What Are the Key Security Risks in RISE with SAP? Findings from the 2025 Benchmark Report
The SAPinsider RISE with SAP 2025 benchmark report reveals a critical security gap: widespread customer non-compliance with the shared responsibility model. The most significant failure is not implementing SAP’s mandatory security hardening requirements, leaving cloud ERP systems vulnerable and exposing organizations to significant operational, legal, and and reputational risk. The report, based on a survey of 122 […]
What’s New in the Cybersecurity Extension for SAP Version 2.0?
Version 2.0 of the Cybersecurity Extension for SAP is now available, introducing major enhancements to protect business-critical SAP solutions. Key updates include support for SAP NetWeaver AS Java, powerful anomaly detection capabilities, over 400 new threat detection patterns, and updated compliance checks for the latest SAP security benchmarks. Executive Summary Layer Seven Security’s release of the Cybersecurity […]
The Most Critical SAP Security Notes of 2024: A Complete Review
The most critical SAP security notes of 2024 addressed severe vulnerabilities, including two “hot news” notes with a 9.8 CVSS score. These critical patches fixed flaws like missing authentication in SAP BusinessObjects and code injection in SAP CX Commerce, which could lead to complete system compromise if left unpatched. In 2024, SAP released over 150 […]
New Whitepaper: A Clear Path to NIS2 Compliance for SAP Solutions
A new whitepaper from Layer Seven Security provides a clear, actionable guide for achieving compliance with the EU’s NIS2 Directive for organizations running SAP. It details hardening standards, threat detection, and incident response mechanisms specifically for SAP environments, including guidance for SAP RISE, to meet the directive’s strict cybersecurity and reporting requirements. The European Union’s […]
What’s New in Cybersecurity Extension for SAP Version 5.1?
Version 5.1 of the Cybersecurity Extension for SAP introduces significant enhancements, including comprehensive access risk analysis for S/4HANA, compliance monitoring for SAP RISE, expanded threat detection patterns matching SAP ETD CE, and new dashboards for tracking actively and known exploited vulnerabilities based on the CISA KEV catalog. The latest release, version 5.1 of the Cybersecurity Extension for […]
How to Ensure Security Compliance for SAP RISE Solutions
Securing SAP RISE solutions requires adhering to over 120 specific requirements across 12 security areas defined by SAP. Organizations can achieve this compliance by performing automated gap assessments using the Cybersecurity Extension for SAP (CES), which evaluates system settings against mandatory hardening standards to identify and remediate security vulnerabilities. SAP RISE customers, including those using […]
Security Patching for SAP Solutions
The risk of unpatched systems is consistently reported as one of the top three threats to SAP systems in every survey of SAP customers performed by SAPinsider since 2021. Regularly implementing SAP security notes is reported as the most significant action performed by organizations to secure their SAP solutions. Security notes provide include corrections for […]
Cybersecurity Threats to SAP Systems Report
Earlier this month, SAPinsider released the 2023 Cybersecurity Threats to SAP Systems Report. Co-sponsored by Layer Seven Security, the report is based on the findings of a survey of more than 205 security professionals in North America, EMEA, APJ, and LATAM, representing SAP customers across nine industries. The report revealed several trends in 2023 compared […]
Securing the Journey to SAP S/4HANA
Earlier this month, Layer Seven Security released the new whitepaper Securing the Journey to SAP S/4HANA: A Security Framework for S/4HANA Migrations. The whitepaper provides a comprehensive guide to S/4HANA security to support the transition from SAP ERP to S/4HANA. Mainstream maintenance for ERP will end in December 2027. Therefore, organizations must migrate to S/4HANA […]
30 Percent of Security Notes in System Recommendations are False Positives
System Recommendations (SysRec) in SAP Solution Manager automatically calculates relevant security notes for SAP systems based on the available software and application components in each system. It provides a cross-system view for required notes using a customizable, user-friendly interface. The use of SysRec is recommended by SAP for the lifecycle management of notes. It connects […]