KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
When we think of security in the OT / IoT space, we are very focused on technological measures and controls. However, the recent incidents in this field showed that security events are not only based on a failure of technical controls. The 2017 Triton malware attack on SaudiAramco is a good example of what can happen based on human behaviour. While the attacked Triconex SIS controller is protected by a physical switch, it seems that this switch has been left in program mode. The ongoing digitalization of operational technologies presents cyber security professionals a whole new challenge. Technical controls are just one part to successfully protect critical infrastructure, but we have to consider the human factor too. As 90% of cyber incidents are human-enabled (Verizon Data Breach Report 2017), this will be one of the main topics in security for critical infrastructure. How can these challenges be addressed, what are new and innovative ways to develop security solutions, create resilience and protection?
When we think of security in the OT / IoT space, we are very focused on technological measures and controls. However, the recent incidents in this field showed that security events are not only based on a failure of technical controls. The 2017 Triton malware attack on SaudiAramco is a good example of what can happen based on human behaviour. While the attacked Triconex SIS controller is protected by a physical switch, it seems that this switch has been left in program mode. The ongoing digitalization of operational technologies presents cyber security professionals a whole new challenge. Technical controls are just one part to successfully protect critical infrastructure, but we have to consider the human factor too. As 90% of cyber incidents are human-enabled (Verizon Data Breach Report 2017), this will be one of the main topics in security for critical infrastructure. How can these challenges be addressed, what are new and innovative ways to develop security solutions, create resilience and protection?
This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools. Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.
To handle the digital identities of customers efficiently is key to deliver valuable digital services. This entails a change of the core infrastructure, leading to a critical operation for many stakeholders and raising challenges in different domains. These challenges not only affect technical architecture and implementation, but also processes, communication and even organizational structures.
In this talk, we will give an overview of how Steinbergapproached those challenges. This includes topics like: - How to handle the huge complexity of such a project, technically and organizationally? - What is the impact and what are possible pitfalls of choosing a DevSecOps approach for such a project? - How to keep cost and development speed in balance? - How to handle shared responsibilities?
We will go into detail about the lessons learned: what went well, what went wrong, and what we would do differently, if we could start over again.
More often we hear about the devastating effects the attack on critical infrastructure can have on the citizens of an affected city or a country. Yet we don't see large scale attacks yet being conducted. Panellist will discuss possible threats in todays world as well as the ways private sector and governments can collaborate to prevent such assaults on critical infrastructure.
The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels.
Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within the industry. This time, however, there has been a significant change not only in technology, but also within the fundamental business model of companies
"Zero Trust" is the latest security buzzword from the vendors marketing department; but what it actually means for you means should vary depending on your business requirements.
Properly aligning security architecture to enable the business strategy of the organisation is the key to deliver a Zero Trust architecture. But the solution could be anything from implementing identity-aware firewalls to the extremes of "BeyondCorp"; Google's firewall-less global network when the security posture is identical whether you are in Starbucks or on the Google campus.
Viele der neuen DID und Self-Sovereign Identitäts-Konzepten verlangen weitreichende neue Strukturen und Verfahren. Ihr Schwerpunkt ist der Austausch maschinell lesbarer Identitäts-Unterlagen zwischen Behörden und vertrauenden Geschäftspartnern. Anstatt Zwischenhändler abzuschaffen, so wie von den Blockchain Propheten versprochen, werden neue Führungsnetzwerke aufgebaut um technische Neuigkeiten traditionell zu verwalten.
Um den Dschungel von Authentifizierungsverfahren und digitalen Identitäten zu bändigen, werden oftmals Single Sign-on (SSO) Strukturen geschaffen. Dadurch wird es Nutzern ermöglicht viele Logins mit nur einer digitalen Identität zu verwalten und Authentifizierungsverfahren je nach Bedarf einer Applikation anzupassen. SSO-Applikationen haben jedoch einen entscheidenden Nachteil: Sie setzen ein Vertrauen in nur eine Instanz, z. B. den Entwickler der Applikationen, oder mehrere Instanzen voraus. Was wäre, wenn wir für jeden Onlinedienst oder berufliche Anwendungen nur einen einzigen Account bräuchten, der zudem noch ohne zentrale kontrollierende Instanz auskommt und ein hohes Maß an Sicherheit bietet? Blockchains erlauben mit inhärenter Sicherheit und Kryptographie die Entwicklung völlig neuartiger Identitätsstandards, die durch andere Lösungen wohl nur schwer zu realisieren sind. In diesem Vortag werden die Vorzüge der Blockchain Technologie dargestellt.
Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. -API security basics -Avoiding bad security practices -Overcoming OAuth limitations -Managing authorization as a microservice
We got security wrong. Enterprise security is failing with two-thirds of organizations experiencing an average of five or more security breaches in the past two years, according to Forrester. Adding to the fervor is the impact of Cloud, Mobile, DevSecOps, Access. The entire experience of developing, deploying and protecting applications has forever changed. In today’s network perimeter-free world, organizations must adopt a Zero Trust Security model – and shift from ‘trust but verify; to assume users inside a network are no more trustworthy than those outside. And with the digital economy in full swing, the adoption of continuous integration and deployment brings with it new challenges, including greater attack surfaces as well as increased, complex compliance.
In this session, Dr. Torsten George, cybersecurity evangelist, will explain how the velocity of DevSecOps, security breaches, access to applications is creating the mandate for Zero Trust, and in doing so ushering in a new era of experiences – everything from how we securely develop and deploy apps, to how we authorize access for consumers and privileged users. Dr. George will outline how to enforce risk-based policy in real time, at the point of access. He’ll also provide tips on how to speed up analysis and greatly minimize the effort required to assess risk across today’s hybrid IT environments through the use of machine learning.
The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.
For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.
As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.
In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that allow them transforming the essence of their job from infrastructure protector to business enabler. In this keynote, we will explore how and why CISOs should now focus on value creation instead of value protection, getting from a defensive to a proactive approach.
The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.