Thousands of security-relevant settings in a common SAP system do not make it easy to implement a comprehensive security check. Although the DSAG test guide and other standards explain what should be checked, they do not show how this can be done, and certainly not what the ideal approach is. Therefore, in this webinar we will show you how you can effectively and efficiently control the security status of your SAP ERP and S/4HANA systems and what advantages a tool-based check offers you.
Topics of focus:
• Challenges with the implementation of security guidelines
• Overview of relevant regulations
• Project methodology for a security management process
• Advantages of tool-supported checks with the SAST SUITE
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Managed Services: "The choice is yours: a make or buy approach to SAP security and compliance?"
-------------------------------------------------------------------------------------
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only way to ensure SAP system security. However, efforts like these are technically complex, which is why they require so much time and personnel. Decision-makers thus face a fundamental question: Should they "make" or “buy" their way to SAP security and compliance? Our SAST MANAGED SERVICES offer a holistic solution that can assist you in both on-site and remote environments.
--------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
In order to maintain compliance in SAP systems, a well-established authorization management and a well-founded analysis of the separation of functions is necessary. This becomes all the more complex the more non-system solutions are available in your SAP ERP or S/4HANA landscape, because such systems usually have their own authorization structures.
It is therefore necessary to think about a reliable, cross-system authorization management in good time so that roles and authorizations are synchronized across all your SAP and non-SAP applications.
In this webinar, we will show you how to master comprehensive SoD analyses, business process analyses and the identification of authorization conflicts in the future – tool-supported and with a feasible administrative effort.
Topics of Focus:
• SoD analysis for SAP and non-SAP systems
• Cross-system authorization management with a central identity
• Evaluation of assigned roles and rights
• Advantages of the SAST User Access Management
• Best practice tips
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Our audits are designed to help you determine your SAP landscape's actual risk exposure and pinpoint areas that are open to potential attacks. They include everything from your infrastructure and SAP system parameters to individual component configurations and authorizations.
Also if your company's migration to SAP HANA or S/4HANA is right around the corner. An audit offers an ideal solution for safeguarding your systems and taking all the necessary security measures before you start your transition.
Our approach is based on SAP's security guidelines, the recommendations of the German Federal Office for Information Security (BSI), and the information security standard DIN ISO 27001.
Topics of focus:
• Challenges, tools and proven methods
• Advantages of a root cause analysis and of the resulting risks for your company
• Quick check vs. audit vs. penetrationtest
• Our project approach at a glance
• Recommendations for the follow-up of an Audit
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
As anyone who works in the field of SAP Basis services will tell you, there's always something to optimize when it comes to user authorizations. What these efforts fail to do far too often, however, is remove transactions that are no longer in use from the respective roles. This leads to preventable risks with regard to the segregation of duties and unnecessary resource consumption in administration.
After conducting various tests on intelligent ways to streamline role profiles, RENK AG settled on one solution: the new Self-Adjusting Authorizations module of SAST SUITE. During authorization projects, it's not uncommon for our experts to find users with up to 500 SAP authorizations - only 25% of which they actually utilize.
With SAST Self-Adjusting Authorizations, you can implement tailored, fully streamlined roles without putting any restrictions on your day-to-day business - which is also the best way to prepare for your next SAP license audit.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
We all know how it goes – once a year, the auditor carries out an IT audit as part of the year-end audit. The idea is to flag potential threats in SAP cyber security, and in identity & access management.
In terms of risk, this procedure is no solution; rather, the step is taken much too late in the process to allow for any kind of quick reaction. Hackers may have already had ample time to take advantage of the risks. Despite this fact, many companies leave it too late to close loopholes.
In this webinar, we will show you a much better approach that addresses this discrepancy. Thanks to SAST SUITE, you can achieve continuous, highly efficient real-time monitoring of all critical and security-related changes to your SAP systems. This means you can act immediately. No more waiting until next year when the auditor is at your doorstep.
Topics of focus:
• Immediate detection of unauthorized authorization assignments
• Monitoring role allocation and any evasion of the dual control principle
• Proper reaction – without delay – to suspicious table change documents
• Cost-benefit analysis: manual downstream controls vs. intelligent real-time monitoring
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Year in and year out, the annual external audit is a given, as every SAP system and security administrator knows. Nonetheless, the current risk situation of the SAP systems is often uncertain. Have all the findings from the last audit really been rectified? Have new risks arisen in the meantime?
SAP authorization concepts are subject to continual change, which is why auditors check every year to make sure that authorizations like SAP_ALL and the SAP standard users are protected. The list of necessary measures is long: from installing security patches to checking and reducing critical authorizations. But the solution is simple: Don’t wait until the next audit! Instead, identify your vulnerabilities today. It’s the only way to guarantee the security of your SAP systems year-round and enable you to react to anomalies quickly.
In this webinar, we’ll show you how the SAST SUITE can help you define your top findings quickly, check critical authorizations efficiently, and keep your systems clean. You’ll never have to dread an auditor visit again.
Topics of focus:
- The next test is never far away – tips for effective follow-ups and optimal preparation for an audit
- Tool-supported identification and rectification of your top findings
- Stay clean through cyclical checks
- Best practice recommendations
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Only the permanent monitoring of all events allows you a reliable protection of your SAP systems. Thereby a real security incident can arise from a combination of several uncritical events.
In this webinar, Linde will provide insights on how to identify, evaluate and document such an incident as quickly as possible so that appropriate countermeasures can be taken. In case of an attack, the reaction capability has a considerable influence on the expected level of damage.
Topics of focus:
• What is needed for a reliable security monitoring
• Protection of your SAP systems on platform and authorization level
• Identification of vulnerabilities in real time
• Importance of security dashboards to analyze suspicious user activities
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Fiori and S/4 authorizations: "What are the biggest challenges, and where do the risks lie?"
-------------------------------------------------------------------------------------Many SAP customers are currently planning to implement SAP S/4HANA or are already making the transition. Besides the extensive new architectural aspects involved, implementing S/4HANA and Fiori also changes quite a few longstanding rules in the area of SAP authorizations.
A number of transactions - some of which veteran SAP ERP users have come to hold dear - have either been integrated into other transactions, replaced by Fiori apps, or simply eliminated. Meanwhile, the consistent use of OData services in the context of Fiori has resulted in a variety of ramifications with regard to security design in both the front and back end.
------------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Managed Services: "The choice is yours: a make or buy approach to SAP security and compliance?"
-------------------------------------------------------------------------------------
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only way to ensure SAP system security. However, efforts like these are technically complex, which is why they require so much time and personnel. Decision-makers thus face a fundamental question: Should they "make" or “buy" their way to SAP security and compliance? Our SAST MANAGED SERVICES offer a holistic solution that can assist you in both on-site and remote environments.
--------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
In order to maintain compliance in SAP systems, a well-established authorization management and a well-founded analysis of the separation of functions is necessary. This becomes all the more complex the more non-system solutions are available in your SAP ERP or S/4HANA landscape, because such systems usually have their own authorization structures.
It is therefore necessary to think about a reliable, cross-system authorization management in good time so that roles and authorizations are synchronized across all your SAP and non-SAP applications.
In this webinar, we will show you how to master comprehensive SoD analyses, business process analyses and the identification of authorization conflicts in the future – tool-supported and with a feasible administrative effort.
Topics of Focus:
• SoD analysis for SAP and non-SAP systems
• Cross-system authorization management with a central identity
• Evaluation of assigned roles and rights
• Advantages of the SAST User Access Management
• Best practice tips
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Our audits are designed to help you determine your SAP landscape's actual risk exposure and pinpoint areas that are open to potential attacks. They include everything from your infrastructure and SAP system parameters to individual component configurations and authorizations.
Also if your company's migration to SAP HANA or S/4HANA is right around the corner. An audit offers an ideal solution for safeguarding your systems and taking all the necessary security measures before you start your transition.
Our approach is based on SAP's security guidelines, the recommendations of the German Federal Office for Information Security (BSI), and the information security standard DIN ISO 27001.
Topics of focus:
• Challenges, tools and proven methods
• Advantages of a root cause analysis and of the resulting risks for your company
• Quick check vs. audit vs. penetrationtest
• Our project approach at a glance
• Recommendations for the follow-up of an Audit
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
As anyone who works in the field of SAP Basis services will tell you, there's always something to optimize when it comes to user authorizations. What these efforts fail to do far too often, however, is remove transactions that are no longer in use from the respective roles. This leads to preventable risks with regard to the segregation of duties and unnecessary resource consumption in administration.
After conducting various tests on intelligent ways to streamline role profiles, RENK AG settled on one solution: the new Self-Adjusting Authorizations module of SAST SUITE. During authorization projects, it's not uncommon for our experts to find users with up to 500 SAP authorizations - only 25% of which they actually utilize.
With SAST Self-Adjusting Authorizations, you can implement tailored, fully streamlined roles without putting any restrictions on your day-to-day business - which is also the best way to prepare for your next SAP license audit.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
We all know how it goes – once a year, the auditor carries out an IT audit as part of the year-end audit. The idea is to flag potential threats in SAP cyber security, and in identity & access management.
In terms of risk, this procedure is no solution; rather, the step is taken much too late in the process to allow for any kind of quick reaction. Hackers may have already had ample time to take advantage of the risks. Despite this fact, many companies leave it too late to close loopholes.
In this webinar, we will show you a much better approach that addresses this discrepancy. Thanks to SAST SUITE, you can achieve continuous, highly efficient real-time monitoring of all critical and security-related changes to your SAP systems. This means you can act immediately. No more waiting until next year when the auditor is at your doorstep.
Topics of focus:
• Immediate detection of unauthorized authorization assignments
• Monitoring role allocation and any evasion of the dual control principle
• Proper reaction – without delay – to suspicious table change documents
• Cost-benefit analysis: manual downstream controls vs. intelligent real-time monitoring
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Year in and year out, the annual external audit is a given, as every SAP system and security administrator knows. Nonetheless, the current risk situation of the SAP systems is often uncertain. Have all the findings from the last audit really been rectified? Have new risks arisen in the meantime?
SAP authorization concepts are subject to continual change, which is why auditors check every year to make sure that authorizations like SAP_ALL and the SAP standard users are protected. The list of necessary measures is long: from installing security patches to checking and reducing critical authorizations. But the solution is simple: Don’t wait until the next audit! Instead, identify your vulnerabilities today. It’s the only way to guarantee the security of your SAP systems year-round and enable you to react to anomalies quickly.
In this webinar, we’ll show you how the SAST SUITE can help you define your top findings quickly, check critical authorizations efficiently, and keep your systems clean. You’ll never have to dread an auditor visit again.
Topics of focus:
- The next test is never far away – tips for effective follow-ups and optimal preparation for an audit
- Tool-supported identification and rectification of your top findings
- Stay clean through cyclical checks
- Best practice recommendations
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Only the permanent monitoring of all events allows you a reliable protection of your SAP systems. Thereby a real security incident can arise from a combination of several uncritical events.
In this webinar, Linde will provide insights on how to identify, evaluate and document such an incident as quickly as possible so that appropriate countermeasures can be taken. In case of an attack, the reaction capability has a considerable influence on the expected level of damage.
Topics of focus:
• What is needed for a reliable security monitoring
• Protection of your SAP systems on platform and authorization level
• Identification of vulnerabilities in real time
• Importance of security dashboards to analyze suspicious user activities
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Fiori and S/4 authorizations: "What are the biggest challenges, and where do the risks lie?"
-------------------------------------------------------------------------------------Many SAP customers are currently planning to implement SAP S/4HANA or are already making the transition. Besides the extensive new architectural aspects involved, implementing S/4HANA and Fiori also changes quite a few longstanding rules in the area of SAP authorizations.
A number of transactions - some of which veteran SAP ERP users have come to hold dear - have either been integrated into other transactions, replaced by Fiori apps, or simply eliminated. Meanwhile, the consistent use of OData services in the context of Fiori has resulted in a variety of ramifications with regard to security design in both the front and back end.
------------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Conflicts between employers and works councils often arise in particular due to divergent views regarding the implementation and use of technical facilities, including the ability to monitor IT workplaces.
The benefits of constructive cooperation between works council, IT department, and HR are apparent. In this light, we have designed a webinar that demonstrates how you can use the SAST SUITE for the fair monitoring of the IT workplaces at your company – while at the same time complying with the German Works Constitution Act.
In addition to portraying the relevant intersections, we will show you the options you have for planning and managing SAP users directly in the system, as well as indicate the limits defined by the relevant laws. We will also present a tried and tested procedure model with a focus on an optimized authorization concept in SAP systems, enabling you to avoid conflicts from the start.
Topics of focus:
• Legal basis of the German Works Constitution Act in combination with the SAST SUITE
• Transaction statistics in the standard SAP system
• Privacy and data protection despite data loss prevention
• Procedure model for proactive conflict avoidance
• Model works agreement
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Although managed services are becoming a firm fixture in more and more IT areas, companies are still hesitant when it comes to SAP – even though almost all of them face similar challenges, including the specialized domain of SAP security and authorizations.
There is a shortage of specialist staff capable of ensuring GDPR-compliant monitoring of SAP systems, especially the sensitive personnel data they manage. Although they would like to monitor highly critical transactions, they often lack both the internal expertise and the suitable tools. Last but not least, although some companies monitor their IT systems in real time, the response times to alerts in the SAP environment are far too long to support a rapid response to identified threats.
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only way to ensure SAP system security, however. With the SAST Managed Service, we can take care of all this for you, no matter whether your company is already playing in the Champions League of security or are only just starting out. We offer custom-tailored security and compliance solutions for both SAP ERP and SAP S/4HANA.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
How hackers are compromising S/4HANA and how you can protect yourself with SAST SUITE.
-------------------------------------------------------------------------------------
Significant changes are taking place in the world of SAP. By 2025, the majority of the company's customers will make the move to S/4HANA. The related preparations are fully under way – including among hackers who are looking to exploit every available security flaw.
Here, hackers have a key advantage: S/4HANA involves technology that’s not only extremely complex, but relatively new, as well. The risk of making configuration errors that could undermine security is definitely real.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
It has long been no secret that cyber criminals particularly like to attack SAP systems. After all, they are perfectly suited as a backdoor for a company's highly sensitive data, and there is no better way to make money.
You can't prevent attacks, but with the right cyber threat detection strategy, you can be prepared, detect anomalies immediately and respond to security incidents immediately.
We'll show you how to properly assess threats, identify and neutralize real cyber-attacks before they can cause serious damage.
Topics of Focus:
• Building an SAP cyber security strategy you can trust
• Protection of your SAP systems on platform and authorization level
• Identification of weak points in real time
• Importance of security dashboards to analyze suspicious user activity
• Advantages of the SAST SUITE for your SAP Threat Detection measures
• Best practice tips for typical attack scenarios
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Administrating a large number of user accounts often presents companies with serious challenges. Especially when you consider how complicated most of the available standard tools are. The effort is hardly manageable if user identities also need to be maintained in several systems, directory services, or databases.
The lack of an option to manage user IDs and authorizations across multiple systems in a transparent way, not only leads to insufficient clarity and SoD conflicts; it also requires more effort to address those issues.
We will demonstrate how you can manage the identities, roles and authorizations of your SAP users efficiently and also on a shared S/4HANA system landscape.
Topics of focus:
• Challenges of Identity Management in SAP S/4HANA systems
• Reduction of effort due to automated authorization requests
• Real time risk assessment of critical authorizations
• Advantages of the SAST User Access Management
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Comprehensive authorization management and the SoD analysis that comes with it are essential measures in safeguarding SAP systems, especially in the context of compliance. However, problems can arise when connecting external solutions to an SAP landscape. SAP Ariba, for example, comes with its own role and authorization concept - one that often doesn't match the SAP standard. This makes truly comprehensive SoD analysis simply impossible.
The solution? Cross-system authorization management that monitors roles and authorizations while factoring in all the relationships among them. The authorization management module of SAST SUITE makes it possible to customize SoD functions in a way that incorporates roles and permissions into SoD analysis, even when non-SAP systems like Ariba are involved.
In this webinar, you'll learn how to take control of extensive SoD and business process analyses while identifying authorization conflicts across multiple systems.
-------------------------------------------------------------------------------------Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
When transforming authorization roles from your ERP system, there are many points to consider in parallel: For which transactions are there comparable counterparts, which must be exchanged, and which are even obsolete? To do this, you need to select the appropriate Fiori Apps for the new roles and, of course, you also need to adhere to your SAP authorization concept. This requires some preparatory work and analyses, especially if you plan to implement this work manually.
In this webinar we will show you how we can support you, shorten the migration period and at the same time greatly improve the quality and security of your roles. After all, it will be more expensive to clean up legacy issues only after migration - not to mention the damage caused by security holes that have been transferred.
Topics of focus:
• Challenges and necessary questions before project start
• Our project procedure at a glance
• Tips for identifying and eliminating risks in your SAP roles
• Advantages of the SAST Role Conversion Service
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
sPlatform Security: "Are you really that attached to your ABAP security flaws, or can they go?"
-------------------------------------------------------------------------------------
Attacks on companies have increased exponentially in recent years. Not uncommonly, these were made possible by software vulnerabilities. SAP systems are particularly critical for many core business processes and should receive corresponding protections.
However, you'll only achieve a basic level of security that can weather stress tests and remain consistent if you take a truly head-to-toe approach to security. And that includes your ABAP code. In our experience to date, many companies balk at audits of their custom developments or 3rd-party add-ons, or are unsatisfied with the nearly unmanageable number of findings. How can this mass of supposedly critical security flaws be evaluated reliably? Where do you even start to clean up?
The newest module in our SAST SUITE, the Code Security Advisor, offers a solution. It is directly integrated into your SAP system and has a risk assessment enriched by key figures such as usage statistics for prioritization, an option to easily decommission obsolete code and a comprehensive set of rules with test cases developed by our SAP security and compliance consultants based on their years of experience.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
User Access Management: "Using SAST Safe Go-Live Management to prevent disruptions in authorization design."
-------------------------------------------------------------------------------------
Whether it's after an audit or during an S/4HANA project, companies' requirements regarding quality, the time involved, and of course, their project budget often differ greatly when it comes to planning authorization redesigns.
No matter what your own priorities are in authorization projects, AKQUINET offers solutions designed to meet every requirement to the letter. And the best part? Thanks to SAST Safe Go-Live Management methodology, your project won't cause any disruptions in your everyday business.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
In practice, we often see SAP security projects that only offer a partial solution. Only rarely do such projects involve an end-to-end examination of all layers – from operating system to databases and applications, as well as concepts and policies.
At the same time, an all-encompassing approach to security is essential for projects involving the implementation of or migration to SAP S/4HANA, because the database, user interface, gateway, applications, and authorizations have all grown closer together. As a result, access to important data has become both more complex and more difficult to monitor – especially due to media discontinuity and access options at different layers. This means your framework authorization concept has to combine all these topics prior to implementation and define an end-to-end security strategy.
Ideally, all the security expertise needed for a comprehensive solution like this will come from a single source. This will guarantee perfect interplay between design and management, as well as monitoring, administration, and auditing. And you will also cover all the security areas, in the sense of a comprehensive SIEM system.
In this webinar, we will show you why SAST SOLUTIONS, with our highly specialized SAP experts in combination with our SAST SUITE solution, have just what you are looking for.
Topics of focus:
• The challenges of successful SAP S/4HANA security projects
• How to make sure your SAP S/4HANA implementation or migration is a success
• Benefits of support by SAST SUITE tools
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
SAP License Audit Tips
www.auditbots.com
SAP Audit Procedure for SAP License
Real-time analysis and SAP Audit procedure for SAP license type classification helps companies both reduce the time and cost of SAP license audits, as well as the overall cost of licensing SAP.
By providing live snapshots, methods for classifications and consolidating a user’s various usernames into a single entity, the user license manager can show companies what they can save in licensing costs. SAP License Manager can be automated too.
According to Gartner Senior Analyst, Patricia Adams “ Depending upon the level of maturity, enterprises that implement software usage capabilities will achieve savings of 5% to 25% in the first year”.
The interest in SAP security has been growing exponentially, and not only among whitehats. SAP invests money and resources in security, provides guidelines, and arranges conferences, but, unfortunately, SAP users still pay little attention to SAP security
There are most important takeaways for CISOs to provide SAP Security for Enterprises. The presentation destroys the SAP Security myths, includes statistics obtained by ERPScan Research Group, and future trends in SAP Security.
Every year, SAP audits its customers’ systems and calculates the user-specific license fee based on the collected data. Many companies prefer to leave SAP users active when in doubt, however, out of concern that their day-to-day operations might be disrupted. They fear that a given user ID might still be used technically for background workflows or interface activities.
Use the SAST SUITE to analyze your SAP users, to find out about their actual usage and identify user IDs that are no longer in use. In addition to dialog users, we also focus on background and interface use. This holistic approach makes it possible to derive recommended actions and remove user IDs safely, without any negative side-effects. It’s a double win for you: with the very little effort required, a fast return on investment is practically certain.
Topics of focus:
• How to reduce your SAP license fees without affecting your day-to-day business
• Use the SAST SUITE to identify users that are no longer needed
• Step-by-step instructions for deactivating obsolete SAP users
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
The presentation describes 5 steps you should take to secure your SAP. There are:
1. Pentesting and Audit
2. Compliance
3. Internal security and SOD
4. ABAP Source code review
5. Forensics
Read Access Logging (RAL) for SAP NetWeaver OverviewSAP Technology
For more info: http://scn.sap.com/community/security.
The Read Access Logging tool for SAP NetWeaver Application Server ABAP allows you to monitor and log read access to sensitive data. Use the Read Access Logging framework in order to protect sensitive business data and prevent security violations.
Building a World-Class Proactive Integrated Security and Network Ops CenterPriyanka Aash
The SNOC (Security & Network Operations Center) is a cost-effective, world-class, proactive integrated function that leverages and optimizes your current NOC members while hiring a minimal number of additional security professionals. Learn how to use the SNOC framework to transform your existing NOC into a single effective team that is responsible for both network and security functions.
(Source: RSA USA 2016-San Francisco)
IT audits are a universally accepted quality measure and have become indispensable. As such, internal audits are increasingly being used in addition to annual reviews by external auditors, to check the configuration of SAP landscapes and user authorizations. Their benefits: They can analyze individual aspects in shorter intervals, help prepare for and follow up on annual audits, and provide optimal support to internal control systems.
It must be noted, however, that any audit merely provides a snapshot of the current situation. But what about analyses of transactions, changes, and system behavior? When and where have employees deviated from the specified working methods? Were differing settings intentionally changed back to the “target” state?
Take the initiative and round out your spot checks with automated real-time monitoring. Stop limiting your SAP security analyses to a single point in time and instead identify risks holistically, over freely definable periods. In our webinar, we’ll show you the new possibilities and describe how the SAST SUITE can help you optimize your internal control systems, while at the same time establishing reliable real-time monitoring of your SAP systems.
Topics of focus:
• The most frequently underestimated activities
• How to optimize cyclical analyses of the system configuration and user settings
• Why real-time analyses are so important for your IT security concept
• Benefits of tool-based checks using SAST SUITE
• Best practice recommendations
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Conflicts between employers and works councils often arise in particular due to divergent views regarding the implementation and use of technical facilities, including the ability to monitor IT workplaces.
The benefits of constructive cooperation between works council, IT department, and HR are apparent. In this light, we have designed a webinar that demonstrates how you can use the SAST SUITE for the fair monitoring of the IT workplaces at your company – while at the same time complying with the German Works Constitution Act.
In addition to portraying the relevant intersections, we will show you the options you have for planning and managing SAP users directly in the system, as well as indicate the limits defined by the relevant laws. We will also present a tried and tested procedure model with a focus on an optimized authorization concept in SAP systems, enabling you to avoid conflicts from the start.
Topics of focus:
• Legal basis of the German Works Constitution Act in combination with the SAST SUITE
• Transaction statistics in the standard SAP system
• Privacy and data protection despite data loss prevention
• Procedure model for proactive conflict avoidance
• Model works agreement
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Although managed services are becoming a firm fixture in more and more IT areas, companies are still hesitant when it comes to SAP – even though almost all of them face similar challenges, including the specialized domain of SAP security and authorizations.
There is a shortage of specialist staff capable of ensuring GDPR-compliant monitoring of SAP systems, especially the sensitive personnel data they manage. Although they would like to monitor highly critical transactions, they often lack both the internal expertise and the suitable tools. Last but not least, although some companies monitor their IT systems in real time, the response times to alerts in the SAP environment are far too long to support a rapid response to identified threats.
Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only way to ensure SAP system security, however. With the SAST Managed Service, we can take care of all this for you, no matter whether your company is already playing in the Champions League of security or are only just starting out. We offer custom-tailored security and compliance solutions for both SAP ERP and SAP S/4HANA.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
How hackers are compromising S/4HANA and how you can protect yourself with SAST SUITE.
-------------------------------------------------------------------------------------
Significant changes are taking place in the world of SAP. By 2025, the majority of the company's customers will make the move to S/4HANA. The related preparations are fully under way – including among hackers who are looking to exploit every available security flaw.
Here, hackers have a key advantage: S/4HANA involves technology that’s not only extremely complex, but relatively new, as well. The risk of making configuration errors that could undermine security is definitely real.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
It has long been no secret that cyber criminals particularly like to attack SAP systems. After all, they are perfectly suited as a backdoor for a company's highly sensitive data, and there is no better way to make money.
You can't prevent attacks, but with the right cyber threat detection strategy, you can be prepared, detect anomalies immediately and respond to security incidents immediately.
We'll show you how to properly assess threats, identify and neutralize real cyber-attacks before they can cause serious damage.
Topics of Focus:
• Building an SAP cyber security strategy you can trust
• Protection of your SAP systems on platform and authorization level
• Identification of weak points in real time
• Importance of security dashboards to analyze suspicious user activity
• Advantages of the SAST SUITE for your SAP Threat Detection measures
• Best practice tips for typical attack scenarios
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Administrating a large number of user accounts often presents companies with serious challenges. Especially when you consider how complicated most of the available standard tools are. The effort is hardly manageable if user identities also need to be maintained in several systems, directory services, or databases.
The lack of an option to manage user IDs and authorizations across multiple systems in a transparent way, not only leads to insufficient clarity and SoD conflicts; it also requires more effort to address those issues.
We will demonstrate how you can manage the identities, roles and authorizations of your SAP users efficiently and also on a shared S/4HANA system landscape.
Topics of focus:
• Challenges of Identity Management in SAP S/4HANA systems
• Reduction of effort due to automated authorization requests
• Real time risk assessment of critical authorizations
• Advantages of the SAST User Access Management
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Comprehensive authorization management and the SoD analysis that comes with it are essential measures in safeguarding SAP systems, especially in the context of compliance. However, problems can arise when connecting external solutions to an SAP landscape. SAP Ariba, for example, comes with its own role and authorization concept - one that often doesn't match the SAP standard. This makes truly comprehensive SoD analysis simply impossible.
The solution? Cross-system authorization management that monitors roles and authorizations while factoring in all the relationships among them. The authorization management module of SAST SUITE makes it possible to customize SoD functions in a way that incorporates roles and permissions into SoD analysis, even when non-SAP systems like Ariba are involved.
In this webinar, you'll learn how to take control of extensive SoD and business process analyses while identifying authorization conflicts across multiple systems.
-------------------------------------------------------------------------------------Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
When transforming authorization roles from your ERP system, there are many points to consider in parallel: For which transactions are there comparable counterparts, which must be exchanged, and which are even obsolete? To do this, you need to select the appropriate Fiori Apps for the new roles and, of course, you also need to adhere to your SAP authorization concept. This requires some preparatory work and analyses, especially if you plan to implement this work manually.
In this webinar we will show you how we can support you, shorten the migration period and at the same time greatly improve the quality and security of your roles. After all, it will be more expensive to clean up legacy issues only after migration - not to mention the damage caused by security holes that have been transferred.
Topics of focus:
• Challenges and necessary questions before project start
• Our project procedure at a glance
• Tips for identifying and eliminating risks in your SAP roles
• Advantages of the SAST Role Conversion Service
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
sPlatform Security: "Are you really that attached to your ABAP security flaws, or can they go?"
-------------------------------------------------------------------------------------
Attacks on companies have increased exponentially in recent years. Not uncommonly, these were made possible by software vulnerabilities. SAP systems are particularly critical for many core business processes and should receive corresponding protections.
However, you'll only achieve a basic level of security that can weather stress tests and remain consistent if you take a truly head-to-toe approach to security. And that includes your ABAP code. In our experience to date, many companies balk at audits of their custom developments or 3rd-party add-ons, or are unsatisfied with the nearly unmanageable number of findings. How can this mass of supposedly critical security flaws be evaluated reliably? Where do you even start to clean up?
The newest module in our SAST SUITE, the Code Security Advisor, offers a solution. It is directly integrated into your SAP system and has a risk assessment enriched by key figures such as usage statistics for prioritization, an option to easily decommission obsolete code and a comprehensive set of rules with test cases developed by our SAP security and compliance consultants based on their years of experience.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
User Access Management: "Using SAST Safe Go-Live Management to prevent disruptions in authorization design."
-------------------------------------------------------------------------------------
Whether it's after an audit or during an S/4HANA project, companies' requirements regarding quality, the time involved, and of course, their project budget often differ greatly when it comes to planning authorization redesigns.
No matter what your own priorities are in authorization projects, AKQUINET offers solutions designed to meet every requirement to the letter. And the best part? Thanks to SAST Safe Go-Live Management methodology, your project won't cause any disruptions in your everyday business.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
In practice, we often see SAP security projects that only offer a partial solution. Only rarely do such projects involve an end-to-end examination of all layers – from operating system to databases and applications, as well as concepts and policies.
At the same time, an all-encompassing approach to security is essential for projects involving the implementation of or migration to SAP S/4HANA, because the database, user interface, gateway, applications, and authorizations have all grown closer together. As a result, access to important data has become both more complex and more difficult to monitor – especially due to media discontinuity and access options at different layers. This means your framework authorization concept has to combine all these topics prior to implementation and define an end-to-end security strategy.
Ideally, all the security expertise needed for a comprehensive solution like this will come from a single source. This will guarantee perfect interplay between design and management, as well as monitoring, administration, and auditing. And you will also cover all the security areas, in the sense of a comprehensive SIEM system.
In this webinar, we will show you why SAST SOLUTIONS, with our highly specialized SAP experts in combination with our SAST SUITE solution, have just what you are looking for.
Topics of focus:
• The challenges of successful SAP S/4HANA security projects
• How to make sure your SAP S/4HANA implementation or migration is a success
• Benefits of support by SAST SUITE tools
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
SAP License Audit Tips
www.auditbots.com
SAP Audit Procedure for SAP License
Real-time analysis and SAP Audit procedure for SAP license type classification helps companies both reduce the time and cost of SAP license audits, as well as the overall cost of licensing SAP.
By providing live snapshots, methods for classifications and consolidating a user’s various usernames into a single entity, the user license manager can show companies what they can save in licensing costs. SAP License Manager can be automated too.
According to Gartner Senior Analyst, Patricia Adams “ Depending upon the level of maturity, enterprises that implement software usage capabilities will achieve savings of 5% to 25% in the first year”.
The interest in SAP security has been growing exponentially, and not only among whitehats. SAP invests money and resources in security, provides guidelines, and arranges conferences, but, unfortunately, SAP users still pay little attention to SAP security
There are most important takeaways for CISOs to provide SAP Security for Enterprises. The presentation destroys the SAP Security myths, includes statistics obtained by ERPScan Research Group, and future trends in SAP Security.
Every year, SAP audits its customers’ systems and calculates the user-specific license fee based on the collected data. Many companies prefer to leave SAP users active when in doubt, however, out of concern that their day-to-day operations might be disrupted. They fear that a given user ID might still be used technically for background workflows or interface activities.
Use the SAST SUITE to analyze your SAP users, to find out about their actual usage and identify user IDs that are no longer in use. In addition to dialog users, we also focus on background and interface use. This holistic approach makes it possible to derive recommended actions and remove user IDs safely, without any negative side-effects. It’s a double win for you: with the very little effort required, a fast return on investment is practically certain.
Topics of focus:
• How to reduce your SAP license fees without affecting your day-to-day business
• Use the SAST SUITE to identify users that are no longer needed
• Step-by-step instructions for deactivating obsolete SAP users
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
The presentation describes 5 steps you should take to secure your SAP. There are:
1. Pentesting and Audit
2. Compliance
3. Internal security and SOD
4. ABAP Source code review
5. Forensics
Read Access Logging (RAL) for SAP NetWeaver OverviewSAP Technology
For more info: http://scn.sap.com/community/security.
The Read Access Logging tool for SAP NetWeaver Application Server ABAP allows you to monitor and log read access to sensitive data. Use the Read Access Logging framework in order to protect sensitive business data and prevent security violations.
Building a World-Class Proactive Integrated Security and Network Ops CenterPriyanka Aash
The SNOC (Security & Network Operations Center) is a cost-effective, world-class, proactive integrated function that leverages and optimizes your current NOC members while hiring a minimal number of additional security professionals. Learn how to use the SNOC framework to transform your existing NOC into a single effective team that is responsible for both network and security functions.
(Source: RSA USA 2016-San Francisco)
IT audits are a universally accepted quality measure and have become indispensable. As such, internal audits are increasingly being used in addition to annual reviews by external auditors, to check the configuration of SAP landscapes and user authorizations. Their benefits: They can analyze individual aspects in shorter intervals, help prepare for and follow up on annual audits, and provide optimal support to internal control systems.
It must be noted, however, that any audit merely provides a snapshot of the current situation. But what about analyses of transactions, changes, and system behavior? When and where have employees deviated from the specified working methods? Were differing settings intentionally changed back to the “target” state?
Take the initiative and round out your spot checks with automated real-time monitoring. Stop limiting your SAP security analyses to a single point in time and instead identify risks holistically, over freely definable periods. In our webinar, we’ll show you the new possibilities and describe how the SAST SUITE can help you optimize your internal control systems, while at the same time establishing reliable real-time monitoring of your SAP systems.
Topics of focus:
• The most frequently underestimated activities
• How to optimize cyclical analyses of the system configuration and user settings
• Why real-time analyses are so important for your IT security concept
• Benefits of tool-based checks using SAST SUITE
• Best practice recommendations
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
How to assess the risks in your SAP systems at the push of a buttonVirtual Forge
This presentation was held by Stephen Lamy, Virtual Forge, at the Basis & SAP Administration 2015 Conference in Las Vegas, March 2015.
Stephen Lamy explained important elements of crucial testing included in a risk assessment of SAP system configurations and custom (and third-party) ABAP code. What strategies exist for identifying the types of testing to perform as well as ensuring SAP systems remain safe and secure through the building of automated processes.
Key Takeaways:
- Why automated risk assessments can benefit you in a cost-effective way
- How to ensure security and compliance without losing quality in SAP systems and applications
- How to lower the risk of vulnerabilities by implementing a code or system scanning solution to test for security, compliance and quality
SAP Active Global Support - Support for Innovation - Quality Assurance at Cus...Bernhard Luecke
For enterprises , Time to Value is what most counts in the more and more rapidly changing world. As a software provider, SAP needs to ensure the quality of the configured and extended product, integrated as part of the solution landscape of the customer. This is achieved through the SAP Control Center Concept delivered within the SAP MaxAttention or Active Embedded engagement by SAP Active Global Support.
Presentation held at "II Jornadas de Calidad del Producto" in Madrid ( http://calidaddelproductosoftware.com/2014/programa/ )
Practical SAP pentesting workshop (NullCon Goa)ERPScan
All business processes are generally contained in ERP systems. Any information an attacker might want is stored in a company’s ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. And SAP is the most popular business application vendor with more than 250000 customers worldwide.
The workshop conducted by Alexander Polyakov, CTO of ERPScan, at NullCon Goa Conference is a practical SAP pentesting guide.
Practical SAP pentesting (B-Sides San Paulo)ERPScan
All business processes are generally contained in ERP systems. Any information an attacker might want is stored in a company’s ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. And SAP is the most popular business application vendor with more than 250000 customers worldwide.
The workshop conducted by Alexander Polyakov, CTO of ERPScan, at B-Sides Conference 2014 (San Paulo) is a practical SAP pentesting guide.
These slides and embedded webinar covers how to:
Proactively understand the impact of transports on target systems
-Mitigate risk by pinpointing relevant test assets and identifying gaps in coverage
-Rapidly create and update appropriate test sets and data
-Efficiently validate the test assets that changed before it goes into production
Run SAP Like a Factory is SAP’s approach to efficiently operate and continuously improve SAP Business Solution operations.
The objective is to operate SAP with minimal costs and effort.
This is achieved by creating transparency what is going on, by operating pro-actively based on alerts, and by implementing a continuous improvement process.
Further aspects are simplification, standardization and automation of operational procedures.
Run SAP Like Factory provides the methodology, content, and tools combined with premium service and trainings.
Available for SAP Premium Engagements like SAP MaxAttention and SAP ActiveEmbedded.
Managing entitlements through the product lifecycleteam-WIBU
The ability to monetize software products has become one of the factors deciding the fate and fortunes of companies, be they traditional software businesses or active players in the increasingly software-dependent industrial world. Flexible licensing can be the perfect way for them to respond to the many needs and requirements of different customer communities or local markets.
Successfully integrating a licensing model in a software product is only half the story, however, as companies also have to be able to distribute and manage these licenses (or entitlements) transparently and effectively, ideally in an as automated fashion as possible. This means that licensing is not a technical matter reserved solely for software developers, but an issue that concerns many functions and departments across the entire business.
When introducing a central entitlement management system, the challenge is to establish a clean and standard process that can accommodate all the other processes already in place, while being pliable enough to leave room for new models and innovations. The resulting system has to have the right interfaces to link up with the existing system landscape in order to meet the needs of all the many stakeholders involved in or affected by it.
There is a system designed to master this balancing act: The combined power of SAP Entitlement Management System (EMS) and CodeMeter. It is the perfect synthesis of a smart back-office solution for managing entitlements and a sophisticated technology for monitoring the entitlements on the end user’s side. 1 plus 1 equals 3 in this case, as the benefits of the combined system are far more than the sum of its parts.
EAS-SEC: Framework for securing business applicationsERPScan
For a quite long time, ERP Security was only the synonym of segregation of duties. But nowadays this situation has changed. There are 3 areas of Business Application Security such as SOD, Custom Code security and Application platform security. SAP customers are now aware of problems with SAP installations, but they still don’t know, where should they start to solve them.
The aim of EAS-SEC (http://eas-sec.org/) is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.
Similar to Best Practice Guide Security: How to check your SAP systems for security. [Webinar] (20)
SAP applications contain large amounts of sensitive data: from personal to financial information. A targeted or even inadvertent disclosure of this data thus offers a potential attack surface. If someone from abroad logs in with the user of a designer from Germany, he should not be able to see any company-relevant drawings. A warehouse clerk often does not necessarily need to know what the contents of which package are, and a sales employee should be able to find the right product and packaging unit for quotations, but not necessarily be able to see the purchase prices. Data masking is therefore about protecting data that is there and also necessary, but which not everyone should see in every situation. Classic, static masking policies via authorisation concepts do not take into account the context of access risk and therefore force a compromise between data security and accessibility. This is where the concept of attribute-based data masking comes in: Additional targeted dynamic policies are used without the need for adjustments to SAP for implementation. In this way, fine-grained control is achieved over which information can be viewed by which users in which situation.
Focus of the webinar:
• Data loss prevention as a further protective measure for your sensitive data
• Why a good authorisation concept alone does not provide sufficient protection
• The advantage of dynamic masking measures over static ones
• Best practice tips for restricting views by location, IP address or time of access
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch schreiben Sie uns gerne an: mail@sast-solutions.de
In this webinar, Dürr IT provides insights into how they can transparently present their risk situation with the SAP Security Dashboard of the SAST SUITE and also integrate relevant information into their SIEM system as well as make it available to the company-wide SOC. The focus is on a holistic view of regular punctual parameter checks in combination with real-time threat detection. In addition, we offer an overview of the optimal measures for the best possible risk minimization.
For more and more companies, the holistic overview of the current risk situation and the presentation of information is an increasing challenge. Management views of the current risk situation and its changes over time are required, as are detailed work lists and support for follow-up actions. All this with increasingly diversified contacts in security teams across the company.
Focus of the webinar:
• How dashboards transparently visualize changes in the risk situation
• Integrating SAP security islands into enterprise SIEM/SOC solutions
• Learnings for the implementation of successful SAP Security Dashboards
• Best practice approach to risk mitigation for SAP systems
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch schreiben Sie uns gerne an: mail@sast-solutions.de
Conventional authorization projects are based on a monolithic approach, with a standardized procedure model and a linear sequence of project phases with milestones. In an ideal project, where both the project factors and the final state are known, this approach might go well. But if changes occur during the project, things become more difficult, and the response is often to increase the resources or push the deadline back. Neither is an ideal solution for your project.
In our experience, SAP S/4HANA authorization projects tend to be highly dynamic, due to the lack of a clear overall strategy in the beginning and frequently changing requirements. This is a key reason why such projects fail.
Our SAP experts at SAST SOLUTIONS follow an agile project management approach that is perfectly suited to the complexity and dynamism in SAP S/4HANA projects. Take advantage of our extensive experience and benefit from rapid response times to changing requirements and a continuous optimization process.
Topics of focus:
• Frequent stumbling blocks in SAP S/4HANA authorization projects
• Comparison between “classic” and “agile” project management
• How you can benefit from the SAST project approach
• Best practice tips
-------------------------------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
The maxim “Trust is good, but control is better” definitely applies to SAP systems, which constitute the core of many companies’ IT landscapes. The current security status of such systems should be known to more than just the SAP experts involved; indeed, this information is becoming relevant to more and more contacts at companies. As a result, it's all the more important that analyses be intuitive and user-friendly.
SAST Management Dashboard enables you to assess the security of your SAP systems at a glance. It analyzes key risks and presents the results in a visual format while also depicting trends over time.
At the press of a button, SAST Management Dashboard can provide you with a current status report based on risk KPIs you define in advance and reveal the causes of security flaws. The benefits are clear: You’ll have constant access to high-quality information regarding your present risk situation and you security will taken to the next level.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Your efforts to protect your SAP systems won't be complete until you have reliable way to keep a constant eye on your transactions and applications. When you detect critical incidents right when they occur, you'll be able take immediate action in response. When you're under attack, your reaction time has a significant impact on the level of damage you can expect. It's not hard to see how a real-time solution like AKQUINET's SAST Security Radar pays for itself in short order.
Detecting attacks based on log files and analyzing network traffic requires in-depth knowledge of the potential paths and patterns such incursions can follow. This is because events relevant to security have to be filtered out of a sea of data and placed in the proper context.
--------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Security Intelligence: “What you stand to gain from intelligent, SAP real-time monitoring."
-------------------------------------------------------------------------------------
Your efforts to protect your SAP systems won't be complete until you have reliable way to keep a constant eye on your transactions and applications. When you detect critical incidents right when they occur, you'll be able take immediate action in response. When you're under attack, your reaction time has a significant impact on the level of damage you can expect. It's not hard to see how a real-time solution like AKQUINET's SAST Security Radar pays for itself in short order.
Detecting attacks based on log files and analyzing network traffic requires in-depth knowledge of the potential paths and patterns such incursions can follow. This is because events relevant to security have to be filtered out of a sea of data and placed in the proper context.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Platform Security: "Insecure SAP system interfaces: an underestimated risk."
-------------------------------------------------------------------------------------
How confident are you that your SAP systems are sufficiently protected against cyberattacks? In our experience, it's far too often the case that companies fail to pay the requisite attention to analyzing and securing their SAP system interfaces. These include RFC connections, SAP Gateway, and extended ST01 traces, along with considerations of their relevance, criticality, and potential defects.
As you take the steps necessary to secure your landscape, the suite module SAST Interface Management can provide you with optimal support. It's capable of evaluating multiple systems, creating a comprehensive interface overview in graphical or tabular format, and categorizing the flaws it finds.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Best Practice Guide Security: How to check your SAP systems for security. [Webinar]
1. Konvertierung
Ihrer ERP-Rollen
auf SAP S/4HANA
Der SAST Role Conversion Service
Best Practice
Guidelines Security
How to check your SAP systems
for security.
3. Missing or unclear security status of SAP systems.
Insufficient information about risk causes for decision-makers/security managers.
Intransparent presentation of all risk and their mitigation.
Customers have many ideas - some even have tools - but no overarching integration.
Many (> 100 systems) must be monitored continuously.
Customers need internationally experienced partners with comprehensive know-how.
Why customers have entrusted T-Systems with hardening and
monitoring their SAP systems?
- 6 -
The challenge
SAST SUITE analyzes and visualizes the status of all SAP systems with one push of a
button and enables the provision of a managed security solutions.
✓
5. Relevant set of rules
DSAG auditing guide for SAP ERP 6.0
SAP security baseline template (OSS Note 2253549)
Best practice guide role management HANA DB (March 2019)
Best practice guidelines for development
Best practice implementation SAP GRC
SAP security guides for various products and databases
Subject and industry-specific regulations or requirements (e.g. critical infrastructures)
On which basis should people work?
- 8 -
Company-specific security regulations must always be developed with regard
to organization, technology and willingness to take risk.
The use of auditing tools can reduce this effort, but not eliminate it.
6. Security Management Process
- 9 -
Guideline
SIEM
Guideline
Config/Auth
Guideline
Incident
Learn and Improve
Prevent Detect Respond Recover
7. Project Methodology
- 10 -
Definition of the SAP policy and the set of rules
Implementation of a monitoring tool
Security hardening on all SAP systems
Activate real-time monitoring
Launch of management reports and transparency
Policy compliance
8. Monitoring of vulnerabilities AND threats in real time:
Vulnerability and authorization scans
SIEM threat detection (SYSLOG or file)
Cyclical
Real time
Configuration of SAP landscape
User and authorizations
Process and change management
Analysis of logs and behavior
- 11 -
9. Total scope: 200 ABAP (incl. Java-Dual-Stack) and
76 Java systems.
Non-ERP incl. BW, SRM, CRM, etc.
Dashboard and real-time monitoring on all
80 production systems.
Technical authorizations were cleaned up in
60 ABAP production systems.
Technical system parameters and gateways were
cleaned up in all 276 systems.
RFC connections, profile adjustments (SAP_ALL)
were cleaned up in all 200 ABAP systems.
Changes in the system followed the system
landscape (development - quality - production)
with stakeholder testing to avoid any impact
on the business.
Scope and Timeline: analysis, hardening and monitoring.
- 12 -
87
119
144
226
260 270 276
0
50
100
150
200
250
300
2015 Q4 Feb. Mar. April May Jun. July August Sep.
SystemNumber
Baseline
Actual
15. Reliable service levels
Coordinated response times depending on the severity of events
Immediate information on highly critical policy deviations and events
Support times according to your needs
Regular reports on
security status and audits performed
all incidents and audits occurred
Our Managed Services for you
Full transparency :
- 18 -
+
+
+
+
+
16. Target: Increase the added value for the customer.
✓ Fixed priced
Useful reporting on technical
compliance
Best practice templates
Reliable server operation
Rapid deployment
Proof of concept possible
✓
✓
✓
✓
✓
17. Amount
FTE
SAP dialog user: 2,5 00
SAP systems: 3
Amount
FTE
SAP dialog user: 10,000
SAP systems: 10
Staff: Procurement and training 20.000 € 20.000 €
Staff: 1st Level Monitoring 0,3 30.000 € 1,0 100.000 €
Staff: 2nd Level Monitoring 0,3 30.000 € 1,0 100.000 €
Staff: Team Management / Service Contact 0,1 10.000 € 0,3 30.000 €
Staff: Software / Rule Maintenance 0,1 10.000 € 0,1 10.000 €
Software: SIEM SAP 7.500 € 7.500 €
Software: Maintenance 7.500 € 7.500 €
Annual costs „make it yourself“ 115.000 € 275.000 €
Annual costs „SAST Managed Services“ (all-in) 45.000 € 80.000 €
SAP Security & Compliance: make or buy?
An exemplary cost comparison*
- 20 -
* FTE costs p.a.: ~ 100.000 €
Software costs SIEM SAP p.a., depreciation on 5 years : ~ 37.500 €
Maintenance costs p.a.: ~ 7.500 € (Maintenance 20%)
Basic version (real-time monitoring without further functions)
Cost reduction of up to 70% !
18. Best Practice Guidelines Security
Take Home Messages:
SAST SUITE contains comprehensive checks according to the DSAG audit guidelines,
BSI recommendations and SAP security guides - automated and across all levels.
The standard software already contains more than 4,000 checks and security notes.
All checks and evaluations can be customized.
You receive clear recommendations for the elimination of your vulnerabilities.
Significant increase of your SAP security by reducing risk.
Optional:
Strengthening your resources by our experts, who will relieve you in the shortest
possible time and deliver first results within a few days - including real-time monitoring.
- 21 -
✓
✓
✓
✓
✓
✓