In this article, we will look at the prerequisites for SAP Threat Intelligence – and how it could look like. The generally accepted definition of Threat Intelligence is as follows: Threat intelligence is evidence-based information about cyber-attacks organized and analyzed by cyber security experts. This is also valid for SAP but must be specifically refined.
Let’s start with an example. In December 2021, the log4j vulnerability shocked the IT divisions and prevented them from enjoying a relaxing Christmas time. The CVSS 10 Vulnerability for Log4j, a widely used component, does not have an easy fix. Instead, the IT and security experts had to search for the use of the component before delivering the fixing strategy. SAP customers had to rely on the immediate actions of the security team of SAP SE to provide a fix.
The Log4j incident can be an example to illustrate how little insight companies usually have on which components they use.
Not knowing can be a benefit, but not when it comes to SAP security. The foundation for any form of intelligence is data, or in other words, the transparency that should be applied in the area of intelligence.
This is an important aspect, the missing piece for Threat Intelligence for SAP is often the lack of understanding of threats and attack vectors. Companies are in the dark about missing security patches for specific components. Similarly, there is a lack of visibility into an insecure configuration actively exploited in their SAP NetWeaver application. Let us look at: What data for SAP Threat Intelligence is needed?
Often, securing the SAP systems is pushed to the end of the task list because special dependencies need to be considered. These dependencies tend to make an already complex topic even more. Furthermore, the dependencies between, for example, system configuration and customer-specific application development increase the coordination effort between the departments. To create the basis for threat intelligence concerning SAP applications, the following areas must be analyzed:
1. System configuration:
All security-relevant parameters and their current setting must be filed and known. At first, no dependency among the individual parameters must be known. This needs to be considered later. Each vulnerability should be classified according to exploitation risk and effort of remediation.
2. Custom code security:
Furthermore, there are almost always vulnerabilities in the customer’s programming in addition to SAP standard product vulnerabilities that get fixed by regular security updates. The program code needs checking for backdoors or SQL injection vulnerabilities. All vulnerabilities should be recorded and sorted according to severity.
3. Missing security patches:
Security patches are released on a monthly cycle by the SAP Security Response Teams. Since there is no central overview of the missing security updates for SAP systems, it is very time-consuming to collect this information. Unfortunately, this is an essential part of Threat Detection for SAP.
4. Interface landscape:
Especially for SAP security, it is important to take a detailed look at the integration landscape and the ways of integration. SAP systems communicate via Remote Function Calls (RFC). RFC connections are set up for this purpose, which if configured incorrectly, can easily be misused by attackers.
5. Log collection and triaging:
SAP systems record almost all important information required to detect attacks in various logs. For some details, a separate query, like one of the SAP user masters, must be made. The information must be freed from transactional content and reduced to security-relevant content.
Threat Intelligence can be applied only when data is available. It is possible to establish the actual threat intelligence through data mining, pattern recognition, and dependency matrices. We have not only implemented the methods mentioned above in our SecurityBridge but also include the statistical detection of anomalies. Through a bird-eye view, intelligent conclusions can be made that can even trigger automatic actions. Unfortunately, the threat scenario is constantly changing. Therefore, the once established catalog of use cases on the customer side has to be continuously adapted.
Posted by
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
Protect your SAP applications with our comprehensive SAP security solution that addresses all your security needs. Our platform seamlessly integrates within your SAP environment and provides actionable insights in hours. Reduce the risk of data breaches and compliance violations with our trusted solution.
“We selected SecurityBridge as the platform most comprehensive in functionality that is completely and seamlessly integrated within the SAP technology stack. SecurityBridge’s agile and holistic approach enable us to transition very quickly and smoothly.”
“The expansion of our partnership with SecurityBridge is an important step in complementing our portfolio. It will help us strengthen our position in a dynamic market environment and underpin our leading role as SAP Partner.”
EVP, Global Innovation & IP, Global SAP Alliances & Region NEE
NTT DATA Business Solutions AG
Introducing the first and only holistic, natively integrated SAP security product that addresses all aspects necessary to protect organizations against cyber threats. The SecurityBridge Platform identifies SAP vulnerabilities and risks, providing mitigation measures to safeguard your organization’s critical assets. With our product, you can rest assured that your business is protected against potential security breaches.
Fast implementation, rapid discovery, actionable insights. Advanced SAP security technology includes anomaly detection for identifying sophisticated threats.
Eliminate false positives, optimize Security Analyst’s effort with a specialized Security Operation Center (SOC) integration for SAP.
Experience truly integrated real-time threat monitoring with SecurityBridge for SAP Threat Detection. Evolving results increase awareness of your organization’s threat posture.
Streamline your SOC team’s focus with SecurityBridge, the easy-to-maintain, deploy, and install SAP security solution.
Experience a unified platform with SecurityBridge. Our open architecture enables intelligent sharing of findings across all modules.
Streamline your security operations with the SAP SIEM connector. Our platform offers seamless, out-of-the-box integration with leading SIEM products.
Automate Patch detection with SecurityBridge. Our platform detects missing patches, including SNotes and SAP Kernel Patches, for a timely implementation.
Get a single source of truth with our Dashboard, providing comprehensive insights in one place.
Report security incidents with one click, document risk acceptance inline, and access the integrated knowledge base.
Ready to meet security like never before?
Calculate an individual business case for SecurityBridge usage and related improvement.
Reinforcing the security of the global organization.
Resilience, security, and responsiveness are your core operational requirements. Our solutions help you to deliver your…
SecurityBridge integrates with Fortinet’s FortiGate a NextGen Firewall to increase the accuracy of detecting attacks on SAP applications.
The Platform receives frequent updates of attack detection patterns, compliance rules, and SAP security features. In our publications, we also inform you about active threats or security trends for SAP customers.
Join us for an enlightening webinar where we simplify these regulatory frameworks, map CISA guidelines to SAP instances, and showcase how the SecurityBridge platform can assist you in achieving your SAP compliance needs.
As we know, SAP (Systems, Applications, and Products in Data Processing) is a widely used enterprise resource planning (ERP) software suite that helps organizations manage various business operations. No digital system is secure by nature or by default – there will always be security challenges, and SAP is no exception.
In this article, we discuss the Top 10 vulnerabilities in SAP – how they affect the security of an SAP system, and finally, how to identify and manage them with SecurityBridge.
Today, September 12th, 2023 brings the release of SAP Security Patches for the extensive enterprise application portfolio developed by the Walldorf giant. SAP released 13 new Security Notes and provided 5 updates to previously released Security Notes.
SecurityBridge, a leading provider of cybersecurity solutions for SAP customers, acquired Dutch SAP security specialist Protect4S. Through the acquisition, customers will benefit from an even more comprehensive one-stop-shop software platform that will improve every SAP customer’s security position across all technology stacks.
SecurityBridge and PwC Germany announce partnership to protect SAP systems.
SecurityBridge zeigt neueste Entwicklungen bei der SAP-Sicherheit
auf dem DSAG Jahreskongress 2023
In Bremen erfahren Interessierte vom 19. – 21.9.2023, wie sie ihre SAP-Umgebungen mit
der Security Plattform von SecurityBridge sicher und zuverlässig schützen.
ONE-STOP SHOP PLATFORM FOR SAP SECURITY
ABAP, HANA, JAVA, SAP CLOUD – We cover it all
