KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?
Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?
The challenges to information security in companies are increasing every year. The focus is on serious attacks against small and large companies and the urgent need to protect their own information. It is no longer sufficient to view the protection of corporate information in a one-dimensional way. Many different facets are important: authentication, authorization, governance, policies, processes, monitoring and surveillance, cyber defense and many more.
Putting a company on the right track in the long term requires strategic and technical expertise that is usually managed from the information security area within the company - by the Chief Information Security Officer.
But what skills does a modern CISO need? What should be his or her strengths, what does a company need to look out for if it has this role, or how does a security expert need to develop in order to meet the numerous requirements for this position? Join this session by KuppingerCole CISO, Christopher Schuetze to get answers to these pertinent questions
Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of threats and ultimately trust.
For more than 15 years, Denmark has provided public access to eID. 3. generation is now available delivering one unified system giving both citizens, employees, public authorities, and businesses easy access to solely accepting and using validated digital identities. Ensuring compliance within the framework of eIDAS and ultimately NIS2.
Bjarke Alling - current member and prior co-chair of the Danish National Cyber Security Council, founder and Group Director of the IT cybersecurity software company Liga, and a key contributor to the development of the Danish eID solution, will share insights into the solution and put it into a broader broader-crossing perspective.
For any large company, regulated or not, it is essential to have a mechanism or process for detecting vulnerabilities. For this purpose, various scanners exist that can automatically scan the company's IT assets for known and new vulnerabilities. However, this is where the big challenge begins: most scanners tend to find a large number of vulnerabilities. This is important and good, but not every vulnerability is equally relevant for every company.
Typically, most organizations drown quickly with the number of vulnerabilities they have. Different specific scanners for compliance, containers, source code, operating systems and applications deliver a hardly manageable number of different potential problems per asset.
For vulnerability management to work, you need to build a sustainable vulnerability management, define intelligent processes and specify intelligent bundling and prioritization.
In this presentation, Christopher Schütze will show how this was achieved in a successful project.
This is the story of our journey to Zero Trust, from the initial analysis to its technical and effective implementation. As many organizations our starting point was not the best one (lack of proper asset management, mixed permissions, etc) but when we started to work on a Zero Trust implementation we were able to overcome these and also solve some unforeseen problems and offer major security also through Human Factors and Risk Management. The aim of this talk is to inspire security leaders on what is a Zero Trust Architecture (which is not an off-the-shelf solution and desn't require massive initial investments) and how they can reuse their internal knowledge and tools to deliver it.
Cyber Security traditionally has been seen as the domain of Technology, with an expectation that the solution for cyber resilience has to be provided by IT – and we happily accepted this challenge and delivered numerous software and hardware solutions, design and development principles, policies and process controls.
However, as most successful cyber-attacks in recent time have started by targeting users with phishing emails or social engineering, raising awareness of their role in increasing cyber resilience is at least as important as providing “just a technical solution”.
This presentation will – based on example of a famous real robbery in Berlin – show how user awareness can become an important line of defence in cyber security.
This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.
The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.
The next generation of cyber threats have arrived and there aren’t enough security people or budgets to handle the growing volume and complexity. This presentation will explore why organizations — and not just their security teams — need security automation. We will look at the reasons why security teams utilize SOAR (Security Orchestration, Automation, and Response) to keep pace with threats and technological innovations, without their organizations needing to add headcount. Learn how when the security team automates traditional Tier 1 work, the entire organization benefits - from upskilling staff to eliminating spend on managed services. This session draws from real-world European enterprises whose adoption of NextGen SOAR was the catalyst for fundamental security and organizational improvements.
Resilience has been changing over the last 15-20 years, where we now accept and acknowledge the various types of reslience an organisation should be responding to. This session will explore how security has moved from a focus on just protection to faster detection and response. It will aso explore what the fast moving technologies mean for other types of resilience that organisations will be faced with in the coming future, and what they can do about it.
This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.