KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Too often those of us in the cybersecurity space get wrapped up in comparing, deploying, and managing point solutions. While this is a necessary consequence of both the fragmented nature of the market and the highly specialized nature of our work, sometimes we need to step back and look at the big picture. What kind of information am I charged with protecting? How can I discover and keep track of it all? What kinds of controls can I apply? How can data be protected in different environments, on different platforms, etc? We'll look at the various stages in the life and death of information and how to best manage and protect it.
The term Cyber sounds very attractive and everyone wants to use this term nowadays. Although many people talk about cybersecurity, however only some of them pay some attention to cybersecurity governance.
On the one hand, it is a challenge for top management to govern cybersecurity on the other hand it is challenge for internal audit to give an appropriate assurance on cybersecurity. Should Internal Audit give an assurance on cybersecurity – that is one of the most difficult questions? If yes – how? If not – who should?
Cybersecurity is more about people, management and risk management and less about technologies. Although there are plenty of important, highly recommended technical fixes, new tools and techniques to adopt and implement, however if organizations’ management do not show appropriate leadership, if organizations do not have appropriate structure and processes for cybersecurity governance, than these organizations will be victims of hackers today or tomorrow.
There is no other computer related issue that affects more people globally and more frequently than passwords. We can easily authenticate
100 times day using pins, passwords, biometrics, cards and other technologies. At the same time we see time and again that weaknesses, vulnerabilities and flaws in these mechanisms are exploited to gain unlawful access to systems and data. New consensus on passwords & digital authentication exist, but a major challenge persist: how do convince everyone we've done passwords wrong for 30 years, and need to change everything? This talk will provide fascinating insights into the psychology & technology of passwords, with good advice, humor and the best news you have received in a very long time!
With the preview-release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to its new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.
How the way we talk about information security has changed over the last 2 decades, based on a quantitative analysis of 17 Global Information Security Surveys by EY (2002-2019)
Numerous malware variants are being created daily. To adjust to this evolution, machine learning tools are being utilized by security companies to detect the novel threats and new attack vectors. Same for the threat hunting, where the ML helps in proactively and iteratively parsing through networks detecting the advance threats. Important question is where we want to apply these advanced techniques. The technology should be applied in a smart way to tackle specific problems. In this panel we will discuss the current state of AI in cybersecurity and what the future will hold.
As a result of the continous evolution of IT platforms, new environments and applications show up to simplify our lives. Some receive them with suspicion, others embrace them. But security challenges don't change, they just multiply. Visibility and segmentation cannot be a roadblock on the never-ending quest for innovation and business agility.
Ola Sergatchov, Vice President of Corporate Strategy at Guardicore, in her presentation, will explore how we can deliver more with less. How to accelerate while reducing security risks, and most importantly, align security, DevOps and business objectives without major IT overhaul.
Phishing attacks on companies have become increasingly sophisticated in recent years. The high success rates in tactics such as CEO fraud, ransomware or cryptojacking have led to hackers spending much more time and resources manipulating their targets. This is also reflected in the increased incidence of spear phishing attacks and voice phishing operations. At the same time, technological developments in the field of machine learning (e.g. in natural language processing) offer a dangerous basis for new applications in this area. Dr. Niklas Hellemann gives an overview of new social engineering tactics, e.g. the a fraudulent AI-based voice bot that mimmicks the voice of top managers. In addition, hints are given on how companies can prepare themselves for advanced phishing methods, e.g. also using AI-based awareness solutions that simulate such attacks.
Globalisation has spread business and production sites all over the world. Companies are faced with distributed IT systems as well as with different and demanding regulations in various countries, spanning from USA through to Europe and Asia, especially China and Russia. For many businesses IAM is a central part when it comes to managing employees, partners, customer, things and APIs in a secure and reliable way.
There are many challenges business are facing when they are implementing IAM and Cybersecurity, be it role management and access controls or efficient analytics in the SOC that narrows down the incidents to put the focus of investigation on. As AI augments us increasingly in our daily live activities as well as workers on the factory floor, it also already is able to augment us in doing Identity Management and Cybersecurity better. Martin Kuppinger will look at the areas where AI already is used and where we expect AI to hep us revolutionizing the way we do Cybersecurity and IAM. He will provide perspective that rate the impact and maturity of technologies and deliver guidance on how to pick the best technology for your use cases.
How and where AI, ML, Blockchain, CIAM, Libra, and others can help solving the challenges of Digitization, a changing competitive landscape, and new regulations such as PSD2 in the Finance Industry – and where not
Both traditional Finance Industry and emerging FinTech are under pressure. The competitive landscape continues to change, with new players entering the market, new business models emerging, and new regulations requiring changes in the way business is done. Everyone is fighting for the customer and wants to be the “face to the customer” – the one who controls the business relationship and interaction.
On the other hand, there are many new technologies such as payment systems, Blockchain ID, the potential AI & ML promise, and many more.
In his talk, Martin Kuppinger will look at the big picture of the Finance Industry and its change in the Digital Era, with specific focus on how the various players in this market can benefit from focused use of emerging technologies to strengthen their competitiveness.
The KuppingerCole Jury will once again honor outstanding Identity Management and Security Projects and Initiatives.
If we look under Alexa’s hood and read between the technologies we find a disturbing reflection of our own identities and personal data. In your home Alexa is always listening and influencing your options. In your company’s product deployment Alexa is influencing your brand, your customers, and your user data. We will discuss why this represents a geo-political shift more significant than the rise of social media. As a previous developer of Alexa skills and other AI systems I will share with you my lessons learned.
And we will examine alternatives.
This interdisciplinary talk will lead you through on why not just identities, but any identity-related information should not be stored on a blockchain. The main technical reason being that none of the blockchain USPs is applicable when it comes to identity (-related) data, especially assertions.The legal and business reason being that blockchain is not (yet) compatible with and accepted in our legal and regulatory framework. So what is the way to go?
There's not many other areas where security and decentralisationis as important as when we're dealing with identity data. Max will explain how to take advantage of already-existing technology (even edge technology) to ensure convenience for the enterprises as well as cost reduction while at the same time making sure there is maximum convenience for the identity owners (humans, machines and other enterprises).
Blockchain to some is the future solution for everything, or at least for managing identity information. Rabobank is piloting extensively with blockchain. In his presentation Henk will use a few cases on blockchain to see what works well and what doesn't, and where blockchain could be applied to managing identities, whether these are customer identities or employee identities. Or both.
Not only is there no form of AI that understands what it says, can draw conclusions from it, and can base decisions on it, but it is not even known how such a synthetic intelligence could be created. In our time, let's say in the next two and a half decades, it is not primarily a question of developing an ethical code within which AI's can unfold as independent subjects, but rather of a far more profane view of responsibilities. If a self-propelled car decides to drive against a traffic light pole without any action on my part, who is responsible for the damage?
Are there already solutions in our current legal system for the regulation of such matters, in which only the former of the "basic manifestos" of injustice - the constituent elements of the offense, illegality, and guilt - still plays a role, or must a new category be devised for this?
This keynote will offer an interesting reflection on the current and future situation.
A steady stream of trends has built up over the years fueling a growing momentum around Decentralized Identity. Kim Cameron will report on why early adopters – enterprises both large and small – are already beginning to make Decentralized Identity part of their strategy for digital transformation. He will argue that the underlying trends will only intensify – and that enterprises which figure out how to benefit early will benefit the most.
The old paradigm of a centralized directory for security has been shattered into a thousand pieces and scattered across the Cloud. Identities, sensitive data and resources, and the management of who may access them are now distributed across hundreds of on-premise and Cloud systems each with its own idiosyncratic security model and none designed to be managed in unison. The shift to Microservices has accelerated the pace of this change. Given this monumental new challenge what is the solution for identity professionals?
The answer lies in embracing this change and applying Microservice design patterns to Identity and Access Management. As an example, IAM can play a key role in an organizations Microservices design by acting as what is known as an "Anti-Corruption Layer". The Anti-Corruption Layer Design pattern isolates systems having different models by translating communications between them, allowing one system to remain unchanged while the other can avoid compromising its design and technological approach. In this case, IAM can be the glue that translates between an organizations security practices and the multitude of ever-changing Cloud applications and their local security.
The attackers are coming in ever increasing waves - come and learn how to set up your defenses so you have the lowest likelihood of account compromise, and accounts which do fall present minimal risk. 100's of thousands of accounts fall victim to hackers every day across consumer and enterprise Identity systems. Attacks are increasing in volume, and Identity takeover remains the "brass ring" for attackers.
The good news? More than 99.9% of these compromises are easily preventable by using the principles of Zero Trust and modern Cybersecurity tools. Benefit from the analysis of more than 18B logins and 300M deflected attacks each day, tenant configuration, and attacker pattern to get clear ideas of the most effective patterns for protecting identity systems (and plenty of motivation to apply them!)
