In this special Halloween edition of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care, Lead Analyst at KuppingerCole Analysts, to explore one of the most talked-about cybersecurity stories of the year — the F5 supply chain incident.

The discussion highlights how even well-established organizations can become targets of sophisticated, long-term attacks — and what this means for the future of software supply chain security.

Together, Matthias and Jonathan examine how incidents like this can happen, what lessons can be learned across the industry, and how companies can strengthen resilience, transparency, and response capabilities in their own environments.

Key topics covered:

✅ Understanding the dynamics of modern supply chain attacks ⚠️
✅ Why detection and dwell time remain a major industry challenge
✅ The growing importance of vendor risk and software transparency
✅ Lessons learned for CISOs and IT leaders
✅ Practical measures to improve visibility and response
✅ Why collaboration and information sharing are key to resilience

🕸️ Even trusted systems can hide a few ghosts — are you ready to uncover yours?

Is your IAM strategy focused too much on tools? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth and Patrick Teichmann, Lead Advisor at KuppingerCole, dive into one of the most common pitfalls organizations face: starting IAM projects with the wrong priorities.

They explore how a Target Operating Model (TOM) helps define why and how your IAM should work before deciding on technology. Patrick shares insights from real projects, explaining how to align business goals, processes, and governance to achieve long-term success.

Key Topics Covered:

✅ Why IAM projects often fail due to tool-first thinking
✅ How a Target Operating Model sets the foundation for IAM success
✅ The role of governance, people, and processes in effective IAM
✅ Real-world examples of aligning strategy and technology
✅ How to evaluate tools after defining your IAM capabilities

Are AI agents the future of cybersecurity or a threat to human expertise? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth talks with Alexei Balaganski, Lead Analyst and CTO at KuppingerCole, about the rise of AI agents and their potential to reshape the cybersecurity landscape.

They explore how autonomous AI systems could fill the cyber skills gap, automate incident response, and even act as digital coworkers in SOC environments. But how far can we trust them—and will humans still have a place in the loop?

Key topics covered:

✅ What AI agents really are—and how they differ from traditional automation
✅ The role of AI in SOCs, incident response, and threat detection
✅ Can AI agents help close the cybersecurity skills gap?
✅ Risks of rogue or “hallucinating” AI systems
✅ Why access governance and identity management are critical for AI agents
✅ The future of cybersecurity jobs in the age of automation

Are we already living in a post-data privacy world?

Breaches are everywhere, data is constantly being leaked, and GDPR fines haven’t stopped surveillance capitalism or shady data brokers. In this episode of the Analyst Chat, Matthias Reinwarth is joined by Mike Small and Jonathan Care to explore whether privacy still has meaning — or if resilience and risk management are the only ways forward.

They debate:

✅ Is privacy truly dead, or just evolving?
✅Why regulations like GDPR often miss the mark ⚖️
✅How cyber resilience is becoming more critical than “traditional” privacy
✅The personal, societal, and legal dimensions of privacy
✅What organizations (and individuals) can still do to protect data

Are KPIs and KRIs just compliance checkboxes, or can they truly prove the value of Identity and Access Management (IAM)? In this episode, Matthias Reinwarth and senior advisor Shikha Porwal explore how Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) can transform IAM from a technical function into a business enabler. They unpack the differences, the overlap, and how to make metrics relevant to both security and strategy. Expect real-world examples—from onboarding to MFA adoption—that show how measurement drives maturity and risk reduction.

Key Topics Covered:

✅ KPIs vs KRIs in IAM: what they are and how they differ
✅ Aligning IAM metrics with business goals and governance
✅ Onboarding & offboarding metrics for efficiency and risk reduction
✅ MFA adoption and help desk tickets as signals of IAM maturity
✅ Developer enablement and API adoption as success factors
✅ Mapping IAM indicators to risk frameworks and security posture
✅ Adapting KPIs/KRIs for non-human identities (NHI)

💡 If you’re working in IAM, identity governance, MFA strategy, or security architecture, this discussion will help you build meaningful metrics that prove value and strengthen your identity program.

Are IVIPs truly a new platform that organizations must adopt, or are they just old capabilities rebranded with fresh marketing spin? Today, Matthias Reinwarth and Martin Kuppinger dig into the latest acronym shaking up the IAM world: IVIP (Identity Visibility & Intelligence Platforms). We unpack the promises, the risks, and what IVIP really means for the Identity Fabric concept. Expect a critical take on buzzwords, vendor strategies, and what enterprises actually need to strengthen IAM maturity.

Key Topics Covered:

✅ What IVIP actually is and how it fits into IAM
✅ The connection between IVIP and the Identity Fabric approach
✅ Risks of marketing buzzwords in identity management
✅ When a new platform really brings value—and when it doesn’t
✅ What organizations should focus on instead of chasing hype

💡 If you’re working in identity, access governance, ITDR, IGA, or security architecture, this conversation will help you decide whether IVIP deserves a place in your roadmap—or if it’s just hype.

Identity and Access Management (IAM) is no longer a one-off project—it’s an ongoing journey. In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Christopher (CISO & Lead Advisor) and Deniz Algin (Advisor) to explore how organizations can successfully apply the Identity Fabric concept.

How to evolve from legacy systems to a future-proof IAM strategy without breaking existing operations? Why interoperability matters? What are the most common pitfalls organizations face when trying to modernize IAM? Find the answer to these questions and more in this episode!

Key Topics Covered:

• Identity Fabric explained through a powerful “airport” analogy ✈️
• How to design IAM programs in brownfield environments (no rip & replace)
• Capability-driven approach vs. tool-driven decisions
• Risk-based prioritization: quick wins, big wins & roadmaps
• Common pitfalls to avoid when modernizing IAM

💡 Whether you’re just starting your IAM journey or looking to operationalize interoperability at scale, this episode is packed with practical strategies and lessons learned.

DDoS attacks are evolving and becoming more dangerous than ever. In this video, Osman Celik speaks with Andrey Leskin from QRator Labs about the current DDoS attack landscape and how organizations can defend themselves.

You’ll learn:

• What DDoS attacks are and how they work across layers 3, 4, and 7
• Why Layer 7 (application-layer) attacks are the fastest-growing and hardest to detect
• How attackers are building massive botnets (millions of compromised devices)
• Real-world DDoS incidents hitting FinTech, e-commerce, and media sectors
• The differences between scrubbing capacity and PoP proximity in mitigation
• How QRator Labs approaches DDoS protection with scrubbing, anti-bot, and WAF solutions

With Layer 7 attacks rising by 74% year-over-year and record-breaking volumetric attacks now lasting weeks, no industry can afford to ignore this threat.

Watch now to understand how to protect your business from DDoS, botnets, and evolving cyber threats.

In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Martin Kuppinger and special guest Felix Gaehtgens to explore two of the hottest (and most debated) topics in identity today: Identity Threat Detection & Response (ITDR) and Non-Human / Machine Identities (NHI).

Together, they gothrough the buzzwords to reveal what’s real, what’s hype, and how organizations should approach these fast-evolving areas of IAM. From visibility vs. observability, to governance challenges and the future of machine identity management, this episode delivers sharp insights and practical recommendations from three IAM veterans.

So tell us — are ITDR and NHI just marketing buzzwords, or essential must-haves for modern identity security?

Key topics covered:

• ITDR explained: buzzword or meaningful evolution in IAM?
• Why visibility and observability are not the same
• The missing “R” in detection & response
• IAM vs. SOC responsibilities for ITDR
• Machine identities: terminology, challenges, and governance
• Ephemeral vs. static machine identities
• How IAM teams can prepare for the future of identity security

In this episode of the KuppingerCole Analyst Chat, Matthias is joined by Charlene Spasic and Kai Boschert to break down what real IAM maturity means. They explain why structured frameworks like the KuppingerCole Identity Fabric and Reference Architecture are critical, and how organizations can move beyond tools to focus on capabilities, governance, and business alignment.

So tell us, is your IAM program truly mature—or just a checklist of tools?

Key Topics Covered:

• Why IAM maturity starts with capabilities, not tools
• How to assess your current IAM status quo
• The role of identity lifecycle management & governance
• Common IAM challenges and gaps organizations face
• Why step-by-step progress beats “big bang” projects

💡 If you’re looking to strengthen your IAM foundation and align it with business priorities, this episode is for you.