Your efforts to protect your SAP systems won't be complete until you have reliable way to keep a constant eye on your transactions and applications. When you detect critical incidents right when they occur, you'll be able take immediate action in response. When you're under attack, your reaction time has a significant impact on the level of damage you can expect. It's not hard to see how a real-time solution like AKQUINET's SAST Security Radar pays for itself in short order. Detecting attacks based on log files and analyzing network traffic requires in-depth knowledge of the potential paths and patterns such incursions can follow. This is because events relevant to security have to be filtered out of a sea of data and placed in the proper context. -------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de

1. SAST Security Radar –
Your individual SAP SIEM.
What can real-time
monitoring do for
your SAP systems?

2. Monitoring of SAP-Systems
- 2 -
Challenge
 Protect SAP system against
 Cyber Attacks
 Data Theft
 Espionage
 Manipulations
 Detect critical and unusual behavior in real time
 Common IT security solutions do not cover SAP systems
Attacks on SAP systems are not detected!
 The SAST Suite monitors your SAP system landscape comprehensively and in real time.

3. Learn and Improve
Security Management Process
- 3 -
Prevent Detect Respond Recover

4. SAP Security Operation Center (SOC)
SOC
Manager
SME/
Hunter
(Treat Intel)
SME/
Hunter
(Malware RE)
SME/
Hunter
(Endpunkt)
SME/
Hunter
(Netzwerk)
Stage 1
Alert Analyst
Stage 2
Incident
Responder
Stage 2
Incident
Responder
Frontlines
Frontlines
1. Ebene
2. Ebene
3. Ebene
Stage 1
Alert Analyst
Stage 1
Alert Analyst
Stage 1
Alert Analyst
- 4 -
+ Permanent Analysis
+ Proactive Evaluation
+ Active Protection
= Security for
your SAP Systems

5. Ensure monitoring of vulnerabilities and threats
- 5 -
Vulnerabilities and compliance scans
Threat detection in real time
Cyclical
Real time
analysis
Configuration of SAP Landscape
Users and Authorizations
Process and
change management
Analysis of logs and behavior

6. Our SAST Security Radar
All-around protection for your SAP system with real time monitoring.
SAP ERP
SAP BI
SAP CRM
SAP SCM
…
NetWeaver
Reports
and
analytics
SAST Management Dashboard
IBM QRadar
AKQUINET SAST SUITE
Extraction
of all relevant
log data
Threat
intelligence
User and role management
Superuser logging
Download logging
SIEM
Integration
SoD analyses
System configuration
Vulnerability & compliance scan
- 6 -

7.  SAP Security Audit Log ABAP/J2EE
All events for all users must be logged. Logging only Firefighter user is not sufficient!
 SAP change documents and table logging
Required to detect users, permission and table changes.
 SAP System Log
Always on. Some security messages are only written on the syslog.
 Windows/UniX Logs
Required to detect SSH/RDP Logins an local user privilege escalation.
 Database and listener Logs
Required to detect logins and direct access to SAP data.
 SAP Router Logs / SAP Gateway and HTTP Logs
Required to detect connection attempts from unknown networks / terminals.
Who monitors all logs?
Threat detection
- 7 -

8. 8
From Events to Stories
Funnel Approach
Log
Entries
Critical Stories
Collect Log Data
Critical/Relevant
Events
Intelligent Log Filters
Complex Events
Critical Stories
Identify log sources
Consolidate across system borders
Filter irrelevant events
+3500 filters in SSR
Individually configurable and extensible filters
Predefined classification of criticality
Critical event combinations
Consider business processes
Individual risk evaluation
Focus on individual, focused szenarios.
- 8 -

9. Security status of your entire SAP system landscape at the touch of a button.
Permanent monitoring of your system configuration, user authorizations, security
and change logs.
Aggregated and evaluated real-time information about violations of your security
policy.
Automatic alerting for critical events and complex events, as a combination of
several individually uncritical events.
Short implementation time and cost-effective operation.
Continuous content updates keep your systems up to date.
Integration with IBM QRadar, HP ArcSight, Splunk, LogPoint or other SIEM tools to
create a comprehensive solution.
Real Time Security Monitoring using SAST Security Radar
- 18 -
SIEM solutions with the SAST Security Radar
+
+
+
+
+
+
+

10. Our Managed SAP Security Service
- 19 -

11. Vulnerability Scan Service
 Critical authorizations and system settings
Threat Detection Service
 Critical transactions, report, user changes, system changes, etc.
 Critical downloads
Optional
 Security Notes Patch Service
 System hardening
Managed SAP Security Service
Our scope of services for you:
PLATFORMSECURITY



IDENTITY&ACCESS
MANAGEMENT
Authorization Management
 User requests and change workflows
 Comprehensive set of rules for separation of duties (SoD)
 Role development support and partial automation
 Extensive template roles (SoD-free)


12. Catching the Hand in the Cookie Jar
Take Home Messages
Reduced costs and effort for securing your SAP systems
Continuous monitoring in real time
Proactive detection and analysis of conspicuous events
Fast reaction to potential
 Cyberattacks
 Data theft
 Abuse of rights
 Espionage
 Manipulations
Integration of your SAP systems into existing SIEM solutions
+
- 21 -
+
+
+
+

13. Keep the
ball rolling
with us.
- 22 -

14. QUESTIONS?
WE ANSWER. FOR SURE.
TIM KRÄNZKE
Director International Sales & Alliances
Tel: +49 40 88173-109
Email: sast@akquinet.de
Web: sast-solutions.com
© Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright.
All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior
written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions.
The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information.