Digital Operational Resilience Act (DORA) Compliance for SAP Solutions
The Digital Operational Resilience Act (DORA) is an EU regulation that requires financial institutions to ensure their Information and Communications Technology (ICT) systems can withstand, respond to, and recover from disruptions. For organizations using SAP for critical functions, this means SAP solutions must be governed, monitored, and tested to meet DORA’s stringent standards for operational […]
What’s New in the Cybersecurity Extension for SAP Version 2.0?
Version 2.0 of the Cybersecurity Extension for SAP is now available, introducing major enhancements to protect business-critical SAP solutions. Key updates include support for SAP NetWeaver AS Java, powerful anomaly detection capabilities, over 400 new threat detection patterns, and updated compliance checks for the latest SAP security benchmarks. Executive Summary Layer Seven Security’s release of the Cybersecurity […]
Security Compliance for SAP RISE Solutions
S/4HANA and other ABAP systems provisioned by SAP for RISE customers are based on standard system builds. The builds include default settings to apply security by default based on hardening requirements and best practices. The settings are outlined in SAP Note 3250501 – Information on Mandatory Security Parameters & Hardening Requirements for ABAP systems in […]
Securing the SYSTEM User in SAP HANA
The SYSTEM user is the most powerful database user in SAP HANA with system-wide privileges including permissions to create and maintain other users, perform system changes, stop and start services, and create and drop databases and tables. The user is created during the initial setup of SAP HANA. Once the system is setup, the SYSTEM […]
Compliance Reporting for the SAP Security Baseline
The SAP Security Baseline is a widely used benchmark for securing SAP applications. The benchmark includes SAP recommendations for system hardening, authentication and authorization, logging and auditing, and other areas. The recommendations draw on SAP security notes, guides and whitepapers. The SAP Security Baseline was updated by SAP earlier this year and provides an up-to-date […]
SAP Vulnerability Assessment vs Penetration Testing
Vulnerability assessment and penetration testing both serve important functions for protecting business applications against security threats. The approaches are complementary but should be deployed sequentially. Penetration testing against systems and applications that have not been hardened based on the results of vulnerability assessments is inadvisable since the results are predictable. The objective of penetration testing […]
Recommended Settings for SAP Logging and Auditing
The Cybersecurity Extension for SAP Solution Manager monitors SAP event logs to automatically detect and alert for indicators of compromise. The monitoring interval can be customized for each security metric based on risk and sizing. An interval of 60 seconds, for example, can support real-time threat detection. However, real-time detection is only useful when supported […]
Securing Administrative Access in SAP AS Java
The misuse of administrative privileges is a common method used by attackers to compromise applications and propagate attacks to connected systems. The elevated privileges granted to administrative accounts are a prized target for attackers and provide a fast path to accessing or modifying sensitive data, programs and system settings. User privileges for Java applications are […]
Webinar Recording: Security Analytics with SAP Web Intelligence
Watch the webinar replay to learn how to visualize security risks in your SAP systems using interactive reports in SAP Web Intelligence. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and detailed […]
Secure, Patch & Respond: Security Analytics with SAP Web Intelligence
SAP Web Intelligence enables users to visualize and manage security risks in SAP systems using interactive reports delivered through an intuitive web interface. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and […]