KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In this presentation Paul Fisher connects the dots between Henry Ford, Stanley Kubrick and AI. He explains how AI is useless without good data and good data for cybersecurity can only be prepared with expert human help. The end is not nigh, instead the AI tools now coming will make our jobs easier while elevating cybersecurity to new levels.
In this presentation Paul Fisher connects the dots between Henry Ford, Stanley Kubrick and AI. He explains how AI is useless without good data and good data for cybersecurity can only be prepared with expert human help. The end is not nigh, instead the AI tools now coming will make our jobs easier while elevating cybersecurity to new levels.
In today's dynamic cybersecurity landscape, safeguarding sensitive data and infrastructure from insider threats, while effectively monitoring supply chain and third-party users, is paramount. This presentation delves into the critical intersection of Insider Threat Management and NIS2 compliance, anchored in a detailed case study of a company subject to NIS2 regulations. We will explore a diverse toolkit and industry best practices tailored not only for achieving compliance, but also for streamlining cybersecurity processes through robust technical controls. Attendees will gain invaluable insights into seamlessly integrating cutting-edge tools and proven methodologies, ensuring unwavering compliance with NIS2 regulations while fortifying your security posture.
How can I effectively address cybersecurity vulnerabilities within my organization? Also, what are the implications of the Cyberresilience Act for this? EDITH, the European Digital Innovation Hub for Hesse, has extended an invitation to Dr. Steven Arzt, a cybersecurity expert from the Fraunhofer Institute for Secure Information Technology SIT, for a #DigiTalk session discussing best practices for Coordinated Vulnerability Disclosure.
Coordinated Vulnerability Disclosure (CVD) is the process with which ethical hackers report vulnerabilities in software and systems to manufacturers and system operators. Researchers commonly often assess the security status of a system or product independently, i.e., without a formal invitation, contract or integration into a company’s strategy. While these unasked-for vulnerability reports are still considered an insult by some companies, others openly embrace their value for strengthening the company’s IT security by interacting with the hacking and research communities. In his talk, Dr. Arzt shows how a proper CVD process can greatly benefit companies and the wider IT security community at the same time. It is shown how CVD can not only help identify and fix vulnerabilities, but also send a strong positive message about a company’s attitude towards IT security.
When it comes to cybersecurity, many people focus on red/blue teams and technical measures such as servers, firewalls, encryption, and intrusion prevention systems. However, one crucial factor that is often overlooked is the human factor. All of these technical measures will count for nothing when it comes to matter of insider threats. Even the most robust cybersecurity measures can be rendered ineffective by social engineering threats.
In this keynote, I will present several use cases to demonstrate why it is essential to consider the human factor in any organization’s cyber threat landscape.
In today's interconnected European digital ecosystem, the importance of robust cybersecurity measures is more pronounced than ever. The Network and Information Security Directive and the Digital Operational Resilience Act emerge as pivotal landmarks in the EU's regulatory response to these challenges.
Cyber risk isn’t just a technical problem but a strategic one. Through Cyber Risk Quantification CISO’s are enabled to quantify the financial benefit of their cyber security strategy and are empowered to communicate with the Executive Board on eye-level and get the buy-in that you need. Join this session to learn how other companies are finally getting full transparency on their cyber exposure, ensuring not only they’re making the right investments in cyber security but also getting the right ROI of such investments.
Attackers follow the money. In a digital economy, this means targeting web apps and APIs to exploit vulnerabilities and abuse business logic, leading to data breach, account takeover, and fraud that can devastate your business. To effectively prevent these attacks, you need comprehensive, consistent security that protects your entire digital footprint.
F5 solutions reduce complexity in a hybrid and multi-cloud world so you can deliver secure digital experiences at scale—in the architecture you have now, and for the architecture you aspire to evolve your business into.
This presentation delves into the imperative task of redefining risk management in the era of Artificial Intelligence (AI). As AI reshapes industries, it also introduces unique risks and challenges. This abstract offers a glimpse into how traditional risk management approaches must evolve to effectively address the intricacies of AI-related uncertainties. Through real-world examples, it explores emerging concerns like algorithmic bias, privacy infringements, and unforeseen consequences. Attendees will gain insights into proactive strategies, including leveraging AI itself for risk assessment and mitigation. By the presentation's conclusion, participants will grasp the essential steps needed to navigate the uncharted territory of AI-driven risks, ensuring responsible and secure integration of this transformative technology.
The past weeks again have demonstrated that cybersecurity and geopolitics are inseparable. Cyber attacks have become a common element in geopolitical crisis as an additional vector for concrete attacks, but also for MDM (Misinformation, Disinformation, Malinformation). This also means that CISOs nowadays must take a broader perspective beyond technology. Geopolitics impact the cybersecurity of organizations, and organizations must adapt to this, both by adjusting their organizational structures and cybersecurity spendings as by extending their risk management approaches in a way that also helps in assessing the concrete cybersecurity impact of geopolitics.
Lack of control and controllability is increasingly a problem in many internal IT departments today. The complexity of the solutions used has steadily increased. It is therefore all the more important that information security systems are optimally set up and easy to operate and administer.
Establishing a risk class-based access management system makes sense for many reasons. In addition to meeting compliance requirements such as ISO27001, BSI IT-Grundschutz or industry standard 62443 and integrating seamlessly into a risk-based approach followed in the information security management system, this approach promotes the regaining of control over all possible accesses to company or organisational systems, regardless of these requirements.
Traditional federation agreements are relatively static. It takes some effort to onboard an IdP and RP to each other, but once that trust is established, it's good until some exceptional event breaks the federation.
But what about a more dynamic world, one where trust comes and goes based on context? What if users could be provisioned dynamically into a space based on trust from elsewhere? What if an isolated space could still function in a disconnected state and still have powerful security properties? What if these isolated spaces could reconnect to the network and provide audit capabilities and security signaling to other components throughout the wide ecosystem? And what if all of this could be built on a layer of trusted software that didn't rely on pre-placing keys or accounts ahead of time?
Come to this talk to learn about Federation Bubbles, the proof of concept being built out on top of a suite of technology including OpenID Connect, OAuth, SPIFFE, Verifiable Credentials, and more.
Time is moving fast in the IT-Security industry. The rise of AI brings new attacks for example as new and better redacted phishing emails. What are the risks and chances for Security Operations? What is the impact on identity and access management. How can AI be used to improve threat hunting. These are some of the topics presented here.
Matthias offers a critical analysis of the EU's NIS2 Directive's intricate demands, drawing attention to the limitations of one-size-fits-all solutions. He advocates for customized compliance plans, underscoring the unique challenges across various entities, with special attention to the constraints faced by SMEs. And obviously the future interpretation of this EU directive into national regulation adds another layer of complexity.
Essential strategies such as comprehensive risk evaluations, continuous educational efforts, and advanced incident management protocols are emphasized as crucial for effective compliance, integrating cybersecurity deeply into the organization's core values beyond just adherence. The talk concludes with a perspective that views NIS2 compliance as a dynamic goal necessitating enduring dedication and flexible approaches.
