KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the data.
Couldn’t less be more? But what is the right answer? Just retiring some tools? Consolidating to new solutions such as XDR? Replacing old tools with the newest best-of-breed solutions?
As always, best start with a plan, and with defined methods to evaluate the contribution of the various tools you have to your targets. The plan must help you in understanding which elements you need most for protecting your IT. On the other hand, you must understand how well your existing tools landscape contributes to this.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will unveil methodologies that can help you in assessing your cybersecurity tools portfolio, and that can help you in deciding about where to invest next.
Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the data.
Couldn’t less be more? But what is the right answer? Just retiring some tools? Consolidating to new solutions such as XDR? Replacing old tools with the newest best-of-breed solutions?
As always, best start with a plan, and with defined methods to evaluate the contribution of the various tools you have to your targets. The plan must help you in understanding which elements you need most for protecting your IT. On the other hand, you must understand how well your existing tools landscape contributes to this.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will unveil methodologies that can help you in assessing your cybersecurity tools portfolio, and that can help you in deciding about where to invest next.
This presentation will explore the role of privacy in building enterprise resilience.
As the intensity and sophistication of cyber-attacks continues to increase amidst an uncertain threat landscape, enterprises are actively looking to embrace security automation as a potential solution. With machine learning developments maturing at a rapid pace, security automation has become increasingly practical and is the need of the hour to stem the tide of cyber attacks that are becoming bigger, faster and stealthier. Amidst the backdrop of state-sponsored attacks that can circumvent traditional defense systems, this panel will explore the need for security automation and automated threat intelligence, and will dive into best practices for implementing such initiatives in enterprise.
Thanks to cybersecurity technologies such as Privilege Access Management and security concepts like Zero Trust, we now have the capacity to secure all digital access, from the cloud to IoT.
Digital access in software and hardware must be secure by design to minimize risk as much as possible. We have seen official agencies including the US and UK governments signing off expansive cybersecurity executive orders to boost national security, and cybersecurity chiefs pushing for the inculcation of security by design in software.
However, the technology itself is not enough to build a trusted digital world. To cultivate this world, we need to raise general cybersecurity awareness for all citizens. This is no easy feat, so the first logical step is to focus on building knowledge and awareness in business schools, mentoring the directors of the future because they will have to learn how to deal with cyber risk daily.
To bring a trusted digital world to life, we must also disrupt the political sphere in the UK and surrounding European countries. The European continent must become a leader in digital sovereignty – where data protection and privacy are respected by all – by cross-country collaboration and the establishment of a European Business Act. European countries are democracies that produce large amounts of data, so to achieve this act, we must create a separate European model that protects and respects our valuable data.
Key takeaways:
• Educate attendees on the concept of digital sovereignty
• Build interest in the better protection of our data
• Provide attendees with the appropriate tools and knowledge to start working towards making digital sovereignty a top priority for their organisation and beyond
• Inspire attendees to collaborate with other departments and countries to create a more trusted digital sphere
In this talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will provide insights on Digital Supply Chain Risk. He will look at the areas of risks, from secure partner onboarding to software supply chain security and others. He will look at prominent examples and common weaknesses in these areas. He then will provide insight into actions that organizations should and must take, both organizational and technical.
SBOM offers multiple ways of getting under the covers of your and other provider's software resilience. Implemented properly, SBOM not only increases code and library transparency with a a much better chance to catch hidden software flaws much more quickly and potentially ahead of your adversaries, but is it worth the pain coming with it?
This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.
For big companies like Mercedes, there is no generic zero trust implementation to deliver the values for customer, workforce, suppliers and logistics. It is unlikely to have a greenfield implementation as there is a rich fundament of processes, technologies and business uses cases need to be covered. This presentation describes how to build a holistic view of your ecosystem, understand your maturity, develop a reference architecture for your vision and then come up with a continuous transformation to achieve the targets using a value and risk driven approach.
Over simplifying, IT security means defending the IT systems from threats procured by cybercriminals. Their targets are, for example, the manipulation of systems, the extorsion or exfiltration of data, and the interruption or alteration of services. However, what happens if we have humans instead of IT systems? Given that the scope of an attacker is always the same, as aforementioned, attacking a human is an entirely different process, and the attack tactics must change. This well-known fact involves social engineering and human sciences (e.g., psychologists or behavioural sciences instead of informatics). However, from the cyber security side of the coin, what does it imply dealing with humans? What does it mean, for example, to perform convincing penetration testing or vulnerability scanning to deeply test human weaknesses: it is not merely a problem of sending a phishing email and waiting for clicks. How can be done a threat analysis or threat intelligence on humans? Moreover, how can a company calculate the cyber risk that a human represents and how many effective ways to reduce it? If we fully put humans (either as employees or IT security operators) at the centre of cybersecurity, the questions become several.
The problem is complex because, by its nature, it is multicultural and requires different non-technical competencies. It includes experts in philosophy, political science, cyber sociology, pedagogy, acting performance, etc., collaborating with cybersecurity experts. Facing the human element of security is a genuinely multicultural and interconnected approach. Furthermore, humans are coincidentally “human” and not machines: there are also ethical and legal issues to consider, and their reactions change during the day. The talk will explore and present a comprehensive view of what happens when there are not the IT systems but the humans at the centre of cybersecurity.
Attackers are expected to leverage the uncertain geopolitical landscape to carry out advanced cybercrime attacks, leaving businesses susceptible to intrusions that could have potential second and third-order effects on their operations.
In this panel session, leading CISOs provide a blueprint to identify attackers and improve your odds of mitigating cyber-attacks, manage stakeholder coordination and address best practices to harden cyber defenses amidst the exceptional risk environment organizations find themselves in.
Ransomware attacks continue to increase in frequency and severity. Every organization needs a ransomware and malware resilience plan. Three major components of such plans should include deploying Endpoint Security solutions, keeping computing assets up to date on patches, and backing up data. In this session, we'll look at trends in ransomware as well as review the results of the KuppingerCole Leadership Compass on Endpoint Protection Detection & Response (EPDR) solutions.
Zero trust has been around in one shape or form in security for many years, usually under different names like the "Principle of least privilege" or "Mandatory Access Control'. It exists for a good reason, and needs to be re-enforced. But for any cloud native vendor, Zero Trust should be table stakes at this point. Zero knowledge at the organizational level, and not just Zero knowledge encryption, is the next evolution of security best practices. Join us to learn more.