The Cybersecurity Extension for SAP, developed by Layer Seven Security, serves as a direct alternative to SAP Code Vulnerability Analyzer (CVA) for managing threat detection and custom code security. This guide outlines the technical requirements for transitioning your SAP landscape, specifically focusing on the necessary SAP Solution Manager configuration.
Executive Summary
Transitioning from SAP Code Vulnerability Analyzer to the Cybersecurity Extension for SAP requires a strategic shift in platform management. Unlike SAP CVA, which operates as a standalone analyzer, the Cybersecurity Extension for SAP functions as an addon for SAP Solution Manager. Because Solution Manager is an industry-standard platform for application lifecycle management used by over 12,000 customers globally, it provides a robust, integrated environment for vulnerability management.
To ensure a seamless transition, administrators must first verify that their SAP Solution Manager environment meets specific version and support pack prerequisites. This preparation allows for the eventual decommissioning of legacy SAP CVA consoles, sensors, users, and addons. By leveraging the existing Solution Manager infrastructure—for which usage rights are already included in standard SAP support—organizations can maintain security continuity while reducing the complexity of their security stack.
Key Takeaways
- The Cybersecurity Extension for SAP is a dedicated addon for SAP Solution Manager.
- Transitioning allows for the removal of all legacy SAP CVA consoles and sensors.
- SAP Solution Manager 7.2, support pack 10 or higher, is required for the extension.
- Solution Manager usage rights are included in standard SAP support agreements.
How do you verify your SAP Solution Manager version?
The Cybersecurity Extension for SAP requires SAP Solution Manager version 7.2 with support pack 10 or higher. To confirm your current environment status, log on to your SAP Solution Manager system using the SAP GUI and follow these steps:
- Click on More in the top menu bar.
- Navigate to System and select Status.
- Click on Details within the SAP System Data section.
- Confirm that the component ST is set to Release 720 and the SP-Level is 010 or higher.
If your support pack level is lower than 10, you must perform a support pack update before proceeding with the installation of the Cybersecurity Extension for SAP.
Frequently Asked Questions
What is the Cybersecurity Extension for SAP?
The Cybersecurity Extension for SAP is a specialized security addon for SAP Solution Manager, developed by Layer Seven Security. It provides comprehensive vulnerability management, threat detection, and custom code security, serving as a functional alternative to the SAP Code Vulnerability Analyzer.
Can I remove SAP CVA after switching?
Yes. Once you have successfully transitioned to the Cybersecurity Extension for SAP, you can decommission all legacy components of SAP CVA. This includes removing SAP CVA consoles, sensors, associated user accounts, and any related addons previously installed in your SAP systems.
Does the extension require additional licensing?
The Cybersecurity Extension for SAP requires a standard setup of SAP Solution Manager. Because usage rights for Solution Manager are included in standard SAP support, you do not need additional licensing for the platform itself, though you must ensure your environment meets the minimum version requirements (7.2, SP 10+).