The protection of the SAP systems, as mission-critical applications, is becoming the priority for the most relevant organizations all over the world. The security hardening of SAP systems is key in these uncertain times, where threat actors start seeing SAP as the main door to perform successful attacks.

There are multiple surveys in the cybersecurity industry and the conclusions are significant: more than 90 percent of the CIOs and CISOs interviewed considered that a SAP breach would be a serious, very serious or catastrophic event in their companies. Moreover, two out of three respondents confirmed that their SAP environments were breached in the last 24 months, and the average cost of having the SAP systems off is $4.5 million. The interviewers considered that one of the more critical aspects in relation to the training of the employees is the lack of internal education associated with the SAP new technologies, such as SAP Cloud, HANA, Fiori or IoT.

The SAP systems are the core of the most relevant business processes and they need to be secure. The SAP systems usually store large amounts of data, part of it including confidential information that needs to be specially protected. Considering that SAP products are secure by default is a myth and it is needed to apply several features and correctly using different functionalities to achieve that security. That security is a critical aspect to avoid attacks in the IT environment.

In the market, there are different solutions with functionalities for identifying, analyzing and neutralizing cyberattacks in the SAP applications when they occur and before they cause catastrophic damage to the customer’s IT environment.

Some of the most general functionalities linked to the evaluation of the cyberattacks are:

  • Improve security by monitoring the main critical events defined in the SAP systems. This helps to maintain the system’s security in a continuously changing environment.
  • Acquire information about the suspicious activities. The most important assets in a company must be protected and with this solution it is possible to detect threats that could affect those assets. This could imply minimizing the financial loss and also the reputational and legal damage.
  • Neutralize threats and attacks. As the threats can be identified in real time, this permits security teams to perform a quick mitigation action. This fact provides transparency and quick identification of security gaps.
  • Protect the business operations. In general, the main capabilities of the threat management solutions, are useful to protect the data of the business operations and to facilitate the continuity of the business in case of any threat.

The best-in-class security experts have developed a specific methodology based on vast experience working with different customers in multiple industries with the purpose of identifying the best approach considering the initial customer scenario and implementing the solution in the most efficient way. From this perspective, there are 3 different approaches to take advantage of the different security solutions when looking to protect your SAP environments: 

1. Implementation of the threat management solution

This includes the technical implementation of the solution, the configuration according to the experience and the connection with the source systems. This approach also includes the installation and configuration of the different components related to the system.

b) Tuning of standard delivered patterns

Most of the commercial solutions for managing IT threats provide pre-delivered threat patterns. Those patterns, in most of the cases, generate false positives and it is necessary to have a team of experts with wide experience tuning those delivered patterns to assure that the alerts generated are precise and the customer effort should focus on their analysis.

c) Use cases definition

It is necessary to involve a best-in-class player that has experience in the automation industry and specifically for creating patterns for different threat management solutions. This approach can help the customer to define their own patterns, based on the critical assets, the critical categories or their most relevant weaknesses in the IT environment.

There are teams in the market composed of experts in different solutions and with wide experience working in security. Specifically, those experts have in-depth experience implementing several third-party solutions and there are some KPIs that are really noteworthy, like for example reducing the alerts generated by the threat management solution in 70 percent, and decreasing the effort to investigate alerts in 72 percent, obtaining a more efficient security monitoring platform.

Is your IT strategy defining the solutions to identify the potential attacks in your IT landscape? Are you already using a specific threat management solution and want to extract more value from the pre-delivered content? Do you have a very mature risk framework and want to define your own patterns and implemented them in your threat management system?

IBM Security is empowering organizations across the planet to better protect their SAP systems. Contact IBM Security’s experts to get more information and learn how you can bolster the security of your SAP environment.

more from Application Security

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however,…