It has long been no secret that cyber criminals particularly like to attack SAP systems. After all, they are perfectly suited as a backdoor for a company's highly sensitive data, and there is no better way to make money. You can't prevent attacks, but with the right cyber threat detection strategy, you can be prepared, detect anomalies immediately and respond to security incidents immediately. We'll show you how to properly assess threats, identify and neutralize real cyber-attacks before they can cause serious damage. Topics of Focus: • Building an SAP cyber security strategy you can trust • Protection of your SAP systems on platform and authorization level • Identification of weak points in real time • Importance of security dashboards to analyze suspicious user activity • Advantages of the SAST SUITE for your SAP Threat Detection measures • Best practice tips for typical attack scenarios ----------------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de

1. Cyber attacks on
your SAP S/4HANA
systems?
So you can stay relaxed.

2. WELCOME!
Introducing your host today:
- 2 -
TIM KRÄNZKE
CSO SAST SOLUTIONS
Fon: +49 40 88173-2735
Email: tim.kraenzke@akquinet.com
Web: sast-solutions.com
RALF KEMPF
CTO SAST SOLUTIONS
Fon: +49 40 88173-251
Email: ralf.kempf@akquinet.com
Web: sast-solutions.com

3. With the SAST SOLUTIONS portfolio of akquinet AG, we are your world-class provider for the holistic protection of
SAP ERP as well as S/4HANA systems - with real-time monitoring. In addition to our proprietary software suite, we
offer SAP security and compliance consulting and managed services from a single source.
Worldwide, more than 200 customers with 3.5 million SAP users currently rely on our vast expertise in protecting
their SAP systems from cyberattacks, manipulation, espionage and data theft.
Facts and figures
- 3 -SAST SOLUTIONS customers worldwide
920
305
165
325
556
796
64
845
Employees
Turnovers Mio. €
5,3
16,3
41,5
28,2
118
2002 2005 2008 2011 2014 2018 2019 2020
132
124
akquinet AG
71

4. You have the choice for your SAP ERP and S/4HANA systems!
SAP Security & Compliance – make or buy?!
- 5 -
SECURITY
INTELLIGENCE
SOFTWARE SUITE CONSULTING MANAGED SERVICES
Identity and User Access Management
Platform Security
Security Intelligence
Security Consulting
Authorization Consulting
SAP HANA & S/4HANA Migration
Authorization Management
Cybersecurity & Threat Detection

5. Data breaches and hacks from the past.

6. „From our project experiences we know:
every system is vulnerable. It is a question of
how difficult it is and how long it takes.
We rarely find SAP systems in which the infrastructure is hardened
in the best possible way and effective authorization management
is lived out.
Threats are almost always detected too late.
With the right concept, the probability of a successful attack
can be significantly reduced.“
Ralf Kempf
CTO SAST SOLUTIONS
- 7 -

7. The Early Warning System
for your SAP Landscape.
Threat Intelligence
with SAST SUITE.

8. NIST cybersecurity framework for improving critical infrastructure.
NIST = National Institute of Standards and Technology
- 9 -
Identify Protect Detect Respond Recover
Asset Management
Business Environment
Governance
Risk Assessment
Risk Management
Strategy
Access Control
Awareness and
Training
Data Security
Information Protection
Processes and
Procedures
Maintenance
Protective
Technologies
Anomalies and
Events
Security
Continuous
Monitoring
Detection
Processes
Response
Planning
Communications
Analysis
Mitigation
Improvements
Recovery Planning
Improvements
Communication

9. Your IT security is our number one concern – in real time.
All solutions from one source:
- 10 -

10. Use cases where SAST SUITE supports security analysts (prevention).
Identity and User Access Management
Detection of existing critical user-role-assignments
Detection and mitigation of SoD rule violations
✓
✓
- 11 -
Platform Security (Vulnerability Scans and Cybersecurity)
Vulnerability scan on OS, DB and SAP application level
Scan of ABAP code for critical pattern
✓
✓

11. - 12 -
Plug and Play integration
with leading SIEM
solutions
Use cases where SAST SUITE supports security analysts (detection).
Security Intelligence / SIEM / SOAR
Real time threat and attack detection for SAP systems
Monitor critical transactions, applications, log files
✓
✓

12. +
+ Customer-specific security and compliance policies in SAST Risk and Compliance Management
 WHAT should be checked HOW by WHOM and WHEN
 Manual and automatic tests
 Proof of inspections carried out
 Evidence collection
 Compliance status calculation
The existing SAST rules are automatically provided in a DEFAULT policy. Plug and Play.
Customer policies can be easily created and maintained by copying and using the "Drag &
Drop Policy Editor".
+
Policy-based security checks.
Your advantages:
- 13 -

13. Policy-based security and vulnerability scans.
Central vulnerability overview on multiple systems and areas:
- 14 -

14. Policy-based security and vulnerability scans.
Easy drill down for root cause analyse:
- 15 -

15. Realtime threat detection for SAP systems.
Use cases included with SAST SUITE:
Manipulation of users and
authorization.
Assignment of critical authorization.
Manipulation of passwords.
Miss-used critical reports and
functions modules.
Access to critical, blacklisted
transactions.
Critical changes to system
configurations.
Manipulation of critical database
tables.
Information disclosure.
Read access logging as additional
data source.
Extraction of confidential information
(GDPR).
File manipulation (parameter
configuration, transports).
Suspicious user behavior (technical
and dialog users).
Monitoring of SAP security notes.
DoS detection.
Critical transport content.
Critical remote function calls.
Login attempts of privileged
accounts.
Account sharing.
Suspicious HTTP Calls.
Miss-use of debugging and error-
analysis.
What else did the user do?
Threat hunting.
Forensic analysis.
Correlation of different account to on
person (Central Identity).
- 16 -

16. - 17 -
Distributed system
log data Normalize, Pseudonymize,
enrich log data
Persistence, analyze,
generate alerts
SAST Real Time Cybersecurity Monitoring.

17. Collect Log Data
Critical/Relevant
Events
Intelligent Log Filters
Complex Events
 Identify log sources
 Consolidate across system borders
 Filter irrelevant events
 +3500 filters in the SAST Security Radar
 Individually configurable and extensible filters
 Predefined classification of criticality
 Critical event combinations
Security Incident
 Consider business processes
 Individual risk evaluation
- 18 -
Log
Entries
Security incident ✓ Focus on individual, focused scenarios!
Rules
Our funnel approach – from events to alarms:

18. Developer DEV
System
Manipulates customer
report
Manipulates transport
to enable report
autostart under DDIC
Transport goes via Q to
P
Admin PROD
System
XPRA starts report
under DDIC
Developer gets
“hidden” SAP_ALL
Report changes own
code to hide activity
Developer PROD
System
Change bank data in
vendor master
AP Clerk PROD
System
Weekly payment run
Payment transferred to
wrong account
Change ABAP report Import transport Change Vendor Outgoing payment
SAST Code Advisor
detects critical code
and XPRA
SAST Security Radar
detects XPRA and hidden
SAP_ALL
SAST Security Radar
detects unapproved
vendor change
Use Case: Detection of Insider Attack.

19. - Klaus Brenk -
“With the help of the SAST SUITE,
we were able to significantly reduce the
probability of occurrence for critical events.
We are now in a position where
we can respond much faster
to critical events.“

20. Real-time monitoring of your SAP systems with SAST SUITE.
Your benefits at a glance:
Constant monitoring of configuration, authorizations and security and change logs.
+
- 21 -
+
+
+
+
+
Push-button access to the security status of entire SAP system landscape.
Integrates seamlessly into existing SIEM solutions.
Aggregated and evaluated information about security policy breaches.
Automatic alerting for critical and complex events, even by combining several events that
appear uncritical when viewed individually.
Pseudonymize user data to ensure compliance with the data protection laws of the
European Union (GDPR).
Ongoing content updates keeping all systems up-to-date.
+

21. - 22 -
Keep the
ball rolling
with us.

22. Keep the ball rolling with us…
SAST BLOG sast-blog.akquinet.com
New expert articles, practical tips, case studies, etc. every week.
SAST NEWS Registration on the website or by mail: sast@akquinet.de
Current information every 6-8 weeks.
SAST WEBINARS Were you unable to attend a live webinar?
ON DEMAND The webinar archive allows you to individually schedule when you want
to take advantage of our recommendations.
SAST WEBINARS Further topics for 2020 are available on our event page on the web.
- 23 -

23. DO YOU HAVE ANY QUESTIONS?
WE ANSWER. FOR SURE.
© Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright.
All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior
written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions.
The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information.
TIM KRÄNZKE
CSO SAST SOLUTIONS
Fon: +49 40 88173-2735
Email: tim.kraenzke@akquinet.com
Web: sast-solutions.com