Skip to content

Integrating Privileged Access Management into the SecurityBridge SAP Security Platform

PAM Platform

When it comes to cybersecurity solutions, a comprehensive platform strategy integrating all capabilities into a single solution stack is rare. Nevertheless, such an approach is vital for enabling real-time, transparent information exchange, essential for security experts. 

SecurityBridge stands out in the market as the only company offering a complete, holistic cybersecurity platform for SAP. This unique platform integrates all necessary modules in SAP without the need for external technical components such as virtual appliances or operation system agent installations. Our mission is to establish SecurityBridge as an indispensable tool for SAP customers, providing robust protection against cyber incidents. 

The inclusion of Privileged Access Management (PAM) in our platform marks a significant advancement for existing and future customers. Until now, our focus was primarily on monitoring and detection. With PAM, the platform extends its capabilities to grant, manage, and audit privileged access in SAP’s ABAP/4 based products. Looking ahead, we plan to expand this functionality to include JAVA-based SAP products too. 

Working with Field Experience and Customer Feedback

Our expert team is deeply engaged with our customers to understand their needs in the ever-changing cybersecurity landscape. We comprehend that companies today face continuous streams of new cyber threats, demanding increasing adaptability and resource allocation. Therefore, our product management ensures that customer feedback gets continuously translated into top-notch solutions. In addition,  SecurityBridge maintains a large network of partner experts, fostering a community-driven approach to cybersecurity. Based on the customer and partner feedback, we identified the importance of controlling privileged access, such as, among others, SAP_ALL, to secure critical SAP applications. 

Our CTO Ivan Mans expresses his gratitude, stating, We thank our customers for participating in our first customer-shipment program. Their invaluable feedback has been instrumental in developing market-ready solutions in a fraction of the time it takes others in the industry. 

Privileged Access Management with SecurityBridge

With our current release, the SecurityBridge Platform introduces its new PAM feature to all existing customers at no additional charge, aligning with our strategy of continuous functional enhancement. Enabling this new function requires minimal configuration, easily done through the SAP Fioribased WebUI. SecurityBridge admins can configure specific authorizations, which end-users can then access via the self-service app on the Fiori Launchpad. 

Product Manager Holger Hügel comments, “The integration was a logical step. We already possess the monitoring capabilities through Threat Detection and Hyper Logging. Adding audit-compliant, secure Privileged Access Management was a natural evolution. Now, our platform not only identifies critical user activities in production systems but also assists in mitigating risk and reducing the attack vector with an efficient enforcement of the “least privilege principle” in user authorization management.” 

Roadmap and Outlook 2024

Beyond Privileged Access Management, we have identified additional needs within the SAP customer community. Our established feedback mechanisms, coupled with ongoing collaborations with SAP and leading consulting firms, have highlighted various areas for expansion. Our new PAM solution transcends traditional cybersecurity boundaries, venturing into the broader realm of Governance, Risk, and Compliance (GRC) for SAP.

Ivan Mans finally adds, “2024 will be a landmark year for SAP cybersecurity innovation at SecurityBridge. We have evaluated, planned, and estimated multiple functions to enhance detection and audit capabilities. A significant upcoming feature is the Violation Management module.” 

To stay informed about our new features and roadmap developments, follow us on LinkedIn and subscribe to our newsletter. 

Posted by 

Christoph Nagy

Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

hacking
In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.
code pc
In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.
SAP Security Patch Tuesday 2024
For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.