It has long been no secret that cyber criminals particularly like to attack SAP systems. After all, they are perfectly suited as a backdoor for a company's highly sensitive data, and there is no better way to make money.
You can't prevent attacks, but with the right cyber threat detection strategy, you can be prepared, detect anomalies immediately and respond to security incidents immediately.
We'll show you how to properly assess threats, identify and neutralize real cyber-attacks before they can cause serious damage.
Topics of Focus:
• Building an SAP cyber security strategy you can trust
• Protection of your SAP systems on platform and authorization level
• Identification of weak points in real time
• Importance of security dashboards to analyze suspicious user activity
• Advantages of the SAST SUITE for your SAP Threat Detection measures
• Best practice tips for typical attack scenarios
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
3. With the SAST SOLUTIONS portfolio of akquinet AG, we are your world-class provider for the holistic protection of
SAP ERP as well as S/4HANA systems - with real-time monitoring. In addition to our proprietary software suite, we
offer SAP security and compliance consulting and managed services from a single source.
Worldwide, more than 200 customers with 3.5 million SAP users currently rely on our vast expertise in protecting
their SAP systems from cyberattacks, manipulation, espionage and data theft.
Facts and figures
- 3 -SAST SOLUTIONS customers worldwide
920
305
165
325
556
796
64
845
Employees
Turnovers Mio. €
5,3
16,3
41,5
28,2
118
2002 2005 2008 2011 2014 2018 2019 2020
132
124
akquinet AG
71
4. You have the choice for your SAP ERP and S/4HANA systems!
SAP Security & Compliance – make or buy?!
- 5 -
SECURITY
INTELLIGENCE
SOFTWARE SUITE CONSULTING MANAGED SERVICES
Identity and User Access Management
Platform Security
Security Intelligence
Security Consulting
Authorization Consulting
SAP HANA & S/4HANA Migration
Authorization Management
Cybersecurity & Threat Detection
6. „From our project experiences we know:
every system is vulnerable. It is a question of
how difficult it is and how long it takes.
We rarely find SAP systems in which the infrastructure is hardened
in the best possible way and effective authorization management
is lived out.
Threats are almost always detected too late.
With the right concept, the probability of a successful attack
can be significantly reduced.“
Ralf Kempf
CTO SAST SOLUTIONS
- 7 -
7. The Early Warning System
for your SAP Landscape.
Threat Intelligence
with SAST SUITE.
8. NIST cybersecurity framework for improving critical infrastructure.
NIST = National Institute of Standards and Technology
- 9 -
Identify Protect Detect Respond Recover
Asset Management
Business Environment
Governance
Risk Assessment
Risk Management
Strategy
Access Control
Awareness and
Training
Data Security
Information Protection
Processes and
Procedures
Maintenance
Protective
Technologies
Anomalies and
Events
Security
Continuous
Monitoring
Detection
Processes
Response
Planning
Communications
Analysis
Mitigation
Improvements
Recovery Planning
Improvements
Communication
9. Your IT security is our number one concern – in real time.
All solutions from one source:
- 10 -
10. Use cases where SAST SUITE supports security analysts (prevention).
Identity and User Access Management
Detection of existing critical user-role-assignments
Detection and mitigation of SoD rule violations
✓
✓
- 11 -
Platform Security (Vulnerability Scans and Cybersecurity)
Vulnerability scan on OS, DB and SAP application level
Scan of ABAP code for critical pattern
✓
✓
11. - 12 -
Plug and Play integration
with leading SIEM
solutions
Use cases where SAST SUITE supports security analysts (detection).
Security Intelligence / SIEM / SOAR
Real time threat and attack detection for SAP systems
Monitor critical transactions, applications, log files
✓
✓
12. +
+ Customer-specific security and compliance policies in SAST Risk and Compliance Management
WHAT should be checked HOW by WHOM and WHEN
Manual and automatic tests
Proof of inspections carried out
Evidence collection
Compliance status calculation
The existing SAST rules are automatically provided in a DEFAULT policy. Plug and Play.
Customer policies can be easily created and maintained by copying and using the "Drag &
Drop Policy Editor".
+
Policy-based security checks.
Your advantages:
- 13 -
13. Policy-based security and vulnerability scans.
Central vulnerability overview on multiple systems and areas:
- 14 -
15. Realtime threat detection for SAP systems.
Use cases included with SAST SUITE:
Manipulation of users and
authorization.
Assignment of critical authorization.
Manipulation of passwords.
Miss-used critical reports and
functions modules.
Access to critical, blacklisted
transactions.
Critical changes to system
configurations.
Manipulation of critical database
tables.
Information disclosure.
Read access logging as additional
data source.
Extraction of confidential information
(GDPR).
File manipulation (parameter
configuration, transports).
Suspicious user behavior (technical
and dialog users).
Monitoring of SAP security notes.
DoS detection.
Critical transport content.
Critical remote function calls.
Login attempts of privileged
accounts.
Account sharing.
Suspicious HTTP Calls.
Miss-use of debugging and error-
analysis.
What else did the user do?
Threat hunting.
Forensic analysis.
Correlation of different account to on
person (Central Identity).
- 16 -
16. - 17 -
Distributed system
log data Normalize, Pseudonymize,
enrich log data
Persistence, analyze,
generate alerts
SAST Real Time Cybersecurity Monitoring.
17. Collect Log Data
Critical/Relevant
Events
Intelligent Log Filters
Complex Events
Identify log sources
Consolidate across system borders
Filter irrelevant events
+3500 filters in the SAST Security Radar
Individually configurable and extensible filters
Predefined classification of criticality
Critical event combinations
Security Incident
Consider business processes
Individual risk evaluation
- 18 -
Log
Entries
Security incident ✓ Focus on individual, focused scenarios!
Rules
Our funnel approach – from events to alarms:
18. Developer DEV
System
Manipulates customer
report
Manipulates transport
to enable report
autostart under DDIC
Transport goes via Q to
P
Admin PROD
System
XPRA starts report
under DDIC
Developer gets
“hidden” SAP_ALL
Report changes own
code to hide activity
Developer PROD
System
Change bank data in
vendor master
AP Clerk PROD
System
Weekly payment run
Payment transferred to
wrong account
Change ABAP report Import transport Change Vendor Outgoing payment
SAST Code Advisor
detects critical code
and XPRA
SAST Security Radar
detects XPRA and hidden
SAP_ALL
SAST Security Radar
detects unapproved
vendor change
Use Case: Detection of Insider Attack.
19. - Klaus Brenk -
“With the help of the SAST SUITE,
we were able to significantly reduce the
probability of occurrence for critical events.
We are now in a position where
we can respond much faster
to critical events.“
20. Real-time monitoring of your SAP systems with SAST SUITE.
Your benefits at a glance:
Constant monitoring of configuration, authorizations and security and change logs.
+
- 21 -
+
+
+
+
+
Push-button access to the security status of entire SAP system landscape.
Integrates seamlessly into existing SIEM solutions.
Aggregated and evaluated information about security policy breaches.
Automatic alerting for critical and complex events, even by combining several events that
appear uncritical when viewed individually.
Pseudonymize user data to ensure compliance with the data protection laws of the
European Union (GDPR).
Ongoing content updates keeping all systems up-to-date.
+
22. Keep the ball rolling with us…
SAST BLOG sast-blog.akquinet.com
New expert articles, practical tips, case studies, etc. every week.
SAST NEWS Registration on the website or by mail: sast@akquinet.de
Current information every 6-8 weeks.
SAST WEBINARS Were you unable to attend a live webinar?
ON DEMAND The webinar archive allows you to individually schedule when you want
to take advantage of our recommendations.
SAST WEBINARS Further topics for 2020 are available on our event page on the web.
- 23 -