KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels.
Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within the industry. This time, however, there has been a significant change not only in technology, but also within the fundamental business model of companies
The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels.
Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within the industry. This time, however, there has been a significant change not only in technology, but also within the fundamental business model of companies
Wenn es um die Integration von Mobile Apps in die Single Sign-On-Umgebung geht, dann entstehen oft Interessenskonflikte zwischen Designern, der IT-Sicherheit und dem, was der Kunde wirklich möchte.
Welchen Einfluss hat das gewählte Login-Verfahren auf die Sicherheit und welche Ansätze haben sich in der Praxis bewährt? Wie kann ein Kompromiss aussehen, der sowohl den Kunden zufriedenstellt, aber trotzdem ein ausreichendes Sicherheitsniveau bietet? Erfahren Sie, welche Best Practices es gibt und welche Rolle OAuth 2.0 dabei spielt.
The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.
Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.
This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools. Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.
The principle of defense-in-depth remains a key design element for enterprise organizations. Although many have said that perimeters are going away, or identity is the new perimeter, the fact is that almost all enterprises still have perimeters. The names may have changed, and components may be declared “next-gen”, but there are still firewalls, VPNs, intrusion detection and prevention systems, etc. We will look at how new kinds of tools have become available to help protect against attacks from the application to the network layers.
To stay competitive during the times of digital transformation, when business models and technology landscapes change daily, enterprises must reinvent many of their business processes to achieve new levels of agility and flexibility, and nowhere else this is more evident than in software development. As the demand for faster design, development and delivery of software is growing, organizations are adopting the DevOps methodology that fundamentally changes the ways software is produced.
With a strong focus on practices like continuous delivery, infrastructure as code and test automation, DevOps can do wonders for development productivity. Unfortunately, quite often this is done at the expense of governance and security, which many developers see more as obstacles that prevent them from achieving the desired level of agility. Adding the newest disruptive technologies like containers or microservices to the mix only makes the matters worse by opening an entire range of new possible attack vectors.
In this session, we’ll talk about the organizational and technological measures needed to close the rift between DevOps agility and strong IT security as well as have a look at some of the today’s most popular DevOps trends and discuss their biggest security challenges.
There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.
More often we hear about the devastating effects the attack on critical infrastructure can have on the citizens of an affected city or a country. Yet we don't see large scale attacks yet being conducted. Panellist will discuss possible threats in todays world as well as the ways private sector and governments can collaborate to prevent such assaults on critical infrastructure.
In today’s cloud-connected world, the way we work has changed. But security has not. When over half of the PCs in most organisations are mobile, you need to protect your workforce wherever they access the internet – not just when they are in the office. You need to identify attacks as they are staged on the internet, so you can block them before they launch.
Join us as Dr. Michael von der Horst, Senior Director for Cybersecurity Germany at Cisco, takes us through what we see out there “in the wild”. He will present effective defence and remediation strategies based on an integrated security architecture. Learn how you can gain the intelligence to uncover current and emerging threats, the visibility of activity across all devices and ports, anywhere, and stop phishing, malware, and ransomware earlier.
The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.
For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.
As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.
An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and identifying anomalies and outliers. There are various technologies for doing so, focusing on network traffic, privileged user behavior, or access to unstructured data. All of these deliver to the one target: Mitigating risk of attacks.