The webinar discusses security risks in Oracle EBS systems and how Panaya helps address these risks. It notes that 70% of EBS systems are at risk of security breaches and describes vulnerabilities in sample organizations' EBS configurations. Panaya analyzes customers' EBS systems and the latest security patches to provide personalized risk assessments and patch recommendation plans to help customers proactively reduce their risk level and improve their time to patch security issues.
Nowadays, security is on everyone’s mind. The costs of cyber crimes are increasing yearly.
In 2015, a cyber crime incident in the United States costs a company an average of $15.4 million. This is an increase of 20% from 2014.
Not only are the costs are rising, the number of successful attacks have also increased by 46% in the past 4 years. In 2015, companies faced to 99 security breaches.
As a result, companies spend billions of dollars to protect their system and data from security breaches
Especially in public companies that are under regulations, security is mandatory and part of the company’s responsibility
Security is complex because it is a moving target, and organizations are having a hard time staying ahead of the game and minimizing ongoing risk
In addition to that , We can see 2 major trends that increase security risk
Self service – more and more services provided by the organization are becoming digital and self-served
And -
2. The move to the Cloud – we are in a time of migrating systems to the cloud. It is transition time, where organization use both on-premise and cloud solutions, increasing exposure as data integrates between different systems
Roni flow:
You may not be aware, but security affects how organizations perceive your role and responsibilities. Not just yours, but everyone’s.
Especially in companies that are regulated, if an employee suspects a security issue, he or she must report it.
C-level executives have a personal responsibility on any security issue that can impact the organization. After the famous Target breach, both the CEO and CIO resigned.
New roles have been created – CSO and CISO, to own security within organizations.
The ERP world is not immune to security liability. And this is why we are here today.
The purpose of this webinar is to show you how to reduce ERP security risks
Did your organization assign a C-level role (Like a CSO or CISO) to manage the security effort?
Yes
No
I Don’t Know
We will wait a few moments allow everyone to answer the question
…
Thank you. I will now pass the microphone back to my colleague Eyal.
Now, let’s cut to the chase: We are here to talk about ERP. Is your ERP secure?
External security and compliance vulnerability are becoming a major concern for organizations’ executives – we talked about that
And Oracle E-business Suite is not an island - it is exposed to major security and compliance threats throughout its entire lifecycle
Having access to many organizations, we at Panaya conducted our own research and found out two amazing facts –
Everyone thinks they are 100% covered – at least that’s what they tell us
70% of Oracle EBS shops don’t install security and compliance updates (Patches) that are necessary to keep the EBS safe
5. Yes, you heard me correctly: 70%!
6. Patches should be implemented on an ongoing basis to reduce external risks. Not installing patches is like leaving the door open when you leave your house.
7. We also found out that the 2 main reasons organizations don’t install the patch are
Awareness – Some ERP managers look at the ERP as an internal system that doesn’t have major security risk
Effort – ERP managers conclude that the risk is not worth the effort associated with an unpatched system. As a result, patch installation is almost always delayed.
Roni flow:
The challenge with security risks is that they are not static. The risk is growing every minute you do not attend to the solution.
Oracle realizes that not only there are new security risks every day, but that a solution must be provided fast and on an ongoing basis
This is why Oracle provides the Security Patch on a quarterly basis (CPU)
An organization that does not install the patch on time, has a growing security gap
To emphasize, since this is not a static risk – every day an ERP Manager is late on installing the security patch, he or she is putting their organization in a growing risk
Roni flow:
It’s a challenge – because it is not a problem you can SEE. But you need to remember that it’s there.
If you have a problem in production, this will not be solved until you install the needed patches , but with security patch although the gap is growing, it’s not something that you can actually see - until is too late
Roni flow:
1. Let’s look at an example. This is a good example.
You can see here Oracle release CPU ( Security patches ) on a quarterly basis
Each patches include the list of Security valuation that the patch will cover , this is called CVE
CVE - Common Vulnerabilities and Exposures. It is The Standard for Information Security Vulnerability.
In this example the organization installed the needed patch on time so the organization’s risk is low.
Here’s another example.
This organization didn’t install the needed patches and the security gap is growing.
As you can see in this example, each patch that the organization didn’t install includes the CVE , that are actual security risk that are currently not covered
This is not a list of patches that were not installed, but REAL security risks that exist in the EBS system
Each CVE that is associated with the patch includes the object that is in risk
Some organizations believe that if they don’t use this object, they can ignore this patch
But it is actually the opposite, especially in areas that you don’t use, this is where you are most vulnerable for attacks
So its doesn't really matter if you use this module or you don’t, you must install any security patch Oracle release
Would you like to receive a 1-on-1 demo of Panaya CloudQuality Suite™ and see how Panaya can help you improve the way your organization handles EBS Security issues
Yes
No Thanks
We will wait a few moments allow everyone to answer the question
…
Thank you. I will now pass the microphone back to my colleague Eyal.
Just to reiterate, if there’s one thing to remember, here it is
Do not ignore the patch! You should install it anyway. Your EBS is more vulnerable in modules you don’t use.
So, we talked about the challenges of keeping your Oracle EBS safe, and how you can reduce the risk by installing the needed patches.
We thought what we at Panaya can do to help you get on the fast track – give you a faster way to know what you should be doing first to reduce your EBS security risks.
Panaya analyzes hundreds of organizations every month. We are offering you access to this data, which can tell you how your organization stands compared to your industry, and what are the immediate steps you should take in order to be aligned with the industry standards.
At the end f the webinar we will give you access to our application which will analyze the status of your organization based on a few questions, andwillshow you how you can quickly reduce your EBS security risks.
Stay tuned.
Until now we talk about the important of installing security patches to reduce security risk
Now, with your permission, I would like to cover another topic : the time between the patch release date and the day that you actually install the patch
It is a new KPI that is starting to be a standard, called MTTP - Mid Time To Patch , the time its take to the organization to install any security patch
But what we actually can see is that the market standard for MTTP is days or even hours but - for Oracle EBS customers its mainly months
You can see in the graph we make , that most of the Oracle EBS Shops are lagging behind and most of the are located in the Yellow or Orange area , what mean that its take the, too much time to install the security patches
In security topics you are always challenged, so it is advised to know the industry standard – and where you stand compared to the benchmark
Staying aligned with the market, improving your MTTP, and minimizing the time its takes your organization to install the needed security patches
And this is exactly what Panaya can help you with
Did your organization implement one of the Oracle cloud solutions and integrate it with the Oracle EBS
Yes
Yes – With Oracle ERP Cloud
Yes- With Oracle HCM Cloud
No
I Don’t Know
We will wait a few moments allow everyone to answer the question
…
Thank you. I will now pass the microphone back to my colleague Eyal.
- Panaya evaluates the industry-standards for MTTP (MinTime To Patch) of security and compliance patches, as well as all Oracle’s relevant patches as they are released
- Panaya analyzes your code, usage and patch level of your current system and defines your EBS risk level
List of recommended patches for external risk reduction is provided & lean work plan to install them with no side-effects on production (what to test and what to install )
- No need to guess anymore Panaya will tell you which patches you need to install and what exactly will be the impact of those patches in your system
So lets see how we do it
In order to know what you need to do in order to keep your EBS system safe we Panaya analyzed 3 main factors
The Vendor – what are the latest patched that the vendor release for the different version and what are the risks included in each patch
The Market – what is the market behavior regarding security patch installation mainly around the MTTP , what is the recommended gap between the day the vendor release the patch and the day you install this patch
Your Organization – Panaya analysis int a generic one each organization is different and the impact of the same patch on different organization can be totally different
So Panaya will build a personalized set of Recommendation that will include
Which patch you need to install
What is the correct time frame you need to act
What will be the impact of this specific patch on you existing EBS system
As we promise In the end of this webinar we will share a with you a web application that will help you to know what you need to do in order improve your EBS security level