KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Traditional network security focuses on perimeter defenses, but many organisations, systems and processes no longer have a clearly defined network perimeter.
To protect a modern digital enterprise, companies need a comprehensive strategy for securely accessing their IT resources (e.g. applications, physical access control systems, portals, data resources, and devices) wherever they are located.
APIs in supply chains and cyber-physical systems (CPS) are proliferating exponentially across the technology landscape, creating a huge attack surface that security teams struggle to understand and defend.
Zero Trust Architecture (ZTA) refers to security concepts and threat models that no longer assume that actors, systems or services operating within the security perimeter are automatically trusted, but instead must verify everything and everyone who attempts to connect via an API to their systems resources before granting access.
Hence, ZTA is an important design philosophy to establish security mechanisms at the API layer of each individual IT resource for increasing API Endpoint Security in both, corporate infrastructures and open systems. Identity and authorization credentials as well as policies are a key enabler of securing the API endpoints.
These different ZTA approaches include:
1) ZTA Using Enhanced Identity Governance,
2) ZTA Using Micro-Segmentation, and
3) ZTA Using Network Infrastructure and Software Defined Perimeters.
Our presentation will demonstrate how Trust Frameworks and Identity Governance (1) are the foundational layer for a credentialing infrastructure. With this layer in place credentials can be used enable SW-defined perimeters (3).
We will provide in-depth insides how ecosystems solutions such as the Open Credentialing Initiative and Gaia-X are applying design patters using decentralized identity and verifiable credentials for (3).
Traditional network security focuses on perimeter defenses, but many organisations, systems and processes no longer have a clearly defined network perimeter.
To protect a modern digital enterprise, companies need a comprehensive strategy for securely accessing their IT resources (e.g. applications, physical access control systems, portals, data resources, and devices) wherever they are located.
APIs in supply chains and cyber-physical systems (CPS) are proliferating exponentially across the technology landscape, creating a huge attack surface that security teams struggle to understand and defend.
Zero Trust Architecture (ZTA) refers to security concepts and threat models that no longer assume that actors, systems or services operating within the security perimeter are automatically trusted, but instead must verify everything and everyone who attempts to connect via an API to their systems resources before granting access.
Hence, ZTA is an important design philosophy to establish security mechanisms at the API layer of each individual IT resource for increasing API Endpoint Security in both, corporate infrastructures and open systems. Identity and authorization credentials as well as policies are a key enabler of securing the API endpoints.
These different ZTA approaches include:
1) ZTA Using Enhanced Identity Governance,
2) ZTA Using Micro-Segmentation, and
3) ZTA Using Network Infrastructure and Software Defined Perimeters.
Our presentation will demonstrate how Trust Frameworks and Identity Governance (1) are the foundational layer for a credentialing infrastructure. With this layer in place credentials can be used enable SW-defined perimeters (3).
We will provide in-depth insides how ecosystems solutions such as the Open Credentialing Initiative and Gaia-X are applying design patters using decentralized identity and verifiable credentials for (3).
As organizations undergo digital transformation to zero-trust architectures, identity-driven security becomes a critical aspect. Beyond new authentication technologies, organizations must have strong authorization controls. Today, if and when an identity is compromised, the attacker can make lateral movements with very few restrictions and access a wide range of critical systems and information. Much of this over-permissive environment can be attributed to manual permissions management processes that are hard to maintain over time. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), which underlie these manual processes, provide a good baseline for access security. However, their complexity grows over time and the management overhead they place oftentimes subvert the very goals of security and compliance they are deployed for. Just-In-Time Access Management (JITAM) represents a new robust and secure authorization strategy that can reduce the need for periodic access certifications and manual role administration, while providing auditability. Learn how the authorization space is rapidly changing from RBAC and ABAC to JITAM, and how it could benefit your organization.
Fraud can be considerably reduced via speed, scalability, and stability. Investigating fraudulent activities, using fraud detection machine learning is crucial where decisions need to be made in microseconds, not seconds or even milliseconds. This becomes more challenging when things get demanding and scaling real-time fraud detection becomes a bottleneck. The talk will address these issues and provide solutions using the Hazelcast Open Source platform.
Privilege escalation is also one of the most common techniques attackers use to discover and exfiltrate sensitive valuable data. From a hacker’s perspective, privilege escalation is the art of increasing privileges from the initial access, which is typically that of a standard user or application account, all the way up to administrator, root, or even full system access. With NT AuthoritySystem access or on Linux the root account, attackers have full access to one system. With Domain Administrator access, they own the entire network.
• Top Methods of Privilege Escalation on Windows and Linux
• Common Tools used to identify Privilege Escalation
• And more...
UX with Security in Corporate and Customer Access but including a huge monitoring approach to have the effect of Zero Trust for the users. I will Mix CIAM, Access Management, IAG and UEBA
In this session, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts look at the potential of utilizing DID approaches within the enterprise. This session will look at the business benefits, the steps involved, important considerations, challenges, pitfalls, and recommendations for implementing decentralized identity. Martin will explain the potential and look at how this will impact existing technologies such as IGA, PAM, and Access Management, and how this relates to other trends such as WfA, BYOD, Policy-based Access, and more. He also will outline where interoperability and standards must further evolve to enable organizations in re-inventing their IAM, without ripping everything apart. He will discuss the steps involved, important considerations, challenges, pitfalls, and recommendations for implementing decentralized identity in the enterprise.
Fraud is a major cost to businesses worldwide. Cybersecurity Ventures estimates that cybercrime costs will reach $10.5 trillion by 2025. Banking, finance, payment services, and retail are some of the most frequent objectives of fraudsters, as expected. However, insurance, gaming, telecommunications, health care, cryptocurrency exchanges, government assistance agencies, travel and hospitality, and real estate are increasingly targeted as cybercriminals have realized that most online services trade in monetary equivalents. In this session we will look at critical capabilities for FRIPs and provide an overview on the solution market.
The Cyber Security Market has developed quite significantly within the last decade. The scarcity of expertise in the market, the increased number of attacks, the lack of leverage of product implementation ROI are a number of topics we will shortly address in this session. Why it is going to be key that companies should consider an outcome-based managed services going forward.
As long as passwords exist, enterprises are vulnerable to account takeover attacks –yet organizations looking to eliminate passwords may not know where to begin their passwordless journey. While passwordless authentication methods—especially those based on FIDO2—are widely available, they are not yet universally supported nor adopted. This lack of a universal approach can cause confusion and complacency—or both. Attend this session to learn why (and how) organizations should move away from passwords and legacy MFA to advance to and adopt a secure passwordless strategy centered on phishing-resistant MFA in 2023
Cybercriminals no longer “hack” in – they simply log in. Once inside, they hunt for privileged accounts. A vast majority of breaches today are due to the abuse of stolen privileged accounts. Privileged accounts are very powerful but at times, anonymous and shared. Learn how to take control of Privileged Access to ensure that your most valuable asset - your data - is protected.
The short abstract of this topic would be "How we can make a proper business case and ROI(Return on Investment) for PAM". Below are some of the preparations we need for a smoother PAM flight:
You will learn about the Sovereign Cloud for the German Government, this solution is based on Azure and operated by Delos Cloud Gmbh
“Graph-Based Access Control'' (GBAC) is a generic term that refers to the use of graphs and networked data to solve Identity and Access Control problems. You may have seen this before through the disguise of acronyms such as ReBAC (relationship-based), KBAC (knowledge-based), PBAC (policy-based), NGAC (Next-Generation), FGA (fine-grained), and even some implementations of ABAC (attribute-based). All of these terms refer to techniques that use graphs to enforce access-control for any level of coarseness.
In this session you will learn why all the latest Dynamic Authorization offerings on the market use GBAC in a way or another, and how you can successfully adopt the technique yourself. Graphs are becoming ubiquitous - one can just look at the rise of the GraphQL API model to witness their popularity first-hand. Through concrete, real-life examples we will showcase the use of graphs to solve common access problems using the same modern and future-proof techniques that you see in the current authorization market.
As a result, storing all identity data in graphs truly unlocks its full potential. Graphs are data-science and analytics enablers, and have the potential to transform the IAM practice from a cost centre to a true revenue generator. We’ll explore how this can happen for you too…