Version 5.1 of the Cybersecurity Extension for SAP introduces significant enhancements, including comprehensive access risk analysis for S/4HANA, compliance monitoring for SAP RISE, expanded threat detection patterns matching SAP ETD CE, and new dashboards for tracking actively and known exploited vulnerabilities based on the CISA KEV catalog.
The latest release, version 5.1 of the Cybersecurity Extension for SAP, delivers major updates for securing modern SAP landscapes. It now includes over 700 checks for critical access and Segregation of Duties (SoD) in S/4HANA, covering key business processes and aligning with SAP GRC risk IDs. For organizations on SAP RISE, the extension automates compliance monitoring against over 120 requirements defined by SAP Enterprise Cloud Services (ECS). The threat detection capabilities have been expanded to match all patterns in SAP Enterprise Threat Detection Cloud Edition (ETD CE), while also providing over 750 additional unique patterns. Finally, new vulnerability management tiles help teams prioritize patches by highlighting vulnerabilities that are actively exploited or listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog. The solution is available as a Software-as-a-Service (SaaS) offering for RISE customers, providing a comprehensive security and compliance tool.
Key Takeaways
- S/4HANA Access Risk Analysis: Performs over 700 checks for critical access and Segregation of Duties (SoD).
- SAP RISE Compliance: Monitors compliance against 120+ security requirements defined by SAP ECS.
- Expanded Threat Detection: Achieves parity with SAP ETD CE and adds over 750 unique patterns.
- Vulnerability Prioritization: Adds new dashboards for CISA Known Exploited Vulnerabilities (KEV).
- Flexible Deployment: Available as a SaaS solution for SAP RISE customers.
How Does Version 5.1 Enhance S/4HANA Access Risk Analysis?
Version 5.1 provides comprehensive coverage for critical access and segregation of duties in SAP S/4HANA, performing more than 700 checks. This analysis spans sensitive transactions and conflicting transaction combinations across business processes like Finance, HR, Materials Management, and Procure to Pay. The coverage aligns with the relevant access risk IDs monitored by SAP GRC for S/4HANA. To reduce noise, exclusions can be maintained for specific users and groups. Furthermore, users can add custom checks for proprietary transactions not included in the standard ruleset.
What SAP RISE Compliance Features Are Included?
The new release includes support for monitoring the compliance of SAP RISE systems with the information security standards defined by SAP Enterprise Cloud Services (ECS) in Note 3250501. It checks against more than 120 specific requirements across 12 different areas that customers must adhere to for RISE solutions. These standards cover security-relevant profile parameters, client management, standard user security, password hash access, RFC gateway hardening, and Transport Layer Security, among others.
How Does Threat Detection Compare to SAP ETD CE?
Version 5.1 bridges the gap with SAP Enterprise Threat Detection Cloud Edition (ETD CE) by providing coverage for the same threat detection patterns. In addition to achieving this parity, the Cybersecurity Extension for SAP includes more than 750 patterns that are not found in ETD CE, offering a more extensive library of threat signatures. Similar to ETD CE, the extension is available as a Software-as-a-Service (SaaS) solution for RISE customers.
Cybersecurity Extension for SAP vs. SAP ETD CE
| Feature | Cybersecurity Extension for SAP | SAP Enterprise Threat Detection (ETD CE) |
|---|---|---|
| Baseline Patterns | Includes all patterns from ETD CE | Standard set of threat detection patterns |
| Additional Patterns | Provides over 750 additional patterns | Not applicable |
| Deployment for RISE | Available as a SaaS solution | Available as a SaaS solution |
What New Vulnerability Management Features Are Available?
The release introduces new tiles for “Actively Exploited Vulnerabilities” and “Known Exploited Vulnerabilities” to enhance vulnerability management. The first tile displays open vulnerabilities that have associated security alerts, helping teams focus on immediate threats. The second tile shows calculated security notes required to address Known Exploited Vulnerabilities (KEV) for SAP solutions as listed in the CISA KEV catalog.
Frequently Asked Questions (FAQ)
What is the main purpose of the Cybersecurity Extension for SAP?
The Cybersecurity Extension for SAP is a security and compliance solution that enhances SAP systems by providing access risk analysis, compliance monitoring, advanced threat detection, and vulnerability management for environments like S/4HANA and SAP RISE.
Does version 5.1 support custom access risk checks in S/4HANA?
Yes, version 5.1 allows users to add custom checks for transactions and combinations of transactions that are not included in the standard ruleset, including custom transactions.
How does the tool help with SAP RISE compliance?
It automates compliance monitoring for SAP RISE systems by checking against over 120 specific information security requirements defined by SAP Enterprise Cloud Services (ECS) in SAP Note 3250501.
Is the Cybersecurity Extension for SAP available as a cloud service?
Yes, the Cybersecurity Extension for SAP is available as a Software-as-a-Service (SaaS) solution, which is ideal for customers using SAP RISE.