KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Lack of control and controllability is increasingly a problem in many internal IT departments today. The complexity of the solutions used has steadily increased. It is therefore all the more important that information security systems are optimally set up and easy to operate and administer.
Establishing a risk class-based access management system makes sense for many reasons. In addition to meeting compliance requirements such as ISO27001, BSI IT-Grundschutz or industry standard 62443 and integrating seamlessly into a risk-based approach followed in the information security management system, this approach promotes the regaining of control over all possible accesses to company or organisational systems, regardless of these requirements.
Lack of control and controllability is increasingly a problem in many internal IT departments today. The complexity of the solutions used has steadily increased. It is therefore all the more important that information security systems are optimally set up and easy to operate and administer.
Establishing a risk class-based access management system makes sense for many reasons. In addition to meeting compliance requirements such as ISO27001, BSI IT-Grundschutz or industry standard 62443 and integrating seamlessly into a risk-based approach followed in the information security management system, this approach promotes the regaining of control over all possible accesses to company or organisational systems, regardless of these requirements.
Zero trust is being embedded into law across the world enforcing privacy, data residency and consent. How do companies and governments share patient data global during a pandemic to measure the efficacy of a vaccine? How do financial services organisations share intelligence on suspected terrorist funding, money laundry or sanctions evasion? How is this achieved in the emerging world of data nationalism?
Developing a secure data sharing service is a complex proposition that need to embed change into operations.
Join this session to discuss:
When the worst happens, and your defenses are breached, how do you respond? This engaging workshop, led by an experienced CISO, takes you through the crucial first hours of a cyber-attack. Using real-world examples and first-hand experience, the workshop highlights the immediate steps and strategies essential to mitigating damage and restoring operations. It provides insight into the tactical responses required during these stressful moments and offers guidance on how to create a robust response plan to prepare your organization better.
Attendees can expect to walk away with a better understanding of incident response management and benefit from the lessons learned from past attacks. This is a rare opportunity to learn from the trenches and equip your organization with the resilience it needs in the face of cybersecurity threats.
The 2023 Cybersecurity Workforce Study identifies a daunting 4 million-person workforce gap. This shortfall in qualified candidates hampers industry growth. To tackle this challenge, the industry must broaden its recruitment scope, targeting individuals with potential to learn, including those from diverse backgrounds like business, arts, or engineering. Cultivating entry-level opportunities for students, young professionals, and career changers is vital for industry expansion. However, assessing cybersecurity aptitude in candidates without direct experience poses a challenge. Traditionally, the industry has lacked accessible entry points for newcomers. In this presentation, ISC2's CEO, Clar Rosso, advocates for a clear and adaptable pathway to cybersecurity careers, offering data-driven insights and strategies to ignite recruitment efforts and welcome new talent into the field.
With the introduction of ChatGPT, we have entered into the knowledge age. In this new economy, CISOs are presented with new challenges. This session explores three concerns arising from capabilities like ChatGPT but also three opportunities that CISOs are well positioned for in this new knowledge economy.
In an increasingly technologically interconnected world, cybersecurity teams are the defenders of digital frontlines. Looking ahead to the future, this session dives into the dynamic landscape of cybersecurity, and investigates the market segments’ evolution within it. Many things impact your cybersecurity preparedness and plans, such as new attack patterns, evolution of cybercrime techniques, and emerging technologies. We will discuss industry forecasts until 2025 and how businesses step towards optimal cybersecurity.
From AI driven decision-making to a massive amount of cybersecurity threats around the world, many events make fluctuations in the market, and whether you are a cybersecurity professional, an investor or passionate about IT security, this session will provide you valuable information about the current market sizes and the predictions until 2025.
You will find this session not only informative, but full of valuable insights that will enlighten your journey to secure your organization.
The past weeks again have demonstrated that cybersecurity and geopolitics are inseparable. Cyber attacks have become a common element in geopolitical crisis as an additional vector for concrete attacks, but also for MDM (Misinformation, Disinformation, Malinformation). This also means that CISOs nowadays must take a broader perspective beyond technology. Geopolitics impact the cybersecurity of organizations, and organizations must adapt to this, both by adjusting their organizational structures and cybersecurity spendings as by extending their risk management approaches in a way that also helps in assessing the concrete cybersecurity impact of geopolitics.
This session aims to explore the practicalities and paradigms of integrating AI identities into current and future digital infrastructures. Topics will include the regulatory and governance challenges posed by autonomous AI operations, the technical requirements for creating and managing AI identities, and the technical and even legal considerations of recognizing AI as identifiable entities, focusing on accountability and traceability within various frameworks.
Automated Threats to web applications are according to the Open Web Applications Project (OWASP) a misuse of their inherent valid functionality by applying automated means. Usually, those automations are referred to as `bots´. The attackers usually reverse engineer the web application, e.g. an e-commerce platform, and based on their discovery, craft bots to exploit vulnerabilities or gaps that allow them to pursue their goal on the platform in an undesirable way. A famous example are sneaker bots, whose goal is to obtain a competitive advantage over human clients in purchasing hyped articles like sneakers. Addressing automated threats is a company-wide effort and requires to tackle the problem from many angles reaching from DevSecOps, architectural changes, raising awareness, establishing transparency in the business, implementing preventive controls, to detective controls. In the first phase of our research, we tackled the problem in a big e-commerce company on this entire spectrum of challenges and are now at the position to enhance our approach in a second phase. In the second phase, we aim for an approach to harden a web-application platform with existing detective and reactive controls using aspects of generative approaches and adversarial attacks while also considering explainability.
In the talk, we are going to explain and motivate the problem space, explain the insights from the first phase and outline the goals of the second phase of our research.
The panel will discuss the role of endpoint security in today’s world of WfA (Work from Anywhere), BYOD (Bring Your Own Device), and people commonly using multiple devices, as well as “beyond PC” and “beyond mobile” types of endpoints, including printers. How can efficient endpoint security become implemented, which are the obstacles, and how to overcome them? And which role does endpoint security play in the bigger picture.
Comprehensive protection of networks, system infrastructures, hardware and software, applications and data is part of every cyber security strategy. But what does this actually mean for identity and access management? Unloved for many years and repeatedly declared dead: passwords. Large IT companies have been promising us a password-free future for a long time. Is it really that easy to finally turn your back on passwords? The fact is that we have to deal with a large number of passwords every day in order to complete our professional and private tasks. Every password should be unique, highly complex and as long as possible. But what does the frightening everyday life with passwords look like today, what will it hopefully look like in the future and why it is essential to deal with the topic right now, explains Daniel Holzinger in his lecture.
In this session we will explain how Philips reduced the attack surface and lateral movement with a potential security incident with Privileged Access Management for the cloud in a highly regulated environment.
