Your efforts to protect your SAP systems won't be complete until you have reliable way to keep a constant eye on your transactions and applications. When you detect critical incidents right when they occur, you'll be able take immediate action in response. When you're under attack, your reaction time has a significant impact on the level of damage you can expect. It's not hard to see how a real-time solution like AKQUINET's SAST Security Radar pays for itself in short order.
Detecting attacks based on log files and analyzing network traffic requires in-depth knowledge of the potential paths and patterns such incursions can follow. This is because events relevant to security have to be filtered out of a sea of data and placed in the proper context.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Unblocking The Main Thread Solving ANRs and Frozen Frames
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time monitoring. [Webinar]
1. SAST Security Radar –
Your individual SAP SIEM.
What can real-time
monitoring do for
your SAP systems?
2. Monitoring of SAP-Systems
- 2 -
Challenge
Protect SAP system against
Cyber Attacks
Data Theft
Espionage
Manipulations
Detect critical and unusual behavior in real time
Common IT security solutions do not cover SAP systems
Attacks on SAP systems are not detected!
The SAST Suite monitors your SAP system landscape comprehensively and in real time.
5. Ensure monitoring of vulnerabilities and threats
- 5 -
Vulnerabilities and compliance scans
Threat detection in real time
Cyclical
Real time
analysis
Configuration of SAP Landscape
Users and Authorizations
Process and
change management
Analysis of logs and behavior
6. Our SAST Security Radar
All-around protection for your SAP system with real time monitoring.
SAP ERP
SAP BI
SAP CRM
SAP SCM
…
NetWeaver
Reports
and
analytics
SAST Management Dashboard
IBM QRadar
AKQUINET SAST SUITE
Extraction
of all relevant
log data
Threat
intelligence
User and role management
Superuser logging
Download logging
SIEM
Integration
SoD analyses
System configuration
Vulnerability & compliance scan
- 6 -
7. SAP Security Audit Log ABAP/J2EE
All events for all users must be logged. Logging only Firefighter user is not sufficient!
SAP change documents and table logging
Required to detect users, permission and table changes.
SAP System Log
Always on. Some security messages are only written on the syslog.
Windows/UniX Logs
Required to detect SSH/RDP Logins an local user privilege escalation.
Database and listener Logs
Required to detect logins and direct access to SAP data.
SAP Router Logs / SAP Gateway and HTTP Logs
Required to detect connection attempts from unknown networks / terminals.
Who monitors all logs?
Threat detection
- 7 -
8. 8
From Events to Stories
Funnel Approach
Log
Entries
Critical Stories
Collect Log Data
Critical/Relevant
Events
Intelligent Log Filters
Complex Events
Critical Stories
Identify log sources
Consolidate across system borders
Filter irrelevant events
+3500 filters in SSR
Individually configurable and extensible filters
Predefined classification of criticality
Critical event combinations
Consider business processes
Individual risk evaluation
Focus on individual, focused szenarios.
- 8 -
9. Security status of your entire SAP system landscape at the touch of a button.
Permanent monitoring of your system configuration, user authorizations, security
and change logs.
Aggregated and evaluated real-time information about violations of your security
policy.
Automatic alerting for critical events and complex events, as a combination of
several individually uncritical events.
Short implementation time and cost-effective operation.
Continuous content updates keep your systems up to date.
Integration with IBM QRadar, HP ArcSight, Splunk, LogPoint or other SIEM tools to
create a comprehensive solution.
Real Time Security Monitoring using SAST Security Radar
- 18 -
SIEM solutions with the SAST Security Radar
+
+
+
+
+
+
+
11. Vulnerability Scan Service
Critical authorizations and system settings
Threat Detection Service
Critical transactions, report, user changes, system changes, etc.
Critical downloads
Optional
Security Notes Patch Service
System hardening
Managed SAP Security Service
Our scope of services for you:
PLATFORMSECURITY
IDENTITY&ACCESS
MANAGEMENT
Authorization Management
User requests and change workflows
Comprehensive set of rules for separation of duties (SoD)
Role development support and partial automation
Extensive template roles (SoD-free)
12. Catching the Hand in the Cookie Jar
Take Home Messages
Reduced costs and effort for securing your SAP systems
Continuous monitoring in real time
Proactive detection and analysis of conspicuous events
Fast reaction to potential
Cyberattacks
Data theft
Abuse of rights
Espionage
Manipulations
Integration of your SAP systems into existing SIEM solutions
+
- 21 -
+
+
+
+