KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event.
The recordings and slide decks are available for participants and those interested.
From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event.
The recordings and slide decks are available for participants and those interested.
Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, senior analyst and advisor with KuppingerCole Analysts. Today we want to do a short retrospective on the Cyber Security Leadership Summit that took place last week in November 2021. And for that, I have invited Martin Kuppinger for this episode. He is the principle analyst of KuppingerCole and one of the founders. How are you Martin? Good to see you.
Yes, I'm fine. And it was a very interesting week last week in Berlin. Exactly. And we do not want to dig deep into several topics, but we want just to give a short overview of what's us when it comes to which topics are prevalent when it comes to cybersecurity, we are living in an age where, where attacks are growing, where ransomware is growing, but what were the key takeaways that you took when you think back on this week of cybersecurity leadership summit, and a really intense set of talks and panels and discussions?
Yeah, so I think let's, let's get started with clearly ransomware will not disappear. It will remain a challenge and reservoir resilience is really key to everything we do in general. I cyber attack resilience, which also means the ability to recover to come back.
But what, when I look at some of the, the things I, I was maybe partially surprised at, which were also new perspectives to meet them, then one of the interesting things was that sort of attacks we, we might have believed are more of the past are coming back. So the past 18 months there was a strong uptake. First in DDoS attacks against the VPNs of large organizations, combined with some sort of like mailing. So we stopped the DDoS attack if you open up or if you pay us money. And right now falling with DDoS attacks, for instance, on voice, over IP and on sort of more business applications.
So this is, this is still something which is to be kept in mind. It's not that everything is a part of ransomware. The other thing, which I found a very interesting discussion we had around started to run endpoint security, but it affects every single way you collect signals from, from devices, for your AI, for your machine learning. And the interesting question is, can you trust these signals? So what about authenticity and integrity of signals you're receiving? And so there's the risk that in fact fake signals are used to impact the learning.
And this is something we must not underestimate as a risk in, in, in the overall cybersecurity space. These are some of the, but not all, but just some of the interesting seams I saw last week. If you bring these two topics together, this is really interesting because on the one hand you talk about the, the, the authenticity, the integrity, the trustworthiness of the signals that are used then for AI, on the other hand, many vendors, many, many also end-user organizations are thinking that AI might be a key component in improving their cyber security strategy.
We've seen products that that promise to, to detect ransomware attacks within milliseconds, as they are happening and to intervene there. But that relies on these, on these signals that then can trigger AI. So this is really these two topics really come close together, and we need to understand what that means for a cybersecurity, But the Donald's got me wrong. I believe that ML and AI AI may be more augmented until it augmenting intelligence and artificial intelligence. If you're honest, play a very important role. Yes. And we need this because we need to Auckland people.
We have to challenge off way too many signals, way too many incidents. And only if we managed to reduce that gray area of signals of, of incidents of threats. So we have the black ones, which are clear, this is an attack. If we know, if we can act, we have the white ones, which are I'm critical at that gray area in between is only, we only can handle it. If we apply better technologies, commands people. So there's no doubt that we need this.
This is, this is a hundred percent clear. The point is clearly also attackers will use this. They will understand there's AI. I am AI ML in place. How can we sort of cheat is how they can trick over, can be trick this, this will happen on if you need to be prepared for that.
And, and he touched it on our scene. If we use technology to make decisions for instance, about what does isolated, what does block, et cetera, we need to have a better business context at the end. It is the business and the business policies, which you need to decide apart. What are the actions in vitreous scenario, Right? That isn't an organization, a shift that we have been discussing earlier as well, too, to really, to get those on board, to really understand what's going on.
It's not the technicians, it's not the it guys who know what is wanted and unwanted, what is desirable and what is really something that is not correct in your systems. But I was surprised to have a complete track on, on, on the management of people, on bridging the skills gap and finding the right staff for your organization. That was really surprising for me. So the skills gap is growing and it's still a problem that we need to talk about, right?
It is, it will not quickly disappear. I think it is a long time of Charney to, to start with education about it and, and cyber security and how to act properly very early and, and why we higher level to make it as a part of way more. I don't want to simply instead of this today, this is, this is part of the story. But if you kill, you also have to challenge that we must act now and a kills our air. So I believe we will. That's something I'm preaching for quite a couple of years.
We will need these technologies that augment us, that help us in focusing on the things we really need to focus on. We also will need more from my perspective, more managed services, where, where we can sort of build on the economies of scale by optimally using that the, the sort of the super experts and having a sort of a pyramid of people there's different skills in place as well, Right? And of those 2021, we're talking about trends, we're talking about upcoming developments.
There are still some basics that probably will never change that are prerequisites, that are the basis for doing cybersecurity, right? And as we are doing identity and access management since 2004 and, and, and much longer, actually this is still one of the key technologies and it's getting much more important, not only technology, but processes. Would you agree there as well? Yeah. Yes it is. So I think there's, there's from the dollar. We're still still have a long way to go.
The other thing I'd like to bring up beyond the themes, we have discussed this what to 200 points, which I found super important and super interesting at the CSLs conference. The one is the role of identity management for cybersecurity or out of words. There are some, the cybersecurity is artist, proper identity management, specifically without strong adaptive pass. What less authentication. This is extremely clear. This became extremely clear. The other thing is the world is getting more complex world aplenty.
So dealing with the multicloud multi-hybrid environments, dealing with the complexity of modern Burke loads, which are not a static anymore. We don't talk about servers anymore. We talk about dynamic workloads. This is the address side, which makes cybersecurity way more complex. These for two really important seams, I have recognized I have during the course of that conference, Right? The conference is just over. There will be the recordings available soon. I think there are already almost complete to be available, although most are. And of course the presentations are around.
So for those who are interested in getting up to speed with the, with the recent developments and what the stable factors are, when it comes to cyber security, I would like to highly recommend getting to the CSLs webpage at KuppingerCole and to catch up with what is there maybe also for those who attended to rewatch those tracks, that you were not able to participate in because three tracks at a time it's difficult to attend for one person. So there is much more to digest here.
We will, in this podcast, dig deeper into several of these topics, obviously, because these are the topics that, that will shape the future for the next months and years. And we will catch up on that as well. Any final thing that struck you when it, when you wrote back on the train back to Stuttgart that you think is really worthwhile thinking about embedding in the strategy, taking care of Beyond what beef's trust touched already? I think the things I, I found most important, I was in depth list.
What struck me most is probably that when, when looking at what is happening and then the types of texts that are happening also to the sophistication of some attacks we have heard about the risk is very, very high. It'd be neat to act probably properly and very focused to improve our cyber attack resilience in the organizations as individuals, but also at the governmental side and specifically in critical industries. Exactly. And maybe one thing that I want to add as a final note, I've been talking, I've been included in the CSO round tables.
And I think one trend that is clearly there is that there will be new regulations, but they are focusing not on cybersecurity in general, but they are looking at the cyber resilience of organizations and how they are capable to with, with off dealing with attacks of dealing with unwanted situations. And there are lots of standards here and lots of standards to fulfill, and that will be a challenge for those organizations, mainly the financial organizations as a starting point. But usually then that will be also relevant for all other organizations in the future.
So there's more to come there and we will talk about that very soon. Of course. So thank you very much, Martin, for joining me today for giving your retrospective, your impression on the past few days in Berlin for the cybersecurity leadership summit.
And we, couldn't just really high, highly recommend to go to our website and follow up with what happened last week. Thank you very much, Martin.
Again, thank you, Matthias.
