KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Companies are facing increasingly complex security threats. Many are struggling to assess their own security risks due to an inability to address potential issues as they arise, due to the breakneck pace at which issues are disclosed, and teams' ability to address said issues as they accumulate and because the huge number of security tools in use create diagnostic fatigue.
Vulnerability management programs rarely ever match the overall scale of the organization, boosting the number of potential points of exposure. What's more, besides vulnerabilities, attackers are increasingly leveraging exposures such as misconfigurations and stolen credentials to gain access to companies' core business. Because of this, attack paths to critical assets are often overlooked or identified too late.
Instead of looking at vast numbers of isolated issues, XM Cyber aggregates them into an attack graph to proactively identify hidden attack paths and weaknesses in both the cloud and on-premises. XM Cyber helps organizations efficiently address the issues that can have the greatest impact on organizational risk. Then teams can eliminate attack paths at critical junctures, i.e., choke points, in order to achieve ultra-efficient risk remediation.
MFA and other identity security controls are very effective in stopping cyber attacks, and are widely used on modern apps, but until now they couldn't be applied to legacy apps, service accounts (non-human identities), command-line interfaces, OT systems and many other critical resources. These 'blind spots' are targeted in almost all data breaches and ransomware attacks, and often prevent compliance with regulations and cyber insurance requirements. Join this session to learn how your existing MFA and modern identity solutions can be extended to all these legacy assets using a new technology.
OpenID Connect Federation enables trust establishment at scale and is being deployed to do so in Europe.
A key question when granting access to resources is “Who do you trust?”. It’s often important to know who the party is that you’re interacting with and whether they’ve agreed to the terms and conditions that apply when accessing a resource.
OpenID Connect enables identities of participants to be securely established but doesn’t answer the question of whether a participant is trusted to access a resource such as your personal data. A complementary mechanism is needed to do that. In small-scale and static deployments, it’s possible to keep a list of the trusted participants. However, in large-scale and dynamic deployments, that doesn’t scale.
This presentation will describe how the OpenID Connect Federation protocol enables scalable trust establishment with dynamic policies. It does so by employing trust hierarchies of authorities, each of which are independently administered. Examples of authorities are federation operators, organizations, departments within organizations, and individual sites.
Two OpenID Connect Federations are deployed in Italy, enabling secure access to digital services operated by Italian public and private services with Italian digital identities. This presentation will also describe why OpenID Connect Federation was selected for them and how it meets their needs. OpenID Connect Federation is being used by the GAIN PoC. A public deployment is also being planned in Sweden.
Autonomous networking aims at the appropriate handling of the growing number of devices, machine, sensors and components for which authentication and authorization must be ensured, i.e., identities must exist. The initial provision of such identities, but also the handover and onboarding into the respective operational environment (WiFi, smart home, factory floor) require scalable, automated, end-to-end secured procedures and concepts to facilitate trusted communication, but also e.g., the provision of made-to-measure updates.
Making IoT/OT/IIoT identities and networks secure by design is essential. ACP (Autonomic Control Planes) and BRSKI (Bootstrapping Remote Secure Key Infrastructure) lay one foundation for achieving this.
Every cloud-native application needs some form of access control. Most applications provide role-based access control (RBAC), which has limitations when it comes to enterprise scale and fine-grained access control.
Zero trust architectures require us to go further. Following the principle of least privilege, modern cloud apps can implement just in time authorization with fine-grained controls. With a fine-grained model, access rules can be defined on the application’s resources, often down to individual items. And a just-in-time model helps ensure the user has access to what they need, when they need it.
Two ecosystems are emerging around modern authorization: Policy-as-code and policy-as-data. Open Policy Agent (OPA) brings a policy-as-code approach to fine-grained authorization, and Google’s Zanzibar is the most known representative of the policy-as-data camp.
Join the panelists to discuss new developments in modern authorization, and compare the strengths and weaknesses of policy-as-code and policy-as-data as foundational models for a robust access control system.
In this session, I will first talk about the design considerations and challenges when applying SSI to IoT, followed by the description of an initiative for creating an embedded SDK for SSI. Finally, I will discuss new opportunities for building decentralized identity and access management solutions for IoT.
You are shifting through RFIs for a new mobile app based multi-factor authentication solution for your company. The vendors claim that their products are 100% secure and we all know that there's no such thing as a 100% secure solution, but it's marketing and you know how marketing sometimes goes overboard. How do you determine if the solution is actually fit for your appetite for risk? Can you be sure development time dev credentials have been cleaned up? Is the rooting detection any good? Does the app store plaintext credentials? Is it vulnerable or can someone build a scalable attack against the product you are about to acquire to protect your crown jewels? Let's take a look at different options out there and talk a little bit about what you can request from the vendors.
Fraud is a major cost to businesses worldwide. Cybersecurity Ventures estimates that cybercrime costs will reach $10.5 trillion by 2025. Banking, finance, payment services, and retail are some of the most frequent objectives of fraudsters, as expected. However, insurance, gaming, telecommunications, health care, cryptocurrency exchanges, government assistance agencies, travel and hospitality, and real estate are increasingly targeted as cybercriminals have realized that most online services trade in monetary equivalents. In this session we will look at critical capabilities for FRIPs and provide an overview on the solution market.
The Art of CIAM is to converge user Experience (UX) , security and privacy in a way that is seamless and unobtrusive for the user. In this panel session we will discuss the role of decentralized technologies, biometrics, and AI in Digtal ID, allowing for more secure and efficient authentication processes.
Decentralized Identity is enabling individuals and organizations to have control over their own personal data, providing self-sovereignty, privacy and security. But, is a relatively new concept with high development and standardization dynamics. In this session we will look into what we should do today to take full advantage of this promising concept.
Speed to market, extensive use of so-called standards and the quest for low cost: Successful product development is using lopsided metrics. That comes with a big penalty - from physical product safety and cyber security, companies around the world spend big money on fixes that often come too late. Learn about three often overlooked pillars of successful, resilient product lifecycles and what leverage unexpected skills like penetration testing can apply.