SAP Security - From Firewall to sustainable risk management
When it comes to security, the old questions about corporate culture, time and projects are literally swept aside. When a massive cyber attack initiated by organized crime is launched, any project discussion is irrelevant. How can SAP technology be positioned in the enterprise to meet these new requirements?
SAP attack vectors
From the detection of threats (Attack Vectors) to the penetration testing of SAP servers (AS ABAP and AS Java) to the investigation of the existing SAP code base, the possibilities are manifold to derive immediate measures. Additional products from our portfolio will help in the medium term to establish sustainable security in the area of SAP.
As diverse as the interests are the technologies that are used here. The old race for higher firewalls and access protection is a thing of the past. New qualities of attacks can no longer be recognized by the break through the front door, but only by behavioral patterns. Patterns of data access, data transfer and patterns of behavior in the corporate network. This is especially true for SAP systems.
SAP systems are not islands
Until now, SAP systems were "hidden" in the networks of companies and the technology of access was only known to a few. Today, the SAP system and SAP landscapes are the focus of cyber attacks. Here are not a few of the company's "crown jewels" in the form of company data, patents, production data and controls. What can adequate concepts for protecting this data look like?
Strategies for a Secure SAP Architecture
This can only be from a new perspective on a security layer, a new level of enterprise security. It is the mix of technology, organization and risk management that is a particular solution for every business. In cyber security, there is no "One Size Fits All", but must always be worked out as part of an overall strategy.
Which services do we offer?
Penetration testing, the automated detection of SAP vulnerabilities through appropriate system scans, is a first step towards inventory.
This is especially true in the days of SAP cloud systems for all systems that are not "on-premise". Here we have a lot of experience in combining security analysis inside and outside the company.
From the stocktaking through a pen test, projects can be identified which can be realized in the short and medium term. This could be projects for hardening furch external attack vectors we RFC attacks, as well as medium term code security projects in customer or offshore ABAP developments.
We also offer globally organized so-called "crowd-based web tests" that allow external and internal web applications to literally be tested to the bone by a large group of professional hackers when it comes to very critical applications.