Version 5.2 of the Cybersecurity Extension for SAP introduces significant enhancements, including comprehensive support for SAP Business Technology Platform (BTP), critical access and Segregation of Duties (SoD) monitoring for SAP ECC, and new alerts for emerging threats. This release expands real-time threat detection and compliance monitoring across modern and legacy SAP environments.
The latest update provides robust new capabilities for organizations managing complex SAP landscapes. Key additions include over 40 security alerts for SAP BTP, covering everything from application changes to remote logins and role modifications. Recognizing that many organizations continue to rely on SAP ECC, this version adds over 350 functional checks for sensitive transactions and SoD conflicts, aligning with SAP GRC access risk IDs. Furthermore, the release strengthens data protection by adding alerts for the deactivation of SAP UI Masking and UI Data Protection Masking solutions. It also introduces proactive checks for newly discovered vulnerabilities related to ICF services, sensitive transaction codes, and insecure system configurations, ensuring broader and more resilient protection.
Key Takeaways
- SAP BTP Monitoring: Introduces 40+ security alerts for incidents in SAP BTP, with logs replicated for forensic analysis.
- SAP ECC SoD Coverage: Adds 350+ checks for critical access and Segregation of Duties in SAP ECC, included in the standard license.
- UI Masking Alerts: Monitors and alerts on the deactivation of SAP UI Masking and UI Data Protection Masking.
- New Vulnerability Checks: Includes alerts for new vulnerable ICF services and additional checks for SSFS and sensitive transactions.
- SIEM Integration: All new alerts, including those for BTP, can be integrated with SIEM solutions for centralized monitoring.
- General Availability: The new version is scheduled for general availability in October 2024.
What’s New for SAP BTP in Version 5.2?
Version 5.2 adds comprehensive security monitoring for SAP Business Technology Platform (BTP) with over 40 new alerts for security-related incidents. These alerts cover critical events such as application changes, remote logins, role changes, role grants to users, and cloud transports. All events are logged in the BTP central audit log and replicated to the Cybersecurity Extension for SAP to support detailed forensic analysis. Like existing alerts for other SAP components, these BTP alerts can be fully integrated with SIEM solutions for centralized security operations.
How Does Version 5.2 Enhance Support for SAP ECC?
The new release extends business-level critical access and Segregation of Duties (SoD) monitoring to SAP ECC environments. While mainstream maintenance for SAP ECC ends in 2027, many organizations will continue to use it for several years. To address this, Version 5.2 includes over 350 functional checks for sensitive ECC transactions and conflicting transaction combinations, covering all relevant access risk IDs monitored by SAP GRC for ECC.
The usage rights for this enhanced ECC coverage are included in the standard license for the Cybersecurity Extension for SAP.
SAP ECC Processes Covered
The table below outlines the key business processes in SAP ECC covered by the new SoD checks.
| Process Area | Description |
|---|---|
| Finance | Monitors access to sensitive financial transactions and reporting. |
| HR and Payroll | Checks for conflicts in accessing and managing employee and payroll data. |
| Materials Management | Covers risks related to inventory control and procurement processes. |
| Order to Cash | Analyzes access rights within the sales, delivery, and billing cycle. |
| Procure to Pay | Monitors for SoD violations in the purchasing and payment process. |
Users can also define custom checks for transactions not included in the standard ruleset and exclude specific users or groups to reduce false positives.
What Other Security Checks Are Included?
Version 5.2 introduces several other critical security checks to protect against emerging threats and misconfigurations. The release now includes alerts for the deactivation of SAP UI Masking & UI Data Protection Masking solutions, which are designed to protect sensitive data in user interfaces.
Additionally, the update adds:
- Alerts for the execution of new ICF services with known security vulnerabilities that are not yet widely recognized.
- New checks for the Secure Storage in the File System (SSFS).
- Monitoring for new sensitive transaction codes.
- Detection of dangerous function modules and external programs.
- Alerts for dynamic changes to specific security-related profile parameters.
Frequently Asked Questions (FAQ)
What new capabilities does Version 5.2 of the Cybersecurity Extension for SAP offer?
Version 5.2 introduces over 40 security alerts for SAP BTP, more than 350 critical access and SoD checks for SAP ECC, and new alerts for the deactivation of UI masking solutions and newly discovered vulnerabilities.
Is a separate license required for the new SAP ECC SoD checks?
No, the usage rights for the 350+ functional checks for SAP ECC are included in the standard license for the Cybersecurity Extension for SAP.
Can the new SAP BTP alerts be integrated with a SIEM?
Yes, similar to existing alerts, the new BTP security alerts can be integrated with SIEM solutions to enable centralized monitoring and forensic analysis.
When will Version 5.2 be generally available?
The new release of the Cybersecurity Extension for SAP is scheduled for general availability in October 2024.