Interview with Branden Newman after 6 months on the Board of Advisors
Transformational cybersecurity expert Branden Newman was appointed to the board of advisors at SecurityBridge about six months ago. This came at a time where the security industry saw an unprecedented level of attacks, and where Newman’s expertise in enterprise cybersecurity for global organizations was of enormous value to the board.
It’s probably a good time now, to reflect on the experiences.
Why have you joined as Cybersecurity Advisor at a company focussing to secure SAP?
His answer was
When I was leading information security at various multinational companies I continuously saw that SAP was neglected in the security stack. Besides, SAP was one of the top most critical business applications supporting the business processes that are critical to the organization’s success. And I was wondering why this was the case – why are we neglecting something that is so important. I went out to the market myself, looking for solutions to address the SAP security needs and even tried to implement SAP into the existing SIEM with my team. In the end, I found SecurityBridge and it provided what I was looking for across the stack from incident detection, patch management to code analysis.
You tried to integrate SAP into your SIEM. Can you outline the challenges faced?
His answer was
We were able to source specific logs into our SIEM and to establish some minor use-cases. It turned out that the security analysts couldn’t get enough information to build more detailed use-cases and correlations. The format received was not comparable with other systems where the team only needs to source one or two log sources to get the full picture. Plus, the security team just does not know enough about the specifics of SAP to build out the use-cases. Using the expertise provided from a platform like SecurityBridge turned out to be much more valuable to the monitoring and added additional capabilities like code scanning that was appreciated by the SAP development department.
We have learned from many of our today's clients that they succeeded to onboard the SAP Security Audit Log. Do you think this is sufficient?
His answer was
In the beginning, I did not know which areas to look at to secure SAP. I started purely looking at Threat Detection and realized later that I also have to pay attention to secure configuration, code vulnerability and patch management.
The Security Audit Log does not give you nearly enough information to action on incidents. There are at least a couple more information sources in SAP that need to be considered for effective correlation leading to effective detection coverage. SAP system contains a ton of security information hidden underneath the transaction log information. Security teams that have tried to onboard SAP into their monitoring understand the complexity to filter out the irrelevant from the relevant.