Skip to content
Linkedin Twitter Facebook Xing
< Back to Overview

Branden Newman interview: 6 months on the Board of Advisors

Video Interview

Transformational cybersecurity expert Branden Newman was appointed to the board of advisors at SecurityBridge about six months ago. This came at a time where the security industry saw an unprecedented level of attacks, and where Newman’s expertise in enterprise cybersecurity for global organizations was of enormous value to the board.

 

It’s probably a good time now, to reflect on the experiences.

Watch the Interview

Why have you joined as Cybersecurity Advisor at a company focussing to secure SAP?

His answer was

When I was leading information security at various multinational companies I continuously saw that SAP was neglected in the security stack. Besides, SAP was one of the top most critical business applications supporting the business processes that are critical to the organization’s success. And I was wondering why  this was the case – why are we neglecting something that is so important. I went out to the market myself, looking for solutions to address the SAP security needs and even tried to implement SAP into the existing SIEM with my team. In the end, I found SecurityBridge and it provided what I was looking for across the stack from incident detection, patch management to code analysis. 

You tried to integrate SAP into your SIEM. Can you outline the challenges faced?

His answer was

We were able to source specific logs into our SIEM and to establish some minor use-cases. It turned out that the security analysts couldn’t get enough information to build more detailed use-cases and correlations. The format received was not comparable with other systems where the team only needs to source one or two log sources to get the full picture. Plus, the security team just does not know enough about the specifics of SAP to build out the use-cases. Using the expertise provided from a platform like SecurityBridge turned out to be much more valuable to the monitoring and added additional capabilities like code scanning that was appreciated by the SAP development department. 

We have learned from many of our today's clients that they succeeded to onboard the SAP Security Audit Log. Do you think this is sufficient?

His answer was

In the beginning, I did not know which areas to look at to secure SAP. I started purely looking at Threat Detection and realized later that I also have to pay attention to secure configuration, code vulnerability and patch management. 

The Security Audit Log does not give you nearly enough information to action on incidents. There are at least a couple more information sources in SAP that need to be considered for effective correlation leading to effective detection coverage. SAP system contains a ton of security information hidden underneath the transaction log information. Security teams that have tried to onboard SAP into their monitoring understand the complexity to filter out the irrelevant from the relevant. 

Watch the full Interview:

Watch the Interview

Posted by

Christoph Nagy
Find recent Security Advisories for SAP©
View Advisory for Mar'21
White Paper - Bridging the Gap How SecurityBridge Supports NIST CSF in SAP Environments
Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
Webinar SAP patch

Webinar: Why is SAP Security Patching not like Windows Updates?

The webinar, taking place on demand is all about SAP Patch Management and its challenges. The German-speaking SAP User Group (DSAG) and the American colleagues of ASUG asked why SAP security patching cannot be as simple and effective as, for example, Windows updates.
Learn more

Next-generation application security for SAP

Join experts from Fortinet and SecurityBridge to learn how speed-to-security and adequate response capabilities can become key actions in your defense again SAP cyber-attacks.
Learn more
Senior SAP Developer Singapore

Senior SAP Developer (ABAP/4 and SAPUI5 Fiori) – Singapore

Careers
As a Senior SAP Developer, you will be responsible for designing, developing, and maintaining SAP solutions while leading and guiding a team of developers. You will play a crucial role in the development of standard products, and your technical expertise and communication skills will be instrumental in ensuring the success of our projects. This role demands strong leadership, technical acumen, and the ability to collaborate effectively in an international development team.

Countering Data Breaches – An Urgent Call for Action

SAP Cybersecurity
Earlier this year, IBM presented its 18th edition of ‘The Cost of a Data Breach Report’ (you can find it here). This publication provides detailed and valuable insights into various factors related to data breaches. It is based on research carried out at 553 impacted organizations - any IT security professional should check it out. In this article, we will highlight some of this report’s findings and bring them into the context of SAP security.
We're hiring a financial controller/analyst

Financial Controller

Careers
As a Controller/Financial Analyst at SecurityBridge, you will play a crucial role in managing and optimizing financial processes, ensuring accurate reporting, and providing strategic financial insights. This is an exciting opportunity for a detail-oriented professional to contribute to the financial success of the fastest-growing cybersecurity provider for SAP systems.