KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the concepts behind Decentralized ID and its current state. Based on that introduction, he will share his perspectives on how Decentralized IDs can improve the cybersecurity posture of organizations for different use cases, including workforce, business partners, customers, and citizens.
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the concepts behind Decentralized ID and its current state. Based on that introduction, he will share his perspectives on how Decentralized IDs can improve the cybersecurity posture of organizations for different use cases, including workforce, business partners, customers, and citizens.
Quantum computing has found its way into Deutsche Bahn's technology roadmap. In the session I’ll give an introduction where is it used, which use cases are being developed, which skills does the industry need? The key question is which risks do we expect and how can we prepare our organization against attacks, some keywords are NIST, PQC, crypto agility. I will give an overview of the international quantum landscape and its progress. You will get hands on advice how to establish a maturity model for quantum readiness and an enterprise program to become quantum ready.
Anomaly & outlier detection today is far beyond human capacities. Artificial intelligence has become an important technology in cybersecurity, as algorithms can solve many problems better and faster than humans. AI-Driven data intelligence automates the discovery, management, and control of all user access. This allows you to not only make better and faster access decisions, but also to quickly spot and respond to potential threats. It empowers every worker with correct and timely access when they need it, proactively engages business users to identify risky access, and helps security professionals intelligently create and maintain access models in today’s dynamic IT environment. After all, Identity Governance is not just about security. It is Trust and Reputation Management.
Attackers follow the money. In a digital economy, this means targeting web apps and APIs to exploit vulnerabilities and abuse business logic, leading to data breach, account takeover, and fraud that can devastate your business. To effectively prevent these attacks, you need comprehensive, consistent security that protects your entire digital footprint.
F5 solutions reduce complexity in a hybrid and multi-cloud world so you can deliver secure digital experiences at scale—in the architecture you have now, and for the architecture you aspire to evolve your business into.
The panel will discuss the role of endpoint security in today’s world of WfA (Work from Anywhere), BYOD (Bring Your Own Device), and people commonly using multiple devices, as well as “beyond PC” and “beyond mobile” types of endpoints, including printers. How can efficient endpoint security become implemented, which are the obstacles, and how to overcome them? And which role does endpoint security play in the bigger picture.
The Digital Operational Resilience Act (DORA), which entered into force on 16 January 2023 and will apply from 17 January 2025, aims to enhance the digital operational resilience of entities across the EU financial sector and to further harmonise key digital operational resilience requirements for all EU financial entities. DORA sets out uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information and Communication Technologies) services to them, such as cloud computing or data analytics services. DORA creates a regulatory framework on digital operational resilience, whereby all financial entities need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across the EU, with the core aim to prevent and mitigate cyber threats. DORA is complemented with several “regulatory technical standards (‘RTS’)” which give more details on requirements for cyber security.
As the whole DORA legislation cannot be presented in a short timeframe, I will focus on the part that is most important to ensure cybersecurity and the part that is the most interesting one for the audience, the RTS on ICT Risk Management Framework. I will give a quick overview and highlight the topics, which will bring the most workload to the industry. The biggest challenges will be in the areas of Asset Management, Operations Security, Network Security and Encryption.
Automated Threats to web applications are according to the Open Web Applications Project (OWASP) a misuse of their inherent valid functionality by applying automated means. Usually, those automations are referred to as `bots´. The attackers usually reverse engineer the web application, e.g. an e-commerce platform, and based on their discovery, craft bots to exploit vulnerabilities or gaps that allow them to pursue their goal on the platform in an undesirable way. A famous example are sneaker bots, whose goal is to obtain a competitive advantage over human clients in purchasing hyped articles like sneakers. Addressing automated threats is a company-wide effort and requires to tackle the problem from many angles reaching from DevSecOps, architectural changes, raising awareness, establishing transparency in the business, implementing preventive controls, to detective controls. In the first phase of our research, we tackled the problem in a big e-commerce company on this entire spectrum of challenges and are now at the position to enhance our approach in a second phase. In the second phase, we aim for an approach to harden a web-application platform with existing detective and reactive controls using aspects of generative approaches and adversarial attacks while also considering explainability.
In the talk, we are going to explain and motivate the problem space, explain the insights from the first phase and outline the goals of the second phase of our research.
Matthias offers a critical analysis of the EU's NIS2 Directive's intricate demands, drawing attention to the limitations of one-size-fits-all solutions. He advocates for customized compliance plans, underscoring the unique challenges across various entities, with special attention to the constraints faced by SMEs. And obviously the future interpretation of this EU directive into national regulation adds another layer of complexity.
Essential strategies such as comprehensive risk evaluations, continuous educational efforts, and advanced incident management protocols are emphasized as crucial for effective compliance, integrating cybersecurity deeply into the organization's core values beyond just adherence. The talk concludes with a perspective that views NIS2 compliance as a dynamic goal necessitating enduring dedication and flexible approaches.
A demo of the XM Cyber platform will show you how we can visualize the different attack paths in your system for you. We can show you how a hacker moves laterally through your environment using many different techniques to arrive at your critical assets. And by knowing the different attack paths through your environment, the platform will show you how you have to prioritize your efforts to prevent more attacks without getting lost in long lists of vulnerabilities.
Modelling Cyber Risk is hard. Only a few historical data in known quality exist. Cyber Risks occur with a low frequency but their impact and severity might be high in case they come to pass. In my session I will give an inside how we got started to quantify Cyber Risks and what the challenges are to derive conclusions for risk steering and capital allocation.
Traditional federation agreements are relatively static. It takes some effort to onboard an IdP and RP to each other, but once that trust is established, it's good until some exceptional event breaks the federation.
But what about a more dynamic world, one where trust comes and goes based on context? What if users could be provisioned dynamically into a space based on trust from elsewhere? What if an isolated space could still function in a disconnected state and still have powerful security properties? What if these isolated spaces could reconnect to the network and provide audit capabilities and security signaling to other components throughout the wide ecosystem? And what if all of this could be built on a layer of trusted software that didn't rely on pre-placing keys or accounts ahead of time?
Come to this talk to learn about Federation Bubbles, the proof of concept being built out on top of a suite of technology including OpenID Connect, OAuth, SPIFFE, Verifiable Credentials, and more.
In today's digital age, traditional security models are no longer sufficient to protect against sophisticated cyber threats. That's where Zero Trust comes in – a security model that assumes that every user, device, and application is a potential threat until proven otherwise.
In this session, we will go through the criticality of the IAM in a zero trust security model. How by leveraging and implementing core IAM Technologies (IGA, Identity Federation and PAM) organisations can effectively manage identities, devices, enforcing access control principals like least privilege, continuous authentication, user behaviour analytics and can ensure that only authorised users have access to sensitive data and mission critical resources.
