One small step for man, one giant leap for SAP Security

SAP stability and new features

What Neil Armstrong once said when putting down his first foot on the moon is now true for SAP Security. During these very special times, our product development team has been active as ever, introducing new – sometimes even groundbreaking- functions, helping our customers to further simplify the path for securely running SAP. 

SecurityBridge customers have access to the product roadmap, which they directly also have input to. We are pleased to once again confirm we are on track in realizing committed targets. With the newly released platform features, we are on track to becoming the #1 independent, SAP native, cybersecurity platform. Our open platform solution is entirely built within the SAP technology stack,  leveraging familiar and proven technologies, which are easy to integrate with already existing IT security solutions. Our commitment to partner with trusted security service providers and advisors pays off and helps us to introduce speed-to-security.

Some features included in Version 5.80 originate from customer feedback. We would like to take this opportunity to express our special thanks to our SecurityBridge customers! We appreciate the open and close cooperation and value your comments and suggestions.

Our product management remains consistent with the direction taken on using SAP Fiori interfaces. Release 5.80 shows the first version of the Global Settings application for SecurityBridge. This new Fiori app bundles all platform settings and configuration options. With this, we further simplify the installation and long term maintenance.

Particularly noteworthy is the integration of the Transport Center solution into the SecurityBridge platform. Read more about this further down in the article.

With release 5.80 we published another major product release for our user community. The new version is already available for download in our customer portal.

Summary

Early February 2021 SecurityBridge released a major update of its SAP security platform. In addition to monthly signature updates we introduced new capabilities and general product improvements, often originating from customer feedback and industry requirements.

The highlights below are just a sample of the innovations introduced with the latest release. Customers can find a complete overview in the Release Notes.

Webinar

How to accelerate
SAP Security?

Join and listen to Sanofi’s SAP Security Leader speaking about their journey in securing a large SAP landscape.

Highlight

Global Settings

Adding and administering systems has never been easier

From within the new UI5 application, you can add and maintain agent systems, define security baselines, distribute the latest configuration across your SAP landscape, and much more. 

The new app is downwards compatible and can be used in parallel to its WebDynpro based alternative.

Highlight

Transport Center

Entire new capability: SAP Transport Management

…for many people also known as TRACE, is now shipped as a SecurityBridge module.  Transport Center is a powerful transport request manager, a power shield on top of SAP TMS (transaction STMS).  With the strategic decision to merge Transport Center within the SecurityBridge platform existing TRACE customers will soon benefit from integrated code security at transport release and deployment, without license impact. SecurityBridge customers will also benefit from enhanced transport security capabilities.  A true win-win.

Highlight

Single to multi-baseline

Check again more then just one baseline, grow your coverage

Using our predefined template, it was already possible to validate your systems against a baseline, which could be altered and enhanced by customers.

It is now also possible to verify against multiple baselines at the same time.

Highlight

Security Frameworks and Standards

Starting with the NIST Cybersecurity Framework

Security events and controls can now be linked to frameworks and an industry-standard control nomenclature.  SecurityBridge does come with a standard set of Security Frameworks and Security Standards, as of 5.80 a predefined mapping for NIST is shipped.

Highlight

Public Exploit available

The security advisory portal has been updated

Since the last update, a new attribute has been introduced for the SAP Security advisories. Whenever a publicly available exploit for an already patched vulnerability is available this is now visible.

A link to the exploit is provided in the details whenever available.

... and more

Detection Pattern updates

after recent SAP Patch Days

The detection system received various updates in response to the recent high and hot news severity notes.

Learn more about SecurityBridge here

You like it?
Share it!

Find recent Security Advisories for SAP©

SAP Security Customer Event 2024 – Hosted by SecurityBridge, Accenture & bowbridge

The premier SAP Security Customer event is back and better than ever. We’re thrilled to invite you to our ‘Secure Together’ event, set against the breathtaking backdrop of the Euromast in Rotterdam, the Netherlands.
Download the White Paper “Bridging the Gap – How SecurityBridge Supports NIST CSF in SAP Environments”. Learn how choosing the right tool can significantly shorten the journey of NIST CSF adoption and improve the security posture of SAP environments.
hacking
In SAP’s patch round of February 2022, an SAP Security Note was released with a CVSS score of 10/10 named, “Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher”. This particular type of vulnerability is not common in SAP systems and therefore interesting to look at. As patching the SAP kernel executables is often not done promptly, we can expect this vulnerability present in the customer’s systems for quite some time.
code pc
In one of our recent articles, we pointed out the use of Access Control Lists (ACLs) to better manage access control. Below, we will show a practical example of how this can be done for inbound HTTP communication with the ‘Internet Communication Manager’ (ICM) component of an SAP system.
SAP Security Patch Tuesday 2024
For February 2024, 13 new Security Notes have been released and 3 have been updated. Lets look at some highlights, starting with the ‘HowNews’ notes.