What’s New in the SAP Cybersecurity Framework 3.0
Released earlier this month, the third version of the SAP Cybersecurity Framework includes important changes in the areas of transport layer security, logging and monitoring, and vulnerability management. It also discusses the most significant hack against SAP systems to date: the devastating data breach suffered by U.S Investigation Services (USIS). USIS performed background checks on […]
Are your System Users Vulnerable to SAP Hacks?
One of the most telling statistics revealed at BlackHat USA earlier this year was the fact that 84 percent of InfoSec professionals regard unmanaged privileged credentials as the biggest cyber security vulnerability within their organizations. For SAP environments, the dangers posed by abusing user accounts with privileged access are well-known and can include shutting down SAP […]
Monitoring SAP Security Metrics with SolMan Dashboards
SAP Solution Manager (SolMan) includes a complete dashboard framework for visualizing data metrics and KPIs across a wide variety of areas. This includes areas such as availability, performance, service delivery, and crucially, system security. What’s more, the process for enabling and customizing dashboards is relatively quick and simple. This short guide walks through the steps to […]
How to Discover Missing Security Notes for Your SAP Systems using ConVal
Earlier this month, the New York Stock Exchange released a definitive guide to cybersecurity targeted at directors and officers of public companies. Developed with Palo Alto Networks, the guide includes contributions from over thirty-five industry experts and contends with a wide range of questions including legal and regulatory issues, cyber insurance, supplier risks, and incident […]
How to Protect Sensitive Data in Your SAP Systems with Read Access Logging
The need to monitor access to classified data in SAP systems has never been greater. End users are increasingly working with SAP data from outside the borders of corporate networks. Corporate information is also increasingly under threat from cyber criminals, hacktivists, cyber spies and terrorists that seek to exploit classified information for financial gain or […]
Can You Trust SAP with Your System Security?
Can you trust SAP with your system security? The question is worth pondering, not least since it is one of the key arguments used by third party software vendors to support the use of their security tools over SAP-delivered solutions. Although the argument is usually made in the context of vulnerability management for cybersecurity, the […]
Are 95 percent of SAP systems really vulnerable to cyber attack?
Earlier this month, SAP issued a strongly-worded response to claims made by the software vendor Onapsis in a press release that over 95 percent of SAP systems assessed by Onapsis were exposed to vulnerabilities that could lead to the compromise of SAP systems. According to SAP, “The press release published by Onapsis is aimed at […]
Turn the Tide against Cyber Attacks with SAP Enterprise Threat Detection
One of the most striking facts revealed by the 2014 Verizon DBIR is that only one in every six data breaches are detected by organizations that are the victim of such breaches. The statistic revealed that the vast majority of organizations lack the capability to detect incidents that lead to a data breach. According to […]
Discover Security Patches for your SAP Systems using System Recommendations
One of the most startling facts revealed by the 2015 Cyber Risk Report is that over 44 percent of data breaches stem from the exploitation of known vulnerabilities that are over two years old. This suggests that effective patching can dramatically lower the likelihood of a successful data breach and, when employed with other countermeasures […]
Five Logs that Could Reveal a Data Breach in your SAP Systems
One of the most important discoveries uncovered by security researchers investigating the recent data breach at Anthem is that the original compromise may have occurred as early as April 2014, nine months before the breach was discovered by the organisation. The attack has led to the loss of personal information impacting over 80 million individuals. […]