Skip to content

SAP Security: The Responsibility of security vendors 

Responsibility of SAP security vendors regarding SAP Security

The news is full of information about vulnerabilities in software, so it is easy to lose track due to the number of reports. Even SAP customers are sometimes surprised by new serious vulnerabilities and by the installation of the patches being a challenge.  But what happens when a security solution becomes a problem? 

In this short text, we would like to provide a few insights into the mindset and thought process of an SAP security solution provider. 

Secure architecture

Security-by-design is often used as a buzzword, which means applying core security requirements in the earliest stage of the software build process, the design phase. Hence during the design process of a new product capability or feature, we do not only evaluate technical feasibility but also validate the security aspect, ensuring the architecture remains secure by design and the default delivery is safe. 

As an example, to ensure continuous security, one needs regular updates, which may affect both -software and detection signatures- to deal with the newest vulnerabilities. 

For both convenience and accuracy, the SecurityBridge platform – entirely running at customer premises- offers remote update capabilities. However, such an update does not require an active inbound connection to the customer’s system, and surely no remote maintenance access is required nor desired.  

Another core aspect of our solution offering is that no additional components (software & hardware) are required. SecurityBridge is an add-on that adds cybersecurity functionality to the SAP technology. 

So, our approach does not introduce any bolt-on software & hardware-based technology which may enlarge the attack surface in your network, such as virtual appliances, docker, etc. 

Furthermore, all SAP data (configuration, logs, topology maps, vulnerability findings, etc.) remains in the trusted technology stack of the SAP applications. This ensures that valuable and security-relevant information does not fall into the hands of threat actors.  

Such an architectural approach ensures that communication credentials (including password hashes) remain in the SAP system and continue being actively monitored by SecurityBridge. 

Our promise to SAP customers

We protect your information as rigorously as we protect our own. We will inform you promptly and transparently of any serious product vulnerability that may affect you. We will advise the affected parties to implement a final solution or an effective workaround until a solution is available. 

As a validated and certified software, SecurityBridge applies industry best practices to validate performance, scalability, usability, security, and functional operation before release packing and public delivery. We work with partners and independent security experts to verify our results. 

For questions on the SecurityBridge Information Security Policy, please contact us via: Security@SecurityBridge.com 

 Our responsible disclosure policy can be found here: https://securitybridge.com/resp-disclosure-policy/ 

Posted by

Ivan Mans
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Webinar: Why is SAP Security Patching not like Windows Updates?

The webinar, taking place on demand is all about SAP Patch Management and its challenges. The German-speaking SAP User Group (DSAG) and the American colleagues of ASUG asked why SAP security patching cannot be as simple and effective as, for example, Windows updates.

SecurityBridge at the DSAG22: How to protect SAP systems during these times

Together with its partner, Fortinet, the SAP Security specialist company will present how to close the gap between SAP and network security in Leipzig.
SAP Security Services
SAP Cybersecurity- Security News
Many companies have recognized the need for SAP cybersecurity, but many have also realized that they cannot accomplish this alone. There are many reasons for this. It can be due to the internal teams' workload or due to the employee's level of knowledge. However, there is a solution that neither burdens your internal staff nor demands additional knowledge. A specialized managed SAP Security Service allows you to harden mission-critical systems, detect and promptly counteract non-compliance, and implement monitoring with accurate anomaly detection.
Patch Management
SAP security provider SecurityBridge—now operating in the U.S.—today announced the full integration of its SAP Security Platform with the Microsoft Sentinel cloud-native Security Information and Event Manager (SIEM) platform and its membership to MISA. SecurityBridge was nominated to MISA because of the integration of its SAP Controller to the Microsoft Sentinel dashboard. SecurityBridge is a Smart Data Adapter that significantly simplifies security monitoring of critical and highly specific business applications.
Angriffserkennung für SAP
SAP Cybersecurity- SAP Identity and Authorization- SAP Threat Monitoring- Security News
Viele unserer Leserinnen und Leser erinnern sich noch an den 25. Mai 2018, Stichtag der bindenden Einführung der Datenschutzgrundverordnung, kurz DSGVO. Verstöße gegen die neue Regelung können seitdem zu drakonischen Strafen führen. Nun steht, zumindest für diejenigen Unternehmen, die zur kritischen Infrastruktur (KRITIS) von Deutschland zählen, ein ähnlicher Termin ins Haus. Am 1. Mai 2023 müssen betroffene Unternehmen ein System zur Angriffserkennung eingeführt haben.
SAP Cybersecurity Risks
SAP Cybersecurity- SAP Security Framework- Security News
Recently, we gave an insight into the known SAP attackers in our blog. Of course, it can already be deduced from this that there are internal and external SAP attackers. That is why today, we want to look at this from an SAP cybersecurity risk perspective.