Skip to content
how to stay ahead of SAP attackers and hackers

Staying ahead of SAP attackers

08f4ab4c66997156c778169c9fc04205?s=96&d=mm&r=g
Christoph Nagy
Managing director
May 22, 2020
3 min read
Chapters

Share Article

Being reactive is simply not enough. If threat actors didn’t innovate, security providers wouldn’t need to either. It’s hackers' ability to imagine new ways to hurt us, and then execute them at speed, that has left us trying to guess the next move.

If threat actors didn’t innovate, security providers wouldn’t need to either. It’s their ability to imagine new ways to hurt us, and then execute them at speed, that has left us trying to guess the next move. With each new embarrassing exploit, it feels like the bad guys are winning

But why is that? Within an SAP environment an attacker’s first-move advantage clearly comes down to their rapid innovations, meaning security teams always have to operate reactively.

It’s this conundrum that led the ABEX team to develop real-time threat monitoring for SAP systems. What is needed is the ability to understand what is normal for any organization so that abnormalities can be detected no matter how innovative the attackers are. These abnormalities should be detected in real-time so that threats can be removed before harm is done. We wanted to introduce non-traditional technology to the threat landscape to give security teams a fighting chance. If they are forever reacting slowly, they cannot possibly thwart cybercrimes.

Being reactive is simply not enough

Take, for example our work with a major power provider, victim of a horrendous attack back in 2019. The company immediately deployed our technology after the breach was detected, to run a retrospective analysis, which gave them the reassurance that their SAP systems hadn’t been compromised. However, had the technology been deployed in the first place, there would have been no need to worry, the threat would have been detected with remediation in place before anything harmful happened.

The problems facing the SAP security teams is that they are overwhelmed with security “catch-up’. SAP Security Notes, dealing with known vulnerabilities, are made available each month giving security teams and any attackers, insight into potential vulnerabilities.

The problem with this is that the patching and hardening work is and never can be complete, and for many vulnerabilities, such as custom code, there are no patches available.

With SecurityBridge we use advanced technology that incorporates real-time threat monitoring, real tools and actionable intelligence. Threat intelligence is about helping the security team to defenders to understand the adversary’s methods and putting measures in place to stop them being effective. The challenge for SAP defenders is knowing where and how to defend, and keeping pace. This is why the focus should be on Speed-to-Security with technology that rapidly understands your security posture with all vulnerabilities and actual threats visible. Additionally, those should be actionable in either customizable reports or directly integrated into a SIEM using over 300+ out of the box use cases.

Where traditional products fail

The problem with traditional SAP technology is that it relies on known vulnerabilities being uncovered and a patch being made available. Unfortunately, as with the 10KBlaze example, details of known vulnerabilities can and will be made public to potential attackers. There are also many vulnerabilities where there is no readily available patch, such as misuse of permissions, or unsecure code that has been released into production.

The problem with traditional SAP technology is that it relies on known vulnerabilities being uncovered and a patch being made available. Unfortunately, as with the 10KBlaze example, details of known vulnerabilities can and will be made public to potential attackers. There are also many vulnerabilities where there is no readily available patch, such as misuse of permissions, or unsecure code that has been released into production.

Understanding your SAP security posture is essential to any SAP security strategy. We offer a free Security Assessment to determine that actual vulnerability landscape with accurate intelligence that you can trust.