KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Building and running cyber security in both worlds modern cloud security in combination and legacy on premises introduces extra complexity. Some of the well known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely fit in legacy systems. Based on a model for security classification we will explore some does and don’ts in modern cyber security.
Cybersecurity reporting is a critical mechanism to ensure effective commincation of significant security issues across different levels of your organization - from software architects to the Board. Yet, reporting today is far from being a formality and does not comprehensively highlight an organization's exposure to cyber threats. Join this session to understand the factors that drive the effectiveness of a risk-based cybersecurity report and get access to best practices on communicating actionable metrics within a specific context.
In this talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will provide insights on Digital Supply Chain Risk. He will look at the areas of risks, from secure partner onboarding to software supply chain security and others. He will look at prominent examples and common weaknesses in these areas. He then will provide insight into actions that organizations should and must take, both organizational and technical.
Even though MDM has had a long history during war and times of high tension, the digital era has been increasing reach and potential impact of weaponized misinformation. Sophisticated tools such as machine learning mechanisms and software bots is opening a huge battlefield for creating and spreading manipulated information at scale even for those with limited technical skills. From nation state attacks through organized crime down to that one single customer who feels treated unwell – they all can use such tools. What does this trend mean for your organization and what ist he CISO´s role combating MDM attacks? In this extra-long panel session we will try to find answers on how MDM will affect our organizations and how we can increase antoi-MDM resilience.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War
Join this session to gain a deeper understanding of threat actors and the current threat landscape, in order to help you adapt and protect your organisation from cyber warfare. We know adversaries do not rest. Attacks are growing more destructive, causing mass disruption to organisations and society. Take away knowledge of Threat Actors, current attacks, strategies to defend your organisation and understand how your workforce puts you both at risk but can also be leveraged to be your first line of defence.
This is the story of our journey to Zero Trust, from the initial analysis to its technical and effective implementation. As many organizations our starting point was not the best one (lack of proper asset management, mixed permissions, etc) but when we started to work on a Zero Trust implementation we were able to overcome these and also solve some unforeseen problems and offer major security also through Human Factors and Risk Management. The aim of this talk is to inspire security leaders on what is a Zero Trust Architecture (which is not an off-the-shelf solution and desn't require massive initial investments) and how they can reuse their internal knowledge and tools to deliver it.
Resilience has been changing over the last 15-20 years, where we now accept and acknowledge the various types of reslience an organisation should be responding to. This session will explore how security has moved from a focus on just protection to faster detection and response. It will aso explore what the fast moving technologies mean for other types of resilience that organisations will be faced with in the coming future, and what they can do about it.
With many privileges to manage within an organization, authorization within an Enterprise can be a challenge. As capabilities in any organization are often in a state of constant change and growing complexity, implied trust can easily creep into authorization frameworks and policies leading to an overly-permissive environment. Learn how an organization can layer and support Role, Attribute, and Policy-Based Access Control methodologies to avoid these pitfalls and while also preventing entitlement duplication leading to a more secure Identity perimeter for your users.
Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?
This presentation will explore why companies need security automation. We will look at how companies can ensure success (and how to ensure failure). Leveraging professional experience and doctoral research into security automation, the presenter will examine the keys to successful security automation, including how to prioritize use cases and build enterprise support. This session will look at how to decide what to automate (and what not to automate), strategies to help ensure a successful security automation program, and lessons learned from success and failure, including worst reason to pursue security automation.