KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The cybersecurity landscape is complex and can be confusing even to experts. The Cyber Defense Matrix is a model that simplifies this landscape, enabling us to navigate it more easily and clearly communicate our plans to others. This workshop will explain the Matrix and how it can be used to build, manage, and operate a security program. By organizing technologies, skillsets, and processes against the Matrix, we can understand the problems we need to solve, what gaps exist, and what options are available to close those gaps.
The risk of being digitally vulnerable, or not being able to access basic services, affects us all. There can be no doubt that enhancing accessibility features across digital access journeys is tremendously important in helping people simply and safely connect with the digital world. But this doesn’t go far enough.
What you’ll learn from this session: How can adaptive, connected, and balanced digital identity go further in addressing universal digital vulnerability at the root, making sure no one gets left behind.
Matthias offers a critical analysis of the EU's NIS2 Directive's intricate demands, drawing attention to the limitations of one-size-fits-all solutions. He advocates for customized compliance plans, underscoring the unique challenges across various entities, with special attention to the constraints faced by SMEs. And obviously the future interpretation of this EU directive into national regulation adds another layer of complexity.
Essential strategies such as comprehensive risk evaluations, continuous educational efforts, and advanced incident management protocols are emphasized as crucial for effective compliance, integrating cybersecurity deeply into the organization's core values beyond just adherence. The talk concludes with a perspective that views NIS2 compliance as a dynamic goal necessitating enduring dedication and flexible approaches.
Comprehensive protection of networks, system infrastructures, hardware and software, applications and data is part of every cyber security strategy. But what does this actually mean for identity and access management? Unloved for many years and repeatedly declared dead: passwords. Large IT companies have been promising us a password-free future for a long time. Is it really that easy to finally turn your back on passwords? The fact is that we have to deal with a large number of passwords every day in order to complete our professional and private tasks. Every password should be unique, highly complex and as long as possible. But what does the frightening everyday life with passwords look like today, what will it hopefully look like in the future and why it is essential to deal with the topic right now, explains Daniel Holzinger in his lecture.
Hacked and what legally to do now? What are the most important steps and measures that companies should take to avert or minimise liability and reputational damage? Fabian Bauer will give exciting insights into the legal consulting practice and explain the essential legal do's and don'ts after a cyber-attacks.
Automated Threats to web applications are according to the Open Web Applications Project (OWASP) a misuse of their inherent valid functionality by applying automated means. Usually, those automations are referred to as `bots´. The attackers usually reverse engineer the web application, e.g. an e-commerce platform, and based on their discovery, craft bots to exploit vulnerabilities or gaps that allow them to pursue their goal on the platform in an undesirable way. A famous example are sneaker bots, whose goal is to obtain a competitive advantage over human clients in purchasing hyped articles like sneakers. Addressing automated threats is a company-wide effort and requires to tackle the problem from many angles reaching from DevSecOps, architectural changes, raising awareness, establishing transparency in the business, implementing preventive controls, to detective controls. In the first phase of our research, we tackled the problem in a big e-commerce company on this entire spectrum of challenges and are now at the position to enhance our approach in a second phase. In the second phase, we aim for an approach to harden a web-application platform with existing detective and reactive controls using aspects of generative approaches and adversarial attacks while also considering explainability.
In the talk, we are going to explain and motivate the problem space, explain the insights from the first phase and outline the goals of the second phase of our research.
The panel will discuss the role of endpoint security in today’s world of WfA (Work from Anywhere), BYOD (Bring Your Own Device), and people commonly using multiple devices, as well as “beyond PC” and “beyond mobile” types of endpoints, including printers. How can efficient endpoint security become implemented, which are the obstacles, and how to overcome them? And which role does endpoint security play in the bigger picture.
In today’s volatile cyber landscape, threats are increasingly sophisticated (e.g. AI-powered ransomware and data exfiltration techniques), and the regulatory environment is ever-changing. Now more than ever, the responsibility falls on executives to spearhead effective incident response plans. This fireside chat with industry leaders Navroop Mitter, Matthew Welling, and Evan Wolff, unpacks the complexities executives face around incident response in this new cyber-normal. The panel will delve into the intricate interplay between AI-driven threats, end-to-end encrypted communications, and new regulatory landscapes both in the U.S and Europe, particularly in the light of recent legislative developments like the U.K.'s Online Safety Bill.
We will also introduce our groundbreaking joint publication featuring specialized tabletop exercises designed for the C-suite.
Most contemporary digital identity discussions deserve another label: They are mostly about electronic trust ecosystems, considering all kinds of attributes beyond just pure identity. Additionally, nowadays they include natural persons, legal entities and (internet of) things. Everyone seems to agree the future is decentralized and all this only works with these curious wallets. Andre Kudra takes us on a journey through electronic trust ecosystems, diving into questions like: Which ones do we already have today? Some are successful, others not – why? Regulators are on it, too: What will eIDAS 2.0 and the EUDIW bring? What’s in the pipeline in other parts of the world? Will organizational digital identity (ODI) now invoke the breakthrough of decentralized identity overall? Why is decentralized identity the only way for Zero Trust Architectures which deserve the name?
Traditional federation agreements are relatively static. It takes some effort to onboard an IdP and RP to each other, but once that trust is established, it's good until some exceptional event breaks the federation.
But what about a more dynamic world, one where trust comes and goes based on context? What if users could be provisioned dynamically into a space based on trust from elsewhere? What if an isolated space could still function in a disconnected state and still have powerful security properties? What if these isolated spaces could reconnect to the network and provide audit capabilities and security signaling to other components throughout the wide ecosystem? And what if all of this could be built on a layer of trusted software that didn't rely on pre-placing keys or accounts ahead of time?
Come to this talk to learn about Federation Bubbles, the proof of concept being built out on top of a suite of technology including OpenID Connect, OAuth, SPIFFE, Verifiable Credentials, and more.