Hyperlogging – to boldly go where no one has gone before

Whenever Captain James Tiberius Kirk encounters an anomaly in the famous TV-Show “Star Trek”, he quickly assembles a landing team to investigate the anomaly further on the planet it sprung up. If the anomaly appears somewhere in space, Kirk would send a probe. What is the relation to SAP security, you may wonder? Well, if you want to know whether an anomaly you detected represents a harmless activity or a security breach, you need two things: more details and more data. To gather both, we have introduced what we call “HyperLogging” as a new feature in SecurityBridge.

How does HyperLogging for SAP work?

Think back to Captain Kirk and Star Trek. If they send a probe to investigate an anomaly in outer space, this probe is packed with sensors and instruments which can read details and data that could not be collected using the so-called “long-range” sensors the Starship Enterprise usually uses. Similarly, when gathering a landing team, Kirk usually employs “Pill”, the doctor – to collect medical data, if applicable; Spock, the science officer – for the scientific details, and so forth. With HyperLogging, we introduce the same capability for SAP endpoints. The Intrusion Detection Scanner instructs the agents which run on every SAP system to collect all possible data from any endpoints, such as terminals. This includes basic data such as IP address and technical details of the terminal, but also specific data such as change documents, called transactions or function modules.

Obviously, this data as such will only make sense when analyzed and correlated to other data from that terminal but also from the entire system landscape. Therefore the collected data is sent to the central controller of SecurityBridge where it can be analyzed for SAP specific attack patterns.

What makes HyperLogging different?

What makes hyperlogging fundamentally different from probes and landing teams in Star Trek, however, is also one of its best features: it will be enabled automatically. Captain Kirk and his crew need to discuss the anomaly first and only then send a landing team, which costs precious time, at least in an SAP security context. With hyperlogging enabled, whenever a preconfigured event occurs, the IDS will automatically launch a probe, to stay within the Star Trek analogy. This could be a critical account logon or a specific function module which is executed. When such an event is triggered, hyperlogging will be activated immediately, logging all available data from the terminal or server in question. Which data is logged and for how long can also be customized. Which leads us directly to the next feature.

Look back in time

before an anomaly was detected

Do you also think that those Star Trek episodes, which involve time travel are the best episodes? We certainly do, although this is not the only reason why we added time travel to HyperLogging.

While we admittedly failed in achieving what generations of scientists (and science fiction authors) have longed for, hyperlogging does let you travel back in time. Once the HyperLogging feature gets activated SecurityBridge will not only start collecting data going forward, it will also retrieve those sets of data that have already been logged. As an added benefit, all this data will also be stored redundantly within the SecurityBridge platform.

This additional data will help in quickly identifying a potential threat through the SecurityBridge correlation engine. If the threat cannot be narrowed down immediately, that additional data will also be helpful in forensic research after the actual threat has occurred. The combination of “historical” data-sets with data that is being written, while the attack is going on, will also help SecurityBridge to learn and improve the alerting for a similar attack in the future.

In other words, by enabling the HyperLogging feature of SecurityBridge, the 360° insight into your SAP security posture will be even more comprehensive than before. The only thing you’ll be missing is the famous Star Trek quote after the landing team has finished collecting data: “Beam me up, Scotty”.

SecurityBridge is a modern SAP Security Platform, natively build in SAP.  It uses an ABAP based Intrusion Detection System (IDS) to guard your SAP landscape 24/7. Its frontend is build with Fiori, which provides you an intelligent insight on the security posture of your ABAP, Java and HANA based systems.

Seeking for more information on HyperLogging? Don’t hesitate to reach out. We are happy to answer your questions. 

By submitting the form, you acknowledge that you have read and agreed to our Privacy Policy.

Posted by

Christoph Nagy
Share on linkedin
Share on twitter
Share on email

HyperLogging Product Page

Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

S/4HANA migration
SAP Cybersecurity- SAP Security Automation- Security News
“There are a few constants in life” – a statement that also applies to the SAP user community. It has always been a challenge for SAP customers to bring their large SAP environments to a current release level. Although the vendor has done a lot in the past to simplify this, it is still not a complex undertaking. However, the S/4HANA migration comes with more stumbling blocks that facilitate a chance to rethink the current SAP Cybersecurity approach.
Here at SecurityBridge, we are extremely lucky to have a team full of amazing professionals. Thanks to our team, we have achieved extraordinary things in the past couple of years. With that in mind, we thought it was time for us to start introducing you to the team that drives everything behind the scenes. And we couldn't have chosen a better example to start with than our very own, Harish Dahima! Read on and learn all about Harish's life as a Senior Product Developer, his role, and life at SecurityBridge.
SAP Cloud Connector
SAP Cloud Security- SAP Cybersecurity- Security News
Every organization constantly faces the challenge of minimizing the attack surface that an adversary could use to perform malicious operations. To do this, administrators must install the deployed components and understand them in detail to identify risks and proactively mitigate or prevent those. Today we are looking at what is necessary to protect the SAP Cloud Connector.
SAP Cycling event
Life at SecurityBridge- Partner News- Security News
It was John F. Kennedy who once said: “nothing compares to the simple pleasure of a bike ride”. And what a pleasure it has been! We had our annual bike ride with friends from Accenture, Deloitte, CGI, McCoy, Thales, KPN, Hunt &Hacket, and security leaders from major customers. We had a lot of opportunities for exchange in the cozy atmosphere among like-minded people who all love road cycling and have SAP Security improvement in mind.