KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Markus Malewski, Head of SOC / SIEM at thyssenkrupp gives an insight how thyssenkrupp re-formed the Security division after the Winnti attack in 2016, why the company is so well prepared for current and future challenges and how the solutions of Elastic help to achieve those. Jörg Hesske, AVP CEMEA at Elastic shows how Elastic Security helps SecOps teams to protect their company against threats quickly and precisely with an integrative security approach.
Experts define Operational Technology (OT) as «hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.»
OT differs from IT, in terms of functionalities, the culture of operators and threats. In recent months, we witness an increasing convergence of IT and OT systems. This area is a novel and rapidly expanding one for both cybercrime and industry. Recent IBM’s 2020 X-Force Threat Intelligence Index summarizes that attacks targeting operational technology (OT) infrastructure increased by over 2000 per cent in 2019 compared to the previous year. The COVID-19 pandemic accelerated these trends: it is the digital accelerant of the decade and accelerated companies’ digital transformations by approximately a global average of 6 years.
For example, one of the impacts of COVID-19 –at least until a vaccine is discovered– is the reduction of on-site staff. In the case of OT systems, this put a strain on the already limited resources and required an increase in external connectivity. The result is the numerous industrial plants exposed to, for example, ransomware attacks.
From a bird-fly point of view, IT and OT are still missing a holistic approach that includes cybersecurity, physical security and cyber-physical security, an integrated cyber-risk estimation and governance models able to span across IT and OT domains. Overall the primary need concentrates around as reconciliation of IT Security (typically built on Confidentiality-Integrity-Availability paradigm) with OT Cybersecurity (which fundamental properties are instead Safety-Reliability-Productivity).
- Status of IT and OT security
- long term impacts of the pandemic on the digital transformation agenda of industry
- Main challenges and trends for the IT and OT security
- Some possible solutions
A flexible architecture is an absolute must in order to keep pace with new challenges within a constantly evolving landscape. Christopher Schütze, Cybersecurity Practice Director and Lead Analyst at KuppingerCole, will look at methodologies that help to structure, reorganize, and extend the existing Cybersecurity landscape within your organization. He will examine current topics such as “Information is the new oil” and “Trust only with verification – Zero Trust” and how you can integrate this into your strategy. Information security and ensuring a high level of trust must be a fundamental part of Cybersecurity strategies in the years to come. This will help you to make the right choices and improve overall security, and learn how to be safer with security.
Is your cybersecurity as fast as your business? Finding the right strategy to secure the growing speed and diversity of DevOps driven application development and dynamic infrastructures is hard. To master this journey, organisations have not only to adapt new security controls but in most cases to redefine their cybersecurity strategy and traditional approaches such as Defence-in-Depth and Zero Trust Architectures from scratch.
In this session, you will learn the FIRST PRINCIPLES how to align the pace of your cybersecurity to your business speed from both perspectives: a cybersecurity expert and a former developer.
When navigating a big ship, it is crucial to know your position and the course you set. In this case, the ship is a symbol for a company planning its investment in cyber security. In practice, the overall strategic view is often obscured or missing. An assessment of the cyber maturity level will give a better understanding of the position as well as the direction, considering the specific risks. A risk-based approach allows investments in cybersecurity to have the greatest possible, measurable impact.
In 2020 organizations have been forced to accelerate their digital transformation plans to meet the needs of a more digital engaged end user. From remote workforces to shifts to online commerce, nearly every industry has had to adopt to this new reality. This has resulted in rapid cloud service adoption and a need for integration of existing on-premises investments with them. But today's Hybrid Cloud reality needs a comprehensive security policy that encompasses newly acquired cloud technologies all the way down to legacy on premises applications which provide business critical capabilities. In this presentation, we will discuss the characteristics needed in an Identity and Access Management platform that will allow organizations to quickly get address new security issues while allowing for a smooth digital transformation at their own pace.
Security is Culture – and culture starts with people (not technology!) The complex topic of SAP-security is a massive challenge for the almost 500.000 companies worldwide using SAP. The challenges are the same for everyone, and it is the combined corporate responsibility of the C-Level and all employees to protect the enterprise from threats. These core applications can be secured by focusing on the 3 main attack vectors: People, Processes, and Technology. Within this keynote, Jochen Fischer shares what needs to be done to define clear ownership and responsibilities for SAP-security. Enabling people to understand the risk in SAP is fundamental to design a sustainable strategy that is based on the individual risk profile of each individual company. It is time to stop the monkey business when it comes to mission-critical topics like security. As independent expert, Jochen Fischer provides state-of-the-art methodologies to deliver the right people the suitable skills required to protect SAP without burning money on tools that have no or limited effect on corporate cyber resilience.