SlideShare a Scribd company logo

How can managed services improve your SAP security and compliance? [Webinar]

Download as PPTX, PDF
akquinet enterprise solutions GmbH
akquinet enterprise solutions GmbH

Although managed services are becoming a firm fixture in more and more IT areas, companies are still hesitant when it comes to SAP – even though almost all of them face similar challenges, including the specialized domain of SAP security and authorizations. There is a shortage of specialist staff capable of ensuring GDPR-compliant monitoring of SAP systems, especially the sensitive personnel data they manage. Although they would like to monitor highly critical transactions, they often lack both the internal expertise and the suitable tools. Last but not least, although some companies monitor their IT systems in real time, the response times to alerts in the SAP environment are far too long to support a rapid response to identified threats. Checking for vulnerabilities, flawed configurations, and critical authorizations on a regular basis is the only way to ensure SAP system security, however. With the SAST Managed Service, we can take care of all this for you, no matter whether your company is already playing in the Champions League of security or are only just starting out. We offer custom-tailored security and compliance solutions for both SAP ERP and SAP S/4HANA. -------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de

Technology
1 of 28
How can managed services improve your SAP Security and compliance? Let’s take a look on some specific customer cases.
The everyday life of an SAP system: Attacks on all levels.
Facts and figures on security incidents. Source:CostsofDataBreach2019 Roundabout 314 days are needed for companies to detect and contain an attack. 7month and containment another 70days Identification usually takes 67% of the costs are incurred in year 1 For a security incident and in year 2 and 3 another 33% 3.5 Mio € is the average cost of a data breach. 25,575 datasets. lost With an expected average of - 7 -
SAP Security & Compliance – comprehensive and continuous.  SAP technology is becoming increasingly complex - also due to S/4HANA.  The topic of SAP security is constantly evolving, as well as the knowledge of the attackers.  Protection against cyber attacks is time- and resource-intensive.  Protection against (supposedly) unlikely cyber attacks is therefore put behind.  In-house, there are rarely vacant resources or only limited experience in this special field.  Highly specialized knowledge is hardly available, and building up such know-how takes a long time.  Monitoring and SIEM tools are often useless without the necessary context knowledge. Continuous and comprehensive SAP protection can be expensive and complex.!  SAST Managed Services provide a fast and reliable supplement for missing resources. The challenge - 8 -
Placebo for your IT security: alarm tiredness ! - 9 - “Permanent security alerts often lead the IT department to switch to an ignorance mode, due to high rate on false alarms. Thus, only about 5 percent of the alerts can really be thoroughly investigated.“ Computerwoche
Our approach: From the pure event to the whole story. - 10 - Collect Log Data Critical/relevant events Intelligent log filters Complex events Critical Stories Identify log sources Consolidate data across systems Filter irrelevant events +3500 filters in SAST Security Radar Individually adjustable and expandable filters Predefined prioritization of criticality Event combinations, from critical and noncritical events Consideration of business processes Individual risk assessment  Focus on individual, targeted scenarios! Log Entries Potential Threats
Our Security Monitoring as a Service: - 11 - REAL-TIME MONITORING SOC TEAM
Hardening your SAP systems and ongoing health check. Continuous monitoring of critical system configurations. Constant threat analyses. Preventing critical transactions and reports, system changes, etc. Logging unwanted downloads from the systems. Our Managed Services for you: PLATFORMSECURITY   IDENTITY&USER ACCESSMANAGEMENT Ongoing support in authorization management. User application and change workflows. Preventing conflicts from segregation of duties (SoD). Supporting role design and partial automation of management with the help of template roles for all branches, completely SoD-free.        - 12 -
Case 1: Security Monitoring and Operation Center.
Initial situation  An external analysis uncovered vulnerabilities in the SAP system configuration and also in the authorization management.  The primary issue was, that the truly critical security incidents were not transparent.  Due to the complexity of the SAP system landscape, the project could not be managed with its own resources. There was also a lack of internal security expertise. Example: Redesigning the risk management at Linde Group. Project goals 1. Visible and quick success. 2. Professional and efficient setup of a complete coverage already during the project phase. 3. The daily business should be able to continue in parallel. - 14 -
Project implementation  Built all around protection for the 15 largest SAP landscapes worldwide with over 20,000 SAP users.  System hardening covering interface reassessments and gateway hardening.  Optimization of all critical SAP basis authorizations roles.  Establish continuous monitoring of critical configurations, threats and vulnerabilities. Example: Redesigning the risk management at Linde Group. - 15 - Advantages for Linde Interim strengthening of internal team resources. Built up long-term expertise in the specialized SAP security area. Notified in case of highly critical event in real time and their reduction up to 80%.   
- Klaus Brenk - “With regard to the analysis and evaluation, our team will benefit in the long term of the cooperation. And thanks to the optimal process automation, the number of necessary inspections has been significantly reduced.”
Case 2: Managed Service Authority & Security
Initial situation  Major German bank.  Monitoring up to 62 systems.  No cyclic monitoring of the system configuration and critical authorizations.  No regular reporting to monitor compliance within processes and configurations. Example: Managed Service Authority and Security - 18 - Project requirements 1. Permanent real-time monitoring of critical SAP systems. 2. Evaluation and assessment of security events. 3. Consistent and demand-oriented adaptation of filter settings and rules. 4. Feedback of the evaluations to SAP operations and security organization. 5. Optimization and hardening recommendations for the SAP operation. 6. Recommended actions for changes to the SAP system or the applications (e.g. different parameter settings, users with critical authorizations and source code changes). 7. Update of the inspection policy based on recommendations e.g. from SAP, BSI or DSAG.
Example: Managed Service Authority and Security Advantages for the customer: Delivery of the security and status reports agreed according to the scope of services. Professional preparation of recommendations for security team. Information about necessary adjustments and their implementation in the tool based on technical and legal requirements. High transparency about users and administrators. Detection of mass data downloads. Abuse of administrative privileges. Hidden SAP_ALL assignment / self assignment of authorizations. - 19 -       
Case 3: User and Authorization Administration (also available as a temporary service)
Initial situation  The aim of this project was to standardize authorization assignment and management in all existing SAP systems in order to continuously increase SAP security and compliance.  The necessary resources were not available on the customer side.  The SAST SUITE was purchased in order to optimize analysis and administration processes. SAP User and Authorization Administration - 21 - Project requirements 1. Introduction of an authorization concept for quality-assured role administration. 2. Support of the user and authorization administration. 3. Assistance with troubleshooting in case of insufficient access rights. 4. Checking the roles to be created for conflicts with the company's own set of rules. 5. Permanent authorization monitoring and reporting.
Story 1: Privilege escalation by use of reference users. - 22 - What happened?  The customer has prohibited the use of User DDIC, SAP* etc. and administrative access rights have been severely restricted.  User administrator <USERADMIN> has the right to assign roles, profiles and reference users. The assignment of roles and profiles was subject to a weekly review.  To make changes to the system configuration, the <USERADMIN> assigned user DDIC as a reference user and gave him SAP_ALL rights. This means that the user was not detected by the implemented change controls. After changing the system configuration, the reference user DDIC was removed. SAST Security Radar had detected the following critical events:
Story 1: Privilege escalation by use of reference users. - 23 - Analysis After consultation with the user administrator, it was obvious that this "trick" was often used to change system settings in order to circumvent the change management process. ! Lessons learned  As a countermeasure, the system settings were changed in order to prevent the assignment of privileged reference users in future.  The settings are monitored daily using SAST System Security Validation. 
Story 2: Critical change of system configuration. - 24 - What happened? Consultants had extensive rights and changed system profile values without permission. How was the incident discovered? SAST Security Radar reports event SYSTEM_PROFILE_CHANGED of users that were not defined in the system administrator's whitelist. Analysis The consultant wanted to test web pages and therefore adjusted the ICM ports and SSL configuration according to SAP notes. ! Lessons learned Withdrawal of rights from the advisory role. Strict instruction that system changes are only executed by SAP basis team. 
Story 3: Critical change of customizing table. - 25 - What happened? Internal users have changed customizing tables in the FI area in the production system. How was the incident discovered? SAST Security Radar reported events SYSLOG_A1_9 field content changed and CRITICAL_TABLE_CHANGED in the production system. Analysis Because the change of FI settings through authorization and customer settings was forbidden, the tables have been changed directly. To do this the role of a "trouble shooting user" got used in order to skip authorization checks in the debugger. This method has been used in the past by several user. ! Lessons learned Removal of debug/replace rights from all roles and personal instructions by the Security Manager. There have never been similar incidents again, as all users know that they are now under surveillance. 
Security is simply a good feeling!
Amount FTE SAP dialog user: 2,500 SAP systems: 3 Amount FTE SAP dialog user: 10,000 SAP systems: 10 Staff: Procurement and training 20.000 € 20.000 € Staff: 1st Level Monitoring 0,3 30.000 € 1,0 100.000 € Staff: 2st Level Monitoring 0,3 30.000 € 1,0 100.000 € Staff: Team Management / Service Contact 0,1 10.000 € 0,3 30.000 € Staff: Software / Rule Maintenance 0,1 10.000 € 0,1 10.000 € Software: SIEM SAP 7.500 € 7.500 € Software: Maintenance 7.500 € 7.500 € Annual costs „Do it yourself“ 115.000 € 275.000 € Annual costs „SAST Managed Services“ (all-in) 45.000 € 80.000 € SAP Security & Compliance: make or buy? An exemplary cost comparison* - 27 - * FTE costs p.a.: ~ 100.000 € Software costs SIEM SAP p.a., depreciation on 5 years : ~ 37.500 € Maintenance costs p.a.: ~ 7.500 € (Maintenance 20%) Basic version (real-time monitoring without further SAST modules) Cost reduction of up to 70% !
SAP Security & Compliance: make or buy? Take Home Messages HIGHEST POSSIBLE SECURITY. We use experienced security consultants and SAP- certified tools for many years. STRENTHENING YOUR RESOURCES. Our experts will relieve you in the shortest possible time and deliver the first results within a few days. REAL-TIME MONITORING. We notify you immediately upon identification of vulnerabilities or attacks. ALWAYS UP-TO-DATE. Our security settings and attack databases are constantly being updated. COST REDUCTION. Reduction of your operating and personnel costs. No separate license agreements for the use of our security tools. NO CRYPTIC INCIDENT NOTIFICATIONS. We provide contextual information and clear recommendations. + + + + + + - 28 -
Your SAP is on pole position for us. SAST Managed Services: plug & play security for your SAP systems.
You want to achieve better SAP security and compliance – even with a small IT budget. You want to comply with the GDPR and constantly monitor your personnel data. You want to increase the security of your SAP systems, while allowing your team to remain focused on its core tasks. You not only want to register highly critical events and transactions, but also react promptly. You already have a tool in use, but neither time nor personnel are available for the evaluation. You want to test the advantages of a managed service solution. The SAST Managed Service “Starter Package“ is the right choice for you if… - 30 -      
 Checking the essential system parameters and settings of your SAP systems.  Check your roles for critical authorizations.  Daily check for critical events and monthly report of the security status of your systems.  Categorization of all events and rapid notification of unusual incidents.  Pre-defined and proven SAST rule set with regular updates.  Installation of the SAST SUITE and setup for your SAP systems within shortest time. Advantages of the SAST Managed Service “Starter Package“:  Daily monitoring instead of annual audit! - 31 -
DO YOU HAVE ANY QUESTIONS? WE ANSWER. FOR SURE. © Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright. All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions. The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information. TIM KRÄNZKE Director International Sales & Alliances Fon: +49 40 88173-2735 Email: tim.kraenzke@akquinet.com Web: sast-solutions.com

Recommended

What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...
akquinet enterprise solutions GmbH
 
SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...
SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...
SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...
akquinet enterprise solutions GmbH
 
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...
akquinet enterprise solutions GmbH
 
Rectify your top findings before the external auditors arrive! [Webinar]
Rectify your top findings before the external auditors arrive! [Webinar]Rectify your top findings before the external auditors arrive! [Webinar]
Rectify your top findings before the external auditors arrive! [Webinar]
akquinet enterprise solutions GmbH
 
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
akquinet enterprise solutions GmbH
 
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
akquinet enterprise solutions GmbH
 
SAST Safe Go-Live Management for SAP authorizations [Webinar]
SAST Safe Go-Live Management for SAP authorizations [Webinar]SAST Safe Go-Live Management for SAP authorizations [Webinar]
SAST Safe Go-Live Management for SAP authorizations [Webinar]
akquinet enterprise solutions GmbH
 
SAST Threat Detection for SAP [Webinar]
SAST Threat Detection for SAP [Webinar]SAST Threat Detection for SAP [Webinar]
SAST Threat Detection for SAP [Webinar]
akquinet enterprise solutions GmbH
 

Recommended

What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...
akquinet enterprise solutions GmbH
 
SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...
SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...
SAP Security Dashboards: Gain complete transparency for your SAP systems. [We...
akquinet enterprise solutions GmbH
 
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...
SAST Threat Detection: What you stand to gain from intelligent, SAP real-time...
akquinet enterprise solutions GmbH
 
Rectify your top findings before the external auditors arrive! [Webinar]
Rectify your top findings before the external auditors arrive! [Webinar]Rectify your top findings before the external auditors arrive! [Webinar]
Rectify your top findings before the external auditors arrive! [Webinar]
akquinet enterprise solutions GmbH
 
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
akquinet enterprise solutions GmbH
 
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
How Linde identifies and tracks security incidents in its SAP systems. [Webinar]
akquinet enterprise solutions GmbH
 
SAST Safe Go-Live Management for SAP authorizations [Webinar]
SAST Safe Go-Live Management for SAP authorizations [Webinar]SAST Safe Go-Live Management for SAP authorizations [Webinar]
SAST Safe Go-Live Management for SAP authorizations [Webinar]
akquinet enterprise solutions GmbH
 
SAST Threat Detection for SAP [Webinar]
SAST Threat Detection for SAP [Webinar]SAST Threat Detection for SAP [Webinar]
SAST Threat Detection for SAP [Webinar]
akquinet enterprise solutions GmbH
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
akquinet enterprise solutions GmbH
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
akquinet enterprise solutions GmbH
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
Best Practice Guide Security: How to check your SAP systems for security. [We...
Best Practice Guide Security: How to check your SAP systems for security. [We...Best Practice Guide Security: How to check your SAP systems for security. [We...
Best Practice Guide Security: How to check your SAP systems for security. [We...
akquinet enterprise solutions GmbH
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...
akquinet enterprise solutions GmbH
 
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
akquinet enterprise solutions GmbH
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
akquinet enterprise solutions GmbH
 
SAST Interface Management for SAP systems [Webinar]
SAST Interface Management for SAP systems [Webinar]SAST Interface Management for SAP systems [Webinar]
SAST Interface Management for SAP systems [Webinar]
akquinet enterprise solutions GmbH
 
Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...
akquinet enterprise solutions GmbH
 
SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]
akquinet enterprise solutions GmbH
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]
akquinet enterprise solutions GmbH
 
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
akquinet enterprise solutions GmbH
 
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
akquinet enterprise solutions GmbH
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP security
ERPScan
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
guest5bd7a1
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 steps
ERPScan
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015Ertunga Arsal
 
SAP Enterprise Threat Detection Overview
SAP Enterprise Threat Detection OverviewSAP Enterprise Threat Detection Overview
SAP Enterprise Threat Detection Overview
SAP Technology
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 

More Related Content

What's hot

Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
akquinet enterprise solutions GmbH
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
akquinet enterprise solutions GmbH
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
Best Practice Guide Security: How to check your SAP systems for security. [We...
Best Practice Guide Security: How to check your SAP systems for security. [We...Best Practice Guide Security: How to check your SAP systems for security. [We...
Best Practice Guide Security: How to check your SAP systems for security. [We...
akquinet enterprise solutions GmbH
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...
akquinet enterprise solutions GmbH
 
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
akquinet enterprise solutions GmbH
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
akquinet enterprise solutions GmbH
 
SAST Interface Management for SAP systems [Webinar]
SAST Interface Management for SAP systems [Webinar]SAST Interface Management for SAP systems [Webinar]
SAST Interface Management for SAP systems [Webinar]
akquinet enterprise solutions GmbH
 
Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...
akquinet enterprise solutions GmbH
 
SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]
akquinet enterprise solutions GmbH
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]
akquinet enterprise solutions GmbH
 
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
akquinet enterprise solutions GmbH
 
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
akquinet enterprise solutions GmbH
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP security
ERPScan
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
guest5bd7a1
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 steps
ERPScan
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015Ertunga Arsal
 
SAP Enterprise Threat Detection Overview
SAP Enterprise Threat Detection OverviewSAP Enterprise Threat Detection Overview
SAP Enterprise Threat Detection Overview
SAP Technology
 

What's hot (20)

Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
Best Practice Guide Security: How to check your SAP systems for security. [We...
Best Practice Guide Security: How to check your SAP systems for security. [We...Best Practice Guide Security: How to check your SAP systems for security. [We...
Best Practice Guide Security: How to check your SAP systems for security. [We...
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...
 
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
SAP Authoziations: RENK AG tests out SAST's new self-adjusting SAP roles. [We...
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
 
SAST Interface Management for SAP systems [Webinar]
SAST Interface Management for SAP systems [Webinar]SAST Interface Management for SAP systems [Webinar]
SAST Interface Management for SAP systems [Webinar]
 
Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...
 
SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
 
SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]
 
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
Cyber attacks on your SAP S/4HANA systems? So you can stay relaxed. [Webinar]
 
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
Tips for the secure conversion of your SAP ERP roles to S/4HANA. [Webinar]
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP security
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 steps
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks Procedures
 
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
SAP Security - Real life Attacks to Business Processes - Hack in Paris 2015
 
SAP Enterprise Threat Detection Overview
SAP Enterprise Threat Detection OverviewSAP Enterprise Threat Detection Overview
SAP Enterprise Threat Detection Overview
 

Similar to How can managed services improve your SAP security and compliance? [Webinar]

Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
TapOffice
 
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsGovernment Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
SolarWinds
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Anil Kumar
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
grconlinetraining
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
SolarWinds
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Lecture 6 & 7.pdf
Lecture 6 & 7.pdfLecture 6 & 7.pdf
Lecture 6 & 7.pdf
RaoShahid10
 
Cisa domain 4
Cisa domain 4Cisa domain 4
Cisa domain 4
ShivamSharma909
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
VaishnavGhadge1
 
Project on multiplex ticket bookingn system globsyn2014
Project on multiplex ticket bookingn system globsyn2014Project on multiplex ticket bookingn system globsyn2014
Project on multiplex ticket bookingn system globsyn2014Md Imran
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
SOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataSOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp Drata
Kashish Trivedi
 
Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)
ANISUR RAHMAN
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
Anil Kumar
 
Employee Management System
Employee Management SystemEmployee Management System
Employee Management System
vivek shah
 

Similar to How can managed services improve your SAP security and compliance? [Webinar] (20)

Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
 
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWindsGovernment Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
Government Webinar: RMF, DISA STIG, and NIST FISMA Compliance Using SolarWinds
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Lecture 6 & 7.pdf
Lecture 6 & 7.pdfLecture 6 & 7.pdf
Lecture 6 & 7.pdf
 
Cisa domain 4
Cisa domain 4Cisa domain 4
Cisa domain 4
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
Project on multiplex ticket bookingn system globsyn2014
Project on multiplex ticket bookingn system globsyn2014Project on multiplex ticket bookingn system globsyn2014
Project on multiplex ticket bookingn system globsyn2014
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
SOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataSOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp Drata
 
Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)Hospital E-Token Management(outdoor)
Hospital E-Token Management(outdoor)
 
Anil kumar sap security and grc consultant
Anil kumar sap security and grc consultantAnil kumar sap security and grc consultant
Anil kumar sap security and grc consultant
 
Employee Management System
Employee Management SystemEmployee Management System
Employee Management System
 

Recently uploaded

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

How can managed services improve your SAP security and compliance? [Webinar]

  • 1. How can managed services improve your SAP Security and compliance? Let’s take a look on some specific customer cases.
  • 2. The everyday life of an SAP system: Attacks on all levels.
  • 3. Facts and figures on security incidents. Source:CostsofDataBreach2019 Roundabout 314 days are needed for companies to detect and contain an attack. 7month and containment another 70days Identification usually takes 67% of the costs are incurred in year 1 For a security incident and in year 2 and 3 another 33% 3.5 Mio € is the average cost of a data breach. 25,575 datasets. lost With an expected average of - 7 -
  • 4. SAP Security & Compliance – comprehensive and continuous.  SAP technology is becoming increasingly complex - also due to S/4HANA.  The topic of SAP security is constantly evolving, as well as the knowledge of the attackers.  Protection against cyber attacks is time- and resource-intensive.  Protection against (supposedly) unlikely cyber attacks is therefore put behind.  In-house, there are rarely vacant resources or only limited experience in this special field.  Highly specialized knowledge is hardly available, and building up such know-how takes a long time.  Monitoring and SIEM tools are often useless without the necessary context knowledge. Continuous and comprehensive SAP protection can be expensive and complex.!  SAST Managed Services provide a fast and reliable supplement for missing resources. The challenge - 8 -
  • 5. Placebo for your IT security: alarm tiredness ! - 9 - “Permanent security alerts often lead the IT department to switch to an ignorance mode, due to high rate on false alarms. Thus, only about 5 percent of the alerts can really be thoroughly investigated.“ Computerwoche
  • 6. Our approach: From the pure event to the whole story. - 10 - Collect Log Data Critical/relevant events Intelligent log filters Complex events Critical Stories Identify log sources Consolidate data across systems Filter irrelevant events +3500 filters in SAST Security Radar Individually adjustable and expandable filters Predefined prioritization of criticality Event combinations, from critical and noncritical events Consideration of business processes Individual risk assessment  Focus on individual, targeted scenarios! Log Entries Potential Threats
  • 7. Our Security Monitoring as a Service: - 11 - REAL-TIME MONITORING SOC TEAM
  • 8. Hardening your SAP systems and ongoing health check. Continuous monitoring of critical system configurations. Constant threat analyses. Preventing critical transactions and reports, system changes, etc. Logging unwanted downloads from the systems. Our Managed Services for you: PLATFORMSECURITY   IDENTITY&USER ACCESSMANAGEMENT Ongoing support in authorization management. User application and change workflows. Preventing conflicts from segregation of duties (SoD). Supporting role design and partial automation of management with the help of template roles for all branches, completely SoD-free.        - 12 -
  • 10. Initial situation  An external analysis uncovered vulnerabilities in the SAP system configuration and also in the authorization management.  The primary issue was, that the truly critical security incidents were not transparent.  Due to the complexity of the SAP system landscape, the project could not be managed with its own resources. There was also a lack of internal security expertise. Example: Redesigning the risk management at Linde Group. Project goals 1. Visible and quick success. 2. Professional and efficient setup of a complete coverage already during the project phase. 3. The daily business should be able to continue in parallel. - 14 -
  • 11. Project implementation  Built all around protection for the 15 largest SAP landscapes worldwide with over 20,000 SAP users.  System hardening covering interface reassessments and gateway hardening.  Optimization of all critical SAP basis authorizations roles.  Establish continuous monitoring of critical configurations, threats and vulnerabilities. Example: Redesigning the risk management at Linde Group. - 15 - Advantages for Linde Interim strengthening of internal team resources. Built up long-term expertise in the specialized SAP security area. Notified in case of highly critical event in real time and their reduction up to 80%.   
  • 12. - Klaus Brenk - “With regard to the analysis and evaluation, our team will benefit in the long term of the cooperation. And thanks to the optimal process automation, the number of necessary inspections has been significantly reduced.”
  • 14. Initial situation  Major German bank.  Monitoring up to 62 systems.  No cyclic monitoring of the system configuration and critical authorizations.  No regular reporting to monitor compliance within processes and configurations. Example: Managed Service Authority and Security - 18 - Project requirements 1. Permanent real-time monitoring of critical SAP systems. 2. Evaluation and assessment of security events. 3. Consistent and demand-oriented adaptation of filter settings and rules. 4. Feedback of the evaluations to SAP operations and security organization. 5. Optimization and hardening recommendations for the SAP operation. 6. Recommended actions for changes to the SAP system or the applications (e.g. different parameter settings, users with critical authorizations and source code changes). 7. Update of the inspection policy based on recommendations e.g. from SAP, BSI or DSAG.
  • 15. Example: Managed Service Authority and Security Advantages for the customer: Delivery of the security and status reports agreed according to the scope of services. Professional preparation of recommendations for security team. Information about necessary adjustments and their implementation in the tool based on technical and legal requirements. High transparency about users and administrators. Detection of mass data downloads. Abuse of administrative privileges. Hidden SAP_ALL assignment / self assignment of authorizations. - 19 -       
  • 16. Case 3: User and Authorization Administration (also available as a temporary service)
  • 17. Initial situation  The aim of this project was to standardize authorization assignment and management in all existing SAP systems in order to continuously increase SAP security and compliance.  The necessary resources were not available on the customer side.  The SAST SUITE was purchased in order to optimize analysis and administration processes. SAP User and Authorization Administration - 21 - Project requirements 1. Introduction of an authorization concept for quality-assured role administration. 2. Support of the user and authorization administration. 3. Assistance with troubleshooting in case of insufficient access rights. 4. Checking the roles to be created for conflicts with the company's own set of rules. 5. Permanent authorization monitoring and reporting.
  • 18. Story 1: Privilege escalation by use of reference users. - 22 - What happened?  The customer has prohibited the use of User DDIC, SAP* etc. and administrative access rights have been severely restricted.  User administrator <USERADMIN> has the right to assign roles, profiles and reference users. The assignment of roles and profiles was subject to a weekly review.  To make changes to the system configuration, the <USERADMIN> assigned user DDIC as a reference user and gave him SAP_ALL rights. This means that the user was not detected by the implemented change controls. After changing the system configuration, the reference user DDIC was removed. SAST Security Radar had detected the following critical events:
  • 19. Story 1: Privilege escalation by use of reference users. - 23 - Analysis After consultation with the user administrator, it was obvious that this "trick" was often used to change system settings in order to circumvent the change management process. ! Lessons learned  As a countermeasure, the system settings were changed in order to prevent the assignment of privileged reference users in future.  The settings are monitored daily using SAST System Security Validation. 
  • 20. Story 2: Critical change of system configuration. - 24 - What happened? Consultants had extensive rights and changed system profile values without permission. How was the incident discovered? SAST Security Radar reports event SYSTEM_PROFILE_CHANGED of users that were not defined in the system administrator's whitelist. Analysis The consultant wanted to test web pages and therefore adjusted the ICM ports and SSL configuration according to SAP notes. ! Lessons learned Withdrawal of rights from the advisory role. Strict instruction that system changes are only executed by SAP basis team. 
  • 21. Story 3: Critical change of customizing table. - 25 - What happened? Internal users have changed customizing tables in the FI area in the production system. How was the incident discovered? SAST Security Radar reported events SYSLOG_A1_9 field content changed and CRITICAL_TABLE_CHANGED in the production system. Analysis Because the change of FI settings through authorization and customer settings was forbidden, the tables have been changed directly. To do this the role of a "trouble shooting user" got used in order to skip authorization checks in the debugger. This method has been used in the past by several user. ! Lessons learned Removal of debug/replace rights from all roles and personal instructions by the Security Manager. There have never been similar incidents again, as all users know that they are now under surveillance. 
  • 22. Security is simply a good feeling!
  • 23. Amount FTE SAP dialog user: 2,500 SAP systems: 3 Amount FTE SAP dialog user: 10,000 SAP systems: 10 Staff: Procurement and training 20.000 € 20.000 € Staff: 1st Level Monitoring 0,3 30.000 € 1,0 100.000 € Staff: 2st Level Monitoring 0,3 30.000 € 1,0 100.000 € Staff: Team Management / Service Contact 0,1 10.000 € 0,3 30.000 € Staff: Software / Rule Maintenance 0,1 10.000 € 0,1 10.000 € Software: SIEM SAP 7.500 € 7.500 € Software: Maintenance 7.500 € 7.500 € Annual costs „Do it yourself“ 115.000 € 275.000 € Annual costs „SAST Managed Services“ (all-in) 45.000 € 80.000 € SAP Security & Compliance: make or buy? An exemplary cost comparison* - 27 - * FTE costs p.a.: ~ 100.000 € Software costs SIEM SAP p.a., depreciation on 5 years : ~ 37.500 € Maintenance costs p.a.: ~ 7.500 € (Maintenance 20%) Basic version (real-time monitoring without further SAST modules) Cost reduction of up to 70% !
  • 24. SAP Security & Compliance: make or buy? Take Home Messages HIGHEST POSSIBLE SECURITY. We use experienced security consultants and SAP- certified tools for many years. STRENTHENING YOUR RESOURCES. Our experts will relieve you in the shortest possible time and deliver the first results within a few days. REAL-TIME MONITORING. We notify you immediately upon identification of vulnerabilities or attacks. ALWAYS UP-TO-DATE. Our security settings and attack databases are constantly being updated. COST REDUCTION. Reduction of your operating and personnel costs. No separate license agreements for the use of our security tools. NO CRYPTIC INCIDENT NOTIFICATIONS. We provide contextual information and clear recommendations. + + + + + + - 28 -
  • 25. Your SAP is on pole position for us. SAST Managed Services: plug & play security for your SAP systems.
  • 26. You want to achieve better SAP security and compliance – even with a small IT budget. You want to comply with the GDPR and constantly monitor your personnel data. You want to increase the security of your SAP systems, while allowing your team to remain focused on its core tasks. You not only want to register highly critical events and transactions, but also react promptly. You already have a tool in use, but neither time nor personnel are available for the evaluation. You want to test the advantages of a managed service solution. The SAST Managed Service “Starter Package“ is the right choice for you if… - 30 -      
  • 27.  Checking the essential system parameters and settings of your SAP systems.  Check your roles for critical authorizations.  Daily check for critical events and monthly report of the security status of your systems.  Categorization of all events and rapid notification of unusual incidents.  Pre-defined and proven SAST rule set with regular updates.  Installation of the SAST SUITE and setup for your SAP systems within shortest time. Advantages of the SAST Managed Service “Starter Package“:  Daily monitoring instead of annual audit! - 31 -
  • 28. DO YOU HAVE ANY QUESTIONS? WE ANSWER. FOR SURE. © Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright. All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions. The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information. TIM KRÄNZKE Director International Sales & Alliances Fon: +49 40 88173-2735 Email: tim.kraenzke@akquinet.com Web: sast-solutions.com

Editor's Notes

  1. Öffnungsklauseln: z.B. Marketing gegenüber Minderjährigen 14 bis 17