Taking the Taboo out of S_TABU Authorization Objects
SAP Authorization Objects for SAP NetWeaver AS ABAP technologies are not just blockers They are the ENABLER of access
In this article, we explore the differences between the two processes – SAP Vulnerability Management and SAP Patch Management, and how they can help bolster the security of SAP systems.
Vulnerability Management and Patch Management are processes that are linked together but are not the same. They are often assumed to be similar but are distinct with different purposes and goals.
Patch Management is a process used to update software like operating systems and applications on an asset logically and periodically. In the area of SAP systems, this means updating the operating system and database, but also the different SAP Software components of, for example, ABAP and JAVA stacks, and components like the SAP kernel executables, WebDispatchers, SAProuter, etc.
These patches can also include specific SAP bug fixes, often referred to as SAP Security Notes. The purpose of a Patch Management process is to highlight, classify, prioritize, apply, and test any missing patches on an asset. These activities can also be referred to or be part of remediation/mitigation activities.
Vulnerability Management is a process that discovers and categorizes security vulnerabilities or misconfigurations within operating systems, databases, or applications, and reports on these security vulnerabilities. A Vulnerability Management product, for example, can scan the asset and report the known vulnerabilities found along with remediation advice. This can include missing patches but has a much broader view, encompassing misconfigurations, wrong default settings, activated dangerous services, and more. In other words, Vulnerability Management extends beyond just Patch Management, which is just a part of it.
SecurityBridge’s SAP Certified solution helps and supports both the above processes by identifying and categorizing risk. Interested to learn how? Contact us to find out more about our software and follow us on LinkedIn for more SAP security-related news, articles, and whitepapers!
Posted by
Find recent Security Advisories for SAP©
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
SAP Authorization Objects for SAP NetWeaver AS ABAP technologies are not just blockers They are the ENABLER of access
SAP Security teams can kick start a comprehensive security platform and gain significant improvements already within a day What they need is a holistic platform
We are expanding our operation in the APAC region and are looking for an experienced Sales 038 Partner Manager to join our team in Singapore