Data breaches occur all too often and organizations are frequently left blindsided. As a result, cybersecurity has become a board-level issue across all industries. According to a recent survey of global business leaders, cyber risk is regarded as one of the most significant threats faced by corporations today, and is consistently rated higher than legislation, regulation, and other risks.1
Even SAP systems are not immune from the anxiety surrounding cybersecurity. The architecture and complexity of SAP landscapes, as well as the form and volume of data typically managed within SAP systems, makes them targets for attackers. This was illustrated by the discovery of a modified Trojan that was targeting SAP clients in 2013. The malware targeted SAP GUI configuration files and was capable of malicious activities such as logging keystrokes; capturing logon credentials; and identifying, copying, and exporting files.
Responding to such threats is a daunting challenge. However, SAP customers do not have to look far for the tools to secure their systems from cyber threats. In fact, SAP offers a variety of tools with standard license agreements that can be leveraged immediately at zero cost.
Advanced Security Diagnostics in SAP Solution Manager
One example of a standard SAP security solution is Configuration Validation (CV), a diagnostics tool that is delivered with SAP Solution Manager 7.0 and above. CV performs automatic scans of managed systems against security benchmarks and triggers alerts for vulnerabilities in SAP parameters, Remote Function Call (RFC) destinations, network filters, password policies, web services, user authorizations, missing security-related SAP Notes, and other areas typically targeted by cyber attackers.
SAP offers a variety of tools with standard license agreements that can be leveraged immediately at zero cost.
CV leverages information repositories within SAP Solution Manager that are automatically populated with security information through plug-ins and agents commonly installed in SAP systems. It is accessed in SAP Solution Manager through simple, user-friendly work centers and provides advanced reports on current system vulnerabilities through an integrated instance of SAP Business Warehouse that includes drill-down and filtering capabilities.
Unlike third-party software, security rules in CV are transparent rather than hard-coded. This means security checks can be customized to align with the specific security policies of each customer and the risk profile of each system. Also, it enables SAP customers to create security checks to support any compliance framework, such as the Sarbanes-Oxley Act or the Payment Card Industry Data Security Standard (PCI DSS), as well as industry-specific standards.
Other standard cyber monitoring tools available in SAP Solution Manager include End-to-End Monitoring and Alerting Infrastructure (MAI), Change Analysis, and Security dashboards. MAI delivers SMS, email, and other forms of alerts for critical vulnerabilities detected by components such as CV. Change Analysis provides detailed metrics on changes and enables users to pinpoint the root cause of security vulnerabilities. Security dashboards convey security-related data for managed systems in near real time.
Layer Seven Security empowers organizations to unlock the potential of SAP Solution Manager for automated security monitoring. We enable customers to leverage built-in, SAP-delivered security tools to protect SAP systems from cyber threats. Learn more at www.layersevensecurity.com/solutions or contact firstname.lastname@example.org.
1 Lloyd’s, “Lloyd’s Risk Index 2013” (July 2013; http://bit.ly/lloydsriskindex2013). [back]