Skip to content

The SAP Security Dashboard

SAP Security Dashboard

Whether security in SAP environments is relevant is not up for debate anymore. The SAP secure operations map has been around for a long time (when I worked at SAP as a product manager, it was called SAP Security Solution Map) and provides a 360-degree view of SAP security. Let’s take a deeper look 

  1. SAP Security is its domain. Given the proprietary nature of SAP, the concepts are also sometimes different, on top, or complementary. Take roles and authorizations as an example: This is a typical SAP topic, but also subject to change with the new HANA roles. The fact that you need code pieces for authority checks makes it unique, and it is well-known that you need compliance checks on top of GRC solutions. For example, the best role concepts are worthless if you don’t properly patch your system or have unprotected operating systems. All key concepts are categorized in the SAP secure operations map, making it a great way to get a complete picture.  
  1. The other issue is that there is still a gap between SAP security and IT Security teams. They often work in different departments, speak different languages, and don’t harmonize technical solutions and resulting data. 
  1. Finally, we need various levels of detail for different target groups. For example, the management team (CxO) usually cannot and doesn’t have to understand terms like Directory Traversal, or SAP gateway remote code execution. These are terms for the basis or development team. Managers need, however, to understand the risk impact of such issues to avoid bad business outcomes. 

Unified View: SAP Security Dashboard

An SAP Security dashboard is a key piece for solving the complexity issue discussed before.  

Andreas Kirchebner (SAP Security Lead Austria at Accenture and chair of the DSAG working group for SAP Cloud Security) and I recently talked about dashboards: The key concept is to visualize SAP security posture in an easy-to-digest way. 

A simple way to illustrate this would be to have a single traffic light for this with the top 5 risks that are currently the focus of mitigation activities. You should not only show risks, managers also need to understand what you have done already and where you need help. A filter can be: Top x recommendations of SAP, then the baseline topics, and then everything filtered by necessity level.  

The next level could be a system overview. A leading pharma company in France has implemented this dashboard use case. They have defined a benchmark based on the SAP Baseline Security Template and measured the compliance of each key system against it. This shows overall progress over time and which systems and areas of responsibility are covered. The CISO organization could show that the security status could be increased from 15% to 75+% in a 2-year timeframe. That is tangible, isn’t it?  

Besides status, showing the trend of SAP security is important. Do we make progress? Do we fall behind? What is the impact of migration? Or a shift to a HANA system? Or a new acquisition were some procedures need to be integrated? Etc.  

Finally, a mitigation projects list could be illustrated. What is going on? Are we on time and within budget? What’s blocking success and must be escalated?  

A dashboard should also allow it to drill down to the system owner level and the topic owner level (as defined by the SAP Secure Operations Map). Ideally, this is complemented with a knowledge base and monitoring capabilities (bridging the gap between the identification of an issue and the actual correction).  

How to get started

I have experienced many situations leaving customers “lost in space.” They had an “Über-Berater” in a project that showed them how bad their SAP security is and explained that with hundreds of examples without showing how and where to start. This usually does not work since every organization has its own pace. Knowing that 100% security is not possible, it’s better to assess where to invest and how far you can get that way (cost and benefit). We recommend the following approach (I like to draw an analogy with a big health check when you reach the mid of your life):  

  1. Start with an “anamnesis” where you determine the status of the different topics of the SAP secure operations map and the SAP Baseline Security Template. This can be tool-supported to cover as much information as you can and to be repeatable.  
  2. Ask the consultant doing this for a list of “quick wins” – aka things your organization can and should do immediately with given time and budget constraints.
  3. Based on that data targets can be defined for the different topics. What must be done and why, when, and how long will it take? That way, a roadmap can be shaped that you can use to constantly improve the SAP security level over time. 
  4. Reporting progress can be achieved by showing trending in the dashboard while monitoring helps you to be covered in areas where you cannot yet act.
  5. Regular review meetings with the management are not only useful, but they are also key to the success of a comprehensive SAP security program. Thus, a dashboard is a key requirement for getting this done.  

DSAG Requirements and status in the market

The dashboard requirement is around for quite some time. At the DSAG Technologietage in Düsseldorf in May 2022, Sebastian Westphal, DSAG Board Member for Technology, said: „Es bedarf dringend einer Umsetzung des Security-Dashboards, einer Kernforderung der DSAG seit mittlerweile zwei Jahren“.  

This implies that we are not yet there. For me, it also shows different ways of thinking. Naturally, there is a request for a security dashboard from SAP. However, I have also seen dashboard projects where SAP data is collected and added to self-made or integrated solutions (based on Microsoft Excel (yes, this is still used for this), QlikView, SAP analytics cloud, etc. There are also 3rd party solutions that contain dashboarding capabilities.  

No matter which route you take – a dashboard for SAP Security is key to being successful in mastering the SAP security challenges. And it is key to understand your reporting requirements for your organization. I would say that is the ultimate starting point and I look forward to further elaborating on this. 

Posted by

Markus Schumacher

Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

SAP Security Services
SAP Cybersecurity
Ivan Mans

Game changer: Managed SAP Security Services

Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams’ workload or due to the employee’s level of knowledge.

However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.

Read More »
Patch Management
Press coverage
Patricia Franco

SecurityBridge Releases New One-Click SAP Patch Automation 

SAP security provider SecurityBridge—now
operating in the U.S.—today announced the full integration of its SAP Security Platform with
the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform
and its membership to MISA. SecurityBridge was nominated to MISA because of the integration
of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data
Adapter that significantly simplifies security monitoring of critical and highly specific business
applications.

Read More »
SAP Security Services
SAP Cybersecurity- Security News
Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams' workload or due to the employee's level of knowledge. However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.
Patch Management
SAP security provider SecurityBridge—now operating in the U.S.—today announced the full integration of its SAP Security Platform with the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform and its membership to MISA. SecurityBridge was nominated to MISA because of the integration of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data Adapter that significantly simplifies security monitoring of critical and highly specific business applications.
Angriffserkennung für SAP
SAP Cybersecurity- SAP Identity and Authorization- SAP Threat Monitoring- Security News
Viele unserer Leserinnen und Leser erinnern sich noch an den 25. Mai 2018, Stichtag der bindenden Einführung der Datenschutzgrundverordnung, kurz DSGVO. Verstöße gegen die neue Regelung können seitdem zu drakonischen Strafen führen. Nun steht, zumindest für diejenigen Unternehmen, die zur kritischen Infrastruktur (KRITIS) von Deutschland zählen, ein ähnlicher Termin ins Haus. Am 1. Mai 2023 müssen betroffene Unternehmen ein System zur Angriffserkennung eingeführt haben.
SAP Cybersecurity Risks
SAP Cybersecurity- SAP Security Framework- Security News
Recently, we gave an insight into the known SAP attackers in our blog. Of course, it can already be deduced from this that there are internal and external SAP attackers. That is why today, we want to look at this from an SAP cybersecurity risk perspective.

SecurityBridge

One-Stop Solution, for SAP© Security

Designed and built for security experts, SAP Security Dashboard combines all relevant controls where you need and expect them! From configuration to operation, all functions are just one-click away.

SAP Security Dashboard designed by SecurityBridge is an extensive collection of tools that support security operations and monitoring for SAP based systems. The suite is divided into Apps which are built for dedicated tasks. An Event Monitor App (SBM) provides access to a Work Center View and endpoint investigation features that makes it easy to follow the path of an attack. Security alerts can lead to security incidents. Within the Security Incident App (SBI), agents have a transparent view across all incidents. Incidents can be created to document and perform a detailed investigation, or to optimize configuration. Security incidents help to document the progress and the status of ongoing investigations, required configuration adjustments, code optimization and more. Manage earlier created incidents within the Security Incident App (SBI).

Installation, configuration and fine-tuning of the intrusion detection scanner can be orchestrated centrally from within the SecurityBridge Controller Cockpit (SBC).

Highlights

The following section lists the highlights of each App and its Availability

Event
Monitor
(SBM)

Collect, monitor and triage all security relevant events across your entire SAP landscape.

  • Centralized monitoring, independent of your landscape size.
  • Follow the path of an attacker.
  • Visualize events originating from a terminal and/or account in a timeline view.
  • Raise security incidents directly from the event monitor.
  • Find additional information about an event, explaining the risk.
  • Work Center view showing the most recent events.
  • Statistics and Reporting section.
  • And more…

Configuration
Cockpit
(SBC)

SecurityBridge includes a central cockpit for efficient, landscape-wide customizing.

  • Centrally monitor alerts across all systems.
  • Customize IDS across all agents from a single cockpit.
  • Add and remove agents.
  • Configure automated event actions.
  • Check the health-status for all agents.
  • Configure and monitor SAP-SIEM integration.
  • Launch and control the intrusion detection system.
  • And more…
SBC Configuration Cockpit

Security Incident
Management (SIM)

A Security Incident documents the progress and mitigation for one, or multiple, security alerts. Incidents can include data breach investigations, configurations deviating from your security baseline, mitigating insecure coding and fine-tuning of the SecurityBridge filter settings.

  • Find, track and manage incidents.
  • Add additional details and comments to document your forensics.
  • Involve different teams and stakeholders.
  • Utilize a standardized interface to integrate with ITSM tools.
  • And more…
Security Incident & Response

Security & Compliance
Monitor
(SCM)

Staying compliant with internal and external policies has become a constant challenge for SAP systems. SecurityBridge delivers a Security & Compliance Monitor to help you stay on track.

  • Zoom in on your security posture, from landscape to system to single use case.
  • Visualise the attack surface.
  • Detailed information on the risk factor for each individual use case.
  • Configure compliance checks to alert of violations.
  • And more…