KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
We cannot manage what we cannot measure.
We cannot manage what we cannot measure.
Data Protection is a very basic and profound concept of translating privacy as a human right into the digital sphere. But is it enough? and are our current approaches the right ones? In this panel we will try to find answers on how we can translate privacy into the (metaverse) future.
With over 120 million downloads, and users like Netflix, Zalando and GS, the open source project Open Policy Agent has quickly become the de facto standard for Authorization. In this session, KuppingerCole´s Alejandro Leal will discuss with Jeff Broberg, Gustaf Kaijser and Ward Duchamps on most common use cases where OPA is adopted.
OpenID Foundation Workshops provide technical insight and influence on current digital identity standards while also enabling a collaborative platform to openly address current trends and market opportunities. The OpenID Foundation Workshop at EIC includes a number of presentations focused on 2022 key initiatives for the Foundation.
Ethical Hacker Joseph Carson will demonstrate a real-world use case of how a cyber adversary gains an initial foothold in your network through compromised credentials and then elevates control and moves laterally to identify and exfiltrate your critical data. He will share insights into how the mind of a criminal hacker operates based on his experiences and steps you can take to stop them in their tracks.
Staying up to date and learning hacking techniques is one of the best ways to know how to defend your organization from cyber threats. Hacking gamification is on the rise to help keep security professionals up to date on the latest exploits and vulnerabilities. This session is about helping you get started with hacking gamification to strengthen your security team.
In this session Joseph Carson Chief Security Scientist and Advisory CISO at Delinea will select two systems from Hack the Box and walk through each of them in detail explaining each step along with recommendations on how to reduce the risks. Going from initial enumeration, exploitation, abusing weak credentials to a full privileged compromise.
What will I learn?
Get answers to these important questions:
Privacy is one of the most challenging aspects to protect in identity solutions.
The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.
Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.
The “zero trust” approach to cybersecurity has been gaining momentum in recent years, as both corporations and government agencies have struggled with how to enhance security given the de-emphasis on the network perimeter. For the most part, the zero trust movement has remained rooted in network principals. However, in the last two years, much of the world was forced to interact exclusively online, creating a sense of urgency around zero trust security and the “never trust, always verify” philosophy behind it reached a new level of importance.
In this panel, you’ll hear from security leaders who have approached and implemented zero trust with an identity-first philosophy, considering it a transformative way of reducing friction for users, while addressing the increasingly challenging risk environment. They believe a true zero trust environment requires a strong identity and access management framework.
When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.
A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.
* IT-security, OT-security, cloud-security
* Cyber security: from basics, perimeter, air gap to zero trust
* Hybrid world: isolation or integration
* Tops and flops in practical cyber security
Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.
This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information