science. In this presentation, Global Head of Research Mike Neuenschwander will delve into what changes are coming to the security market in order to achieve such levels of trust online. The presentation will provide a market roadmap for vendors, enterprises, governments, and standards organizations alike to create a security model that is highly collaborative and ultimately highly trustworthy.
Quantum computing has found its way into Deutsche Bahn's technology roadmap. In the session I’ll give an introduction where is it used, which use cases are being developed, which skills does the industry need? The key question is which risks do we expect and how can we prepare our organization against attacks, some keywords are NIST, PQC, crypto agility. I will give an overview of the international quantum landscape and its progress. You will get hands on advice how to establish a maturity model for quantum readiness and an enterprise program to become quantum ready.
The past weeks again have demonstrated that cybersecurity and geopolitics are inseparable. Cyber attacks have become a common element in geopolitical crisis as an additional vector for concrete attacks, but also for MDM (Misinformation, Disinformation, Malinformation). This also means that CISOs nowadays must take a broader perspective beyond technology. Geopolitics impact the cybersecurity of organizations, and organizations must adapt to this, both by adjusting their organizational structures and cybersecurity spendings as by extending their risk management approaches in a way that also helps in assessing the concrete cybersecurity impact of geopolitics.
The threat environment remains intense. Changing IT architectures present meaningful and operational risks for enterprises. Today’s cybersecurity market is highly fragmented. A number of trends including a shift towards platforms/suites are driving consolidation in cybersecurity. M&A is on top of the agenda for vendors as they seek to secure future growth and stay ahead of the innovation curve.
In an increasingly technologically interconnected world, cybersecurity teams are the defenders of digital frontlines. Looking ahead to the future, this session dives into the dynamic landscape of cybersecurity, and investigates the market segments’ evolution within it. Many things impact your cybersecurity preparedness and plans, such as new attack patterns, evolution of cybercrime techniques, and emerging technologies. We will discuss industry forecasts until 2025 and how businesses step towards optimal cybersecurity.
From AI driven decision-making to a massive amount of cybersecurity threats around the world, many events make fluctuations in the market, and whether you are a cybersecurity professional, an investor or passionate about IT security, this session will provide you valuable information about the current market sizes and the predictions until 2025.
You will find this session not only informative, but full of valuable insights that will enlighten your journey to secure your organization.
Cybersecurity is increasingly taking the front seat, from being considered as an afterthought to becoming a priority in policy, technical, economic, societal and even legal and environmental discussions. Given the increasing hyper-connectivity of everything and our growing online presence, the significance of cybersecurity cannot be overstated. We are constantly coming across new cyber threats and attacks, novel avenues are opening for adversaries, emerging technologies are changing the paradigm and cyber affairs are more and more linked to physical ones, leading to the notion of hybrid threats. ENISA, the EU Agency for Cybersecurity, has been monitoring the cybersecurity threat landscape for more than 10 years. In this talk, ENISA will discuss the current state of the EU cybersecurity threat landscape and discuss its evolution based on the foresight activities that the Agency utilizes to map the landscape, to identify future and emerging cybersecurity challenges
Time is moving fast in the IT-Security industry. The rise of AI brings new attacks for example as new and better redacted phishing emails. What are the risks and chances for Security Operations? What is the impact on identity and access management. How can AI be used to improve threat hunting. These are some of the topics presented here.
In today's interconnected European digital ecosystem, the importance of robust cybersecurity measures is more pronounced than ever. The Network and Information Security Directive and the Digital Operational Resilience Act emerge as pivotal landmarks in the EU's regulatory response to these challenges.
The cybersecurity landscape is complex and can be confusing even to experts. The Cyber Defense Matrix is a model that simplifies this landscape, enabling us to navigate it more easily and clearly communicate our plans to others. This workshop will explain the Matrix and how it can be used to build, manage, and operate a security program. By organizing technologies, skillsets, and processes against the Matrix, we can understand the problems we need to solve, what gaps exist, and what options are available to close those gaps.
Choosing the right software to meet your business needs today and in the future is both essential and challenging. Our workshop, "The Art of Choice," will guide you through five key areas of software selection:
Attendees will gain insight into software selection and decision making. Join us to deepen your understanding of "The Art of Choice" in software selection.
This interactive workshop will provide a practical approach to understanding and applying Zero Trust principles in creating your cybersecurity architecture.
We will focus on transitioning from traditional security perimeters to an identity-driven Cybersecurity Mesh, acting as the backbone for implementing the Zero Trust model. A detailed case study will guide you through the initial stages of incorporating Zero Trust principles into your current security landscape, identifying potential challenges, and offering methodical solutions.
The session will center on active learning through real-world examples, where participants will gain hands-on experience in shaping a resilient Cybersecurity Fabric. The workshop will conclude with participants developing a personalized roadmap to integrate Zero Trust principles into their cybersecurity systems seamlessly.
Join us to kickstart your Zero Trust journey, navigate its intricacies, and move towards a secure future with real-world applications and interactive problem-solving guidance.
When the worst happens, and your defenses are breached, how do you respond? This engaging workshop, led by an experienced CISO, takes you through the crucial first hours of a cyber-attack. Using real-world examples and first-hand experience, the workshop highlights the immediate steps and strategies essential to mitigating damage and restoring operations. It provides insight into the tactical responses required during these stressful moments and offers guidance on how to create a robust response plan to prepare your organization better.
Attendees can expect to walk away with a better understanding of incident response management and benefit from the lessons learned from past attacks. This is a rare opportunity to learn from the trenches and equip your organization with the resilience it needs in the face of cybersecurity threats.
The side effects of (re)generative AI impacting cyber security
The polarizing public discussion about ChatGPT and its siblings and the smokescreens of those responsible for technology and business behind the brands obscure a differentiated view on the non-obvious side effects of a completely overheated Chatbot rally. This makes it difficult to seriously address the partially mutually dependent side effects of the large-scale public use of this technology.
Employers in particular are torn between giving in to the tempting benefits of this technology while, at the same time, they have to live up to their responsibility towards the law, regulations such as ESG, their organizations and their digital assets, the society and the duty of care towards their employees. All of that without missing a beat of innovation in that field.
In this workshop, we'll jointly explore the missing questions that need individual answers for a conscious, responsible and security aware use of AI.
As a prelude to the captivating “Capture The Flag” competition, this session reveals what is in store for the second day of KuppingerCole's Cyberevolution conference. It provides a comprehensive overview, introducing the exciting concept of the CTF event, detailing the format, and introducing the various teams demonstrating their cybersecurity prowess. From observing industry veterans to identifying emerging talent, attendees will gain valuable insight into the strategies and approaches employed in this live competition.
This session will set the context for a dynamic event that blends competition, camaraderie, and practical problem-solving. Join us to understand the upcoming CTF competition, where theory and practice converge to challenge and inspire.
A demo of the XM Cyber platform will show you how we can visualize the different attack paths in your system for you. We can show you how a hacker moves laterally through your environment using many different techniques to arrive at your critical assets. And by knowing the different attack paths through your environment, the platform will show you how you have to prioritize your efforts to prevent more attacks without getting lost in long lists of vulnerabilities.
Welcome to the cyberevolution Conference Opening!
Berthold Kerl will kick off the cyberevolution Conference in Frankfurt from the 14th to the 16th of November. He will explain the idea behind "Anticipate - Innovate - Together," the triad that drives the future of cybersecurity. In today's rapidly evolving digital landscape, the role of AI in cybersecurity has never been more crucial. Throughout this opening, Berthold will explore the profound impact of AI on cybersecurity today and tomorrow, uncovering its potential to reshape defense strategies. Drawing on our expertise as a leading analyst firm in cybersecurity, KuppingerCole will share the trends and insights that demand your attention. These crucial themes will spark thought-provoking discussions, igniting anticipation for what defenders of cybersecurity must prepare for today and in the future.
During the conference, expect a dynamic agenda filled with thematic highlights, distinguished speakers, and interactive sessions. Our goal is to encourage active participation, collaboration, and discussions that enrich your knowledge and strengthen the collective defense against cyber threats. Moreover, be prepared to immerse yourself in a captivating and diverse range of events in our engaging framework. We've crafted a compelling and exciting program that complements the conference and ensures you make meaningful connections and lasting memories.
Let's embark on this transformative journey together at cyberevolution. Anticipate new possibilities, innovate to shape the future, and together, we'll empower cybersecurity defense for the challenges that lie ahead.
Get ready for an exceptional experience!
See you at cyberevolution!
Step into the future of cybersecurity in an engaging and enlightening keynote presentation featuring Jonathan Blanchard Smith from SAMI Consulting and Berthold Kerl, CEO of KuppingerCole. Join us as we unveil the outcome of extensive discussions with CISOs and cybersecurity experts, exploring the ramifications of SAFIRE scenarios on the digital realm.
The keynote commences with captivating short films that vividly illustrate the diverse future scenarios. Witness how technological advancements, societal shifts, economic fluctuations, environmental concerns, and political dynamics intertwine to shape the cyber landscapes of tomorrow.
Delve into thought-provoking discussions as we ponder the most effective means of safeguarding the future digital life for each scenario. Gain insights into the challenges and opportunities that lie ahead, and explore innovative approaches to bolstering cyber resilience in a rapidly evolving world.
By the end of this session, you will be equipped with a clearer vision of the future of cybersecurity. Embrace this unparalleled opportunity to comprehend the potential challenges and transformations that await us.
Don't miss this extraordinary keynote at cyberevolution, where groundbreaking minds converge to envision the digital frontier. Join us and embark on a journey to discover the cyber future that lies ahead.
After the enlightening keynote on navigating cyber futures via SAFIRE scenarios, brace yourself for an immersive panel discussion that delves deeper into the uncharted territories of cybersecurity. Joining the stage are distinguished futurists and CISOs from multinational companies, bringing their expertise to the forefront.
Together, we'll embark on an extraordinary odyssey, exploring the key takeaways from the SAFIRE scenarios and their profound implications on cybersecurity. Our panelists will share their visionary insights, drawing from their vast experience and global perspectives.
Engage in thought-provoking debates as our panelists envision the potential challenges and transformations that lie ahead. Unravel the strategic approaches and innovative tactics they propose to fortify cyber resilience in this dynamic digital age.
Don't miss this unparalleled opportunity to interact with pioneering minds in the field of cybersecurity. Collaborate, share ideas, and gain invaluable perspectives on safeguarding the digital realm of tomorrow.
Join us at cyberrevolution where the fusion of futurists and CISOs promises a compelling exploration of cybersecurity's uncharted territories. Register now and be part of this extraordinary panel, where the brightest minds converge to shape the future of cybersecurity.
With the introduction of ChatGPT, we have entered into the knowledge age. In this new economy, CISOs are presented with new challenges. This session explores three concerns arising from capabilities like ChatGPT but also three opportunities that CISOs are well positioned for in this new knowledge economy.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the role of identity security for succeeding in the digital journey and its impact on secure journeys, convenient journeys, and digital enablement of the 3C - customers, consumers, and citizens. He will discuss the role of identity security, the perfect organizational setup, and the business impact of doing digital identity right and secure.
The presentation will provide a framing to help attendees navigate the rapid transition from yesterday’s industrial age security paradigms to future approaches for sustaining reliable information systems.
The talk will identify 13 emerging non-technical information risk trends, ranging from human hallucination and cognitive narcissism to institutional paradigm collapse and perimeter fetishism to Capitalist power overreach (and several others) that are having current, real-world security impacts, but which remain unaddressed in cybersecurity strategies and deployments.
Solutions will be suggested and explored across business, operating, legal, technical, social, political, economic, biological and even evolutionary pathways, offering a toolkit of options that attendees can immediately apply in their organizations’ security program. Specific strategies for managing, de-risking and leveraging near and long-term personal and professional interactions in this steep part of the curve of exponential change will be suggested.
Even before Russia`s war of aggression against Ukraine upended the international order it was clear that a new form of “hybrid conflict” had become the new normal. While it may seem obvious that cyber means have long played a decisive role in this new form of state aggression, both the actors, targets, and goals are often misunderstood. Instead of cyberwar the battle is often information war, the means are ransomwar rather than ransomware, and there are only two types of potential victims - those that know they are a target, and those that do not yet know. But there are positive developments as well, and boards and the c-level are likely to be more receptive to their CISOs in the future – if they can craft the right messages.
Businesses, public institutions, and government agencies face various cybersecurity issues in an increasingly connected world. This welcome session highlights current and emerging cybersecurity challenges and trends as perceived through the lens of public leadership in Hesse.
From the intricacies of regulatory policy to the application of practical security measures, the discussion will provide a comprehensive understanding of the state's strategic approach to enhancing security and resilience. Attendees will gain unique insights into how government agencies shape cybersecurity trends and translate them into actionable support for stakeholders.