Event Recording

Assessing your Cybersecurity Tools Portfolio: Optimize Cost, Increase Security

Show description
Speaker
Martin Kuppinger
Principal Analyst
KuppingerCole
Martin Kuppinger
Martin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focused information security, both in classical and in cloud environments. Prior to KuppingerCole, Martin wrote more than 50 IT-related books and is known  as a widely-read columnist...
View profile
Playlist
Cybersecurity Leadership Summit 2022
Event Recording
Resilience and the Need for Privacy
Nov 09, 2022

This presentation will explore the role of privacy in building enterprise resilience.

Event Recording
Panel | Best Practices for Implementing Enterprise Security Automation for Threat Detection and Intelligence
Nov 10, 2022

As the intensity and sophistication of cyber-attacks continues to increase amidst an uncertain threat landscape, enterprises are actively looking to embrace security automation as a potential solution. With machine learning developments maturing at a rapid pace, security automation has become increasingly practical and is the need of the hour to stem the tide of cyber attacks that are becoming bigger, faster and stealthier. Amidst the backdrop of state-sponsored attacks that can circumvent traditional defense systems, this panel will explore the need for security automation and automated threat intelligence, and will dive into best practices for implementing such initiatives in enterprise.

Event Recording
How to Build a Trusted Digital World Through Collaboration
Nov 09, 2022

Thanks to cybersecurity technologies such as Privilege Access Management and security concepts like Zero Trust, we now have the capacity to secure all digital access, from the cloud to IoT.

Digital access in software and hardware must be secure by design to minimize risk as much as possible. We have seen official agencies including the US and UK governments signing off expansive cybersecurity executive orders to boost national security, and cybersecurity chiefs pushing for the inculcation of security by design in software.

However, the technology itself is not enough to build a trusted digital world. To cultivate this world, we need to raise general cybersecurity awareness for all citizens. This is no easy feat, so the first logical step is to focus on building knowledge and awareness in business schools, mentoring the directors of the future because they will have to learn how to deal with cyber risk daily.

To bring a trusted digital world to life, we must also disrupt the political sphere in the UK and surrounding European countries. The European continent must become a leader in digital sovereignty – where data protection and privacy are respected by all – by cross-country collaboration and the establishment of a European Business Act. European countries are democracies that produce large amounts of data, so to achieve this act, we must create a separate European model that protects and respects our valuable data.

Key takeaways:

• Educate attendees on the concept of digital sovereignty

• Build interest in the better protection of our data

• Provide attendees with the appropriate tools and knowledge to start working towards making digital sovereignty a top priority for their organisation and beyond

• Inspire attendees to collaborate with other departments and countries to create a more trusted digital sphere

Event Recording
Successfully tackling your Digital Supply Chain Risk
Nov 09, 2022

In this talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will provide insights on Digital Supply Chain Risk. He will look at the areas of risks, from secure partner onboarding to software supply chain security and others. He will look at prominent examples and common weaknesses in these areas. He then will provide insight into actions that organizations should and must take, both organizational and technical.

 

Event Recording
Software Bill of Material - a Way to Prevent Black Swan Events?
Nov 09, 2022

SBOM offers multiple ways of getting under the covers of your and other provider's software resilience. Implemented properly, SBOM not only increases code and library transparency with a a much better chance to catch hidden software flaws much more quickly and potentially ahead of your adversaries, but is it worth the pain coming with it?

Event Recording
Managing the Cyber Security Technical Debt: How did we get there? And what to do about it?
Nov 10, 2022

This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.

Event Recording
Continuous Zero Trust Transformation using a Value and Risk Driven Approach
Nov 10, 2022

For big companies like Mercedes, there is no generic zero trust implementation to deliver the values for customer, workforce, suppliers and logistics. It is unlikely to have a greenfield implementation as there is a rich fundament of processes, technologies and business uses cases need to be covered. This presentation describes how to build a holistic view of your ecosystem, understand your maturity, develop a reference architecture for your vision and then come up with a continuous transformation to achieve the targets using a value and risk driven approach.

 

Event Recording
Rethinking Cybersecurity From the Human Element Point of View
Nov 10, 2022

Over simplifying, IT security means defending the IT systems from threats procured by cybercriminals. Their targets are, for example, the manipulation of systems, the extorsion or exfiltration of data, and the interruption or alteration of services. However, what happens if we have humans instead of IT systems? Given that the scope of an attacker is always the same, as aforementioned, attacking a human is an entirely different process, and the attack tactics must change. This well-known fact involves social engineering and human sciences (e.g., psychologists or behavioural sciences instead of informatics). However, from the cyber security side of the coin, what does it imply dealing with humans? What does it mean, for example, to perform convincing penetration testing or vulnerability scanning to deeply test human weaknesses: it is not merely a problem of sending a phishing email and waiting for clicks. How can be done a threat analysis or threat intelligence on humans? Moreover, how can a company calculate the cyber risk that a human represents and how many effective ways to reduce it? If we fully put humans (either as employees or IT security operators) at the centre of cybersecurity, the questions become several.

The problem is complex because, by its nature, it is multicultural and requires different non-technical competencies. It includes experts in philosophy, political science, cyber sociology, pedagogy, acting performance, etc., collaborating with cybersecurity experts. Facing the human element of security is a genuinely multicultural and interconnected approach. Furthermore, humans are coincidentally “human” and not machines: there are also ethical and legal issues to consider, and their reactions change during the day. The talk will explore and present a comprehensive view of what happens when there are not the IT systems but the humans at the centre of cybersecurity.

Event Recording
CISO Panel | Mitigating State Sponsored Attacks in Cyber-Space
Nov 09, 2022

Attackers are expected to leverage the uncertain geopolitical landscape to carry out advanced cybercrime attacks, leaving businesses susceptible to intrusions that could have potential second and third-order effects on their operations.

In this panel session, leading CISOs provide a blueprint to identify attackers and improve your odds of mitigating cyber-attacks, manage stakeholder coordination and address best practices to harden cyber defenses amidst the exceptional risk environment organizations find themselves in. 

Event Recording
Exploring the role of Endpoint Security in a Ransomware Resilience Plan
Nov 10, 2022

Ransomware attacks continue to increase in frequency and severity. Every organization needs a ransomware and malware resilience plan. Three major components of such plans should include deploying Endpoint Security solutions, keeping computing assets up to date on patches, and backing up data. In this session, we'll look at trends in ransomware as well as review the results of the KuppingerCole Leadership Compass on Endpoint Protection Detection & Response (EPDR) solutions.

Event Recording
CSLS Wrap Up and Closing Keynote
Nov 10, 2022
Event Recording
Zero Trust Is Table Stakes, Zero Knowledge Is the Next Evolution
Nov 09, 2022

Zero trust has been around in one shape or form in security for many years, usually under different names like the "Principle of least privilege" or "Mandatory Access Control'. It exists for a good reason, and needs to be re-enforced. But for any cloud native vendor, Zero Trust should be table stakes at this point. Zero knowledge at the organizational level, and not just Zero knowledge encryption, is the next evolution of security best practices. Join us to learn more.