Click on the slide!

Realizing SecureData Potential

Live Webcast!             Join us as we discuss how to realize effective data security across an enterprise.

Click on the slide!

Enabling Risk Based IT Gov

On-Demand               Play now for the key concepts and challenges with IT governance.

Click on the slide!

A Breach Prevention Plan

On-Demand               Play now to gain insights and some key steps to prevent payment card…

Click on the slide!

Best Practices for eGRC

On-Demand               Play now and learn how to implement best practices for eGRC.

Frontpage Slideshow (version 2.0.0) - Copyright © 2006-2008 by JoomlaWorks
KuppingerCole News

  • 7 Common Symptoms of IAM & IAG Diseases
    Complaining users, missed targets in connecting systems and reduced manual work - these are only three of common symptoms of IAM & IAG diseases. To heal these diseases a company must start with the right measures such as introducing consistent role management and multi-level recertification, integrating an IT Service Management/Ticketing System, etc. Get more knowledge about roles, recertification and processes for a working IAM & IAG strategy.

  • KuppingerCole Analysts' View on Cloud Risk & Security

    Many organizations are concerned about the use of cloud services; the challenge is to securely enable the use of these services without negating and the benefits that they bring. To meet this challenge it is essential to move from IT Management to IT Governance.

    Cloud services are outside the direct control of the customer’s organization and their use places control of the service and infrastructure in the hands of the Cloud Service Provider (CSP). The service and its security provided cannot be ensured by the customer – the customer can only assure the service through a governance process. A governance based approach allows trust in the CSP to be assured through a combination of internal processes, standards and independent assessments.

  • The CISO Imperative: Taking Control of SAP Cyber Attacks
    It is impossible to overestimate the importance of SAP system security for modern enterprises. SAP solutions are widely used in all industries to store sensitive information and run critical business processes: from Enterprise Resource Planning and Human Resources systems to Business Intelligence to Customer Relationship and Supply Chain Management. Constant availability and protection of SAP systems is critical for over 250,000 enterprises around the world, as is their continued visibility and auditability to ensure compliance.

  • Nov 17, 2015: The Seven Keys to a Successful Privileged Account Management Strategy
    How can IT professionals successfully walk the thin line between protecting their organization's critical data and at the same time enable users and administrators to work productively? First of all, it is absolutely important to control, monitor, and audit privileged access in order to mitigate the risks posed by insider threats, prevent data breaches, and meet compliance requirements.

  • The Glorious Return of the Albanian Virus

    by Alexei Balaganski

    When I first read about the newly discovered kind of OS X and iOS malware called XcodeGhost, quite frankly, the first thing that came to my mind was: “That’s the Albanian virus!” In case you don’t remember the original reference, here’s what it looks like:

    I can vividly imagine a conversation among hackers, which would go like this:

    - Why do we have to spend so much effort on planting our malware on user devices? Wouldn’t it be great if someone would do it for us?

    - Ha-ha, do you mean the Albanian virus? Wait a second, I’ve got an idea!

    Unfortunately, it turns out that the situation isn’t quite that funny and in fact poses a few far-reaching questions regarding the current state of iOS security.

    What is XcodeGhost anyway? In short, it’s Apple’s official developer platform Xcode for creating OS X and iOS software, repackaged by yet unknown hackers to include malicious code. Any developer, who would download this installer and use it to compile an iOS app, would automatically include this code into their app, which is then submitted to the App Store and distributed to all users automatically as a usual update. According to Palo Alto Networks, which published a series of reports on XcodeGhost, this malware is able to collect information from mobile devices and send them to a command and control server. It would also try to phish for user’s credentials or steal their passwords from the clipboard.

    Still, the most remarkable is that quite a few legitimate and popular iOS apps from well-known developers (mostly based in China) became infected and were successfully published in the App Store. Although it baffles me why a seasoned developer would download Xcode from a file-sharing site instead of getting it for free directly from Apple, the list of victims includes Tencent, creators of the hugely popular app WeChat that has over 600 million users. In total, around 40 apps in the App Store have been found to contain the malicious code. Update: another report by FireEye identifies over 4000 affected apps.

    Unfortunately, there is practically nothing that iOS users can do at the moment to prevent this kind of attack. Surely, they should uninstall any of the apps that are known to contain this malicious code, but how many have not yet been discovered? We can also safely assume that other hackers will follow with their own implementations of this new concept or concentrate on attacking other components of the development chain.

    Apple’s position on antivirus apps for iOS has been consistent for years: they are unnecessary and create a wrong impression. In fact, none of the apps remaining in the App Store under a name “Antivirus” is actually capable of detecting malware: there are no interfaces in iOS, which would allow them to function. In this regard, user’s safety is entirely in Apple’s hands. Even if they upgrade the App Store to include better malware detection in submitted apps and incorporate stronger integrity checks into Xcode, can we be sure that there will be no new outbreaks of this kind of malware? After several major security bugs like Heartbleed or Poodle in core infrastructures discovered recently (and yes, I do consider Apple Store a critical infrastructure, too), how many more times does the industry have to fall on its face to finally start thinking “security first”?

  • Access Governance in a Cloudy Environment
    Organizations are increasingly using the new technologies of smart devices, cloud computing and social media to connect with their customers, improve service and reduce costs. To successfully exploit these new technologies organizations need to understand and manage the risks that these bring.

  • Cloud Security: IBM not only protects but detects, connects, and responds

    by Martin Kuppinger

    With the announcement of the IBM Cloud Security Enforcer, IBM continues its journey towards integrated solutions. What had started a while ago in the IBM Security division with integrating identity and analytical capabilities, both from the former IBM Tivoli division and the CrossIdeas acquisition, as well as from the Q1 Labs acquisition, now reaches a new level with the IBM Cloud Security Enforcer.

    IBM combines capabilities such as mobile security management, identity and access management, behavioral analytics, and threat intelligence (X-Force) to build a comprehensive cloud security solution that raises the bar in this market.

    Running as a cloud solution, IBM Cloud Security Enforcer can sit between the users and their devices on the one hand and the ever-increasing number of cloud applications in use on the other hand. It integrates with Microsoft Active Directory and other on-premise services for user management. While access of enterprise users can be controlled via common edge components, routing traffic to the cloud service, mobile users can access a mobile proxy (World Wide Mobile Cloud Proxy), including support for VPN connections.

    The IBM Cloud Security Enforcer then provides services such as application management, a launchpad and an application catalog, entitlement management and policy enforcement, and a variety of analytical capabilities that focus on risks and current threats. It then can federate out to the cloud services.

    Cloud security services are nothing new. There are cloud security gateways; there is Cloud IAM and Cloud SSO; there is increasing support for mobile security in that context; and there are Threat Intelligence solutions. IBM’s approach differs in integrating a variety of capabilities. When looking at the initial release (IBM plans to provide regular updates and extensions in short intervals) of IBM Cloud Security Enforcer, there are several vendors which are stronger in single areas, but IBM’s integrated approach is among the leading-edge solutions. Thus we recommend evaluating that solution when looking at improving cloud security for employees.

  • Executive View: Waterfall Unidirectional Security Gateway - 71291

    by Alexei Balaganski

    Waterfall Unidirectional Security Gateway technology combines specialized security hardware with a broad range of supported industrial protocols and applications to provide a level of network security unattainable by traditional firewalls.

  • Leadership Brief: Breach and Incident Response & Employee Training - 71415

    by Bruce Hughes

    From 2013 to 2014 data breaches nearly doubled. Well known consumer brands, financial institutions, retail chains and government agencies have all been affected. Organisations need to rethink or strengthen their data privacy strategies to cope with this rising threat. Lack of action and well thought out risk management and stakeholder management plans may subject your organisation to material, reputational or regulatory risk. 

  • Advisory Note: Identity Information Quality - 70996

    by Matthias Reinwarth

    Today’s diverse and rich identities are major assets for virtually every organization. Maintaining and ensuring an adequate level of Identity Information Quality is essential for leveraging identity information as the basis of operational and business processes.

  • Executive View: BalaBit Blindspotter - 71202

    by Alexei Balaganski

    Blindspotter is a real-time analytics solution, which identifies external and internal security threats by detecting anomalies in user behavior.

  • Effiziente Administration von Benutzerberechtigungen - Wenn Rollenvergaben alleine nicht ausreichen
    Die Einhaltung und Umsetzung komplexer Regularien stellt viele Organisationen vor große Herausforderungen. Das Berechtigungsmanagement muss mit Blick auf die Vielzahl möglicher Berechtigungen beherrschbar bleiben. Eine rein rollenbasierende Berechtigung ist aber mit Blick auf die notwendig werdende Anzahl statischer Rollen oft nicht angemessen. Die regelbasierte Vergabe von Berechtigungen kann hier eine wichtige IT-Governance-Komponente darstellen.

  • Im Mittelpunkt steht das Kundenerlebnis: Consumer Focused Identity Management
    In den letzten fünf Jahren haben sich die Bedürfnisse von Unternehmen, was den Zugriff auf kritische Anwendungen oder die Sicherheit von Kundenidentitäten betrifft, deutlich geändert. Zunehmend vernetzte Kunden, die auf neue Art und Weise über verschiedene Kanäle aktiv werden, lassen die Grenzen der Kundeninteraktion verschwimmen. Das neue Kundenverhalten zwingt Marketingabteilungen und Geschäftsbereiche nun dazu, eng mit den IAM-Verantwortlichen zusammenarbeiten: Sie müssen gemeinsam eine passende Lösung finden, die das Unternehmen bei der Schaffung, Pflege und Optimierung von Kundenbeziehungen unterstützt.

  • Advisory Note: Turning inattention into intention - 71501

    by Scott David

    How IoT will help drive the development of Life Management Platforms and affect your company’s future relationship with its customers.

  • Oct 27, 2015: Intelligente Protokollierung von Aktivitäten
    Einen Einblick in die Administration von kritischen Systemen zu haben ist notwendig, um die Einhaltung von Vorschriften kontrollieren und den Schutz des Systems, als Kernstück des Unternehmens, sicherstellen zu können. Durch die Protokollierung und Analyse der Aktivitäten von privilegierten Nutzern und Administratoren können Fehlverhalten und daraus resultierende Gefahren schneller erkannt und weitere negative Auswirkungen für Systeme, Anwendungen und Daten verhindert werden.

air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher air max pas cher air max 90 pas cher nike air max pas cher air max pas cher nike tn pas cher nike air max pas cher nike tn nike tn pas cher tn pas cher louboutin pas cher chaussure louboutin pas cher louboutin soldes air max pas cher air max pas cher nike air max pas cher doudoune moncler pas cher doudoune moncler barbour paris barbour paris pas cher hogan outlet hogan outlet online scarpe hogan outlet tiffany outlet tiffany outlet italia air jordan air jordan pas cher jordan pas cher air jordan site officiel