Skip to content

What is SAP Threat Intelligence? 

SAP Threat Intelligence

In this article, we will look at the prerequisites for SAP Threat Intelligence – and how it could look like. The generally accepted definition of Threat Intelligence is as follows: Threat intelligence is evidence-based information about cyber-attacks organized and analyzed by cyber security experts. This is also valid for SAP but must be specifically refined. 

Let’s start with an example. In December 2021, the log4j vulnerability shocked the IT divisions and prevented them from enjoying a relaxing Christmas time. The CVSS 10 Vulnerability for Log4j, a widely used component, does not have an easy fix. Instead, the IT and security experts had to search for the use of the component before delivering the fixing strategy. SAP customers had to rely on the immediate actions of the security team of SAP SE to provide a fix.  

The Log4j incident can be an example to illustrate how little insight companies usually have on which components they use.  

The missing piece:

Not knowing can be a benefit, but not when it comes to SAP security. The foundation for any form of intelligence is data, or in other words, the transparency that should be applied in the area of intelligence.  

This is an important aspect, the missing piece for Threat Intelligence for SAP is often the lack of understanding of threats and attack vectors. Companies are in the dark about missing security patches for specific components. Similarly, there is a lack of visibility into an insecure configuration actively exploited in their SAP NetWeaver application. Let us look at: What data for SAP Threat Intelligence is needed?  

Foundation for Threat Intelligence:

Often, securing the SAP systems is pushed to the end of the task list because special dependencies need to be considered. These dependencies tend to make an already complex topic even more. Furthermore, the dependencies between, for example, system configuration and customer-specific application development increase the coordination effort between the departments. To create the basis for threat intelligence concerning SAP applications, the following areas must be analyzed:  

1. System configuration: 
All security-relevant parameters and their current setting must be filed and known. At first, no dependency among the individual parameters must be known. This needs to be considered later. Each vulnerability should be classified according to exploitation risk and effort of remediation. 

2. Custom code security: 
Furthermore, there are almost always vulnerabilities in the customer’s programming in addition to SAP standard product vulnerabilities that get fixed by regular security updates. The program code needs checking for backdoors or SQL injection vulnerabilities. All vulnerabilities should be recorded and sorted according to severity.  

3. Missing security patches:  
Security patches are released on a monthly cycle by the SAP Security Response Teams. Since there is no central overview of the missing security updates for SAP systems, it is very time-consuming to collect this information. Unfortunately, this is an essential part of Threat Detection for SAP. 

4. Interface landscape:
Especially for SAP security, it is important to take a detailed look at the integration landscape and the ways of integration. SAP systems communicate via Remote Function Calls (RFC). RFC connections are set up for this purpose, which if configured incorrectly, can easily be misused by attackers.  

 5. Log collection and triaging:  
SAP systems record almost all important information required to detect attacks in various logs. For some details, a separate query, like one of the SAP user masters, must be made. The information must be freed from transactional content and reduced to security-relevant content.  

What does SAP Threat Intelligence look like?

Threat Intelligence can be applied only when data is available. It is possible to establish the actual threat intelligence through data mining, pattern recognition, and dependency matrices. We have not only implemented the methods mentioned above in our SecurityBridge but also include the statistical detection of anomalies. Through a bird-eye view, intelligent conclusions can be made that can even trigger automatic actions. Unfortunately, the threat scenario is constantly changing. Therefore, the once established catalog of use cases on the customer side has to be continuously adapted.   

Posted by

Ivan Mans
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Mastering NIST & CISA Compliance for SAP

Join us for an enlightening webinar where we simplify these regulatory frameworks, map CISA guidelines to SAP instances, and showcase how the SecurityBridge platform can assist you in achieving your SAP compliance needs.

Kickstarting Your SAP Security Journey

Do you want to kickstart your journey towards SAP security excellence? Then check out our upcoming webinar. In our webinar, we will show you how to overcome these pitfalls and kickstart your journey to SAP Security excellence. Our customer cbs consulting will talk about their experience with implementing the SecurityBridge Platform and the first milestones achieved on their SAP Security journey.
SAP vulnerability
SAP Vulnerability
As we know, SAP (Systems, Applications, and Products in Data Processing) is a widely used enterprise resource planning (ERP) software suite that helps organizations manage various business operations. No digital system is secure by nature or by default - there will always be security challenges, and SAP is no exception. In this article, we discuss the Top 10 vulnerabilities in SAP – how they affect the security of an SAP system, and finally, how to identify and manage them with SecurityBridge.
SAP security Patch day
Today, September 12th, 2023 brings the release of SAP Security Patches for the extensive enterprise application portfolio developed by the Walldorf giant. SAP released 13 new Security Notes and provided 5 updates to previously released Security Notes.
Leadership team
SecurityBridge, a leading provider of cybersecurity solutions for SAP customers, acquired Dutch SAP security specialist Protect4S. Through the acquisition, customers will benefit from an even more comprehensive one-stop-shop software platform that will improve every SAP customer’s security position across all technology stacks.
SecurityBridge

PLATFORM

Protect your SAP applications with our comprehensive SAP security solution that addresses all your security needs. Our platform seamlessly integrates within your SAP environment and provides actionable insights in hours. Reduce the risk of data breaches and compliance violations with our trusted solution.

Incident & Response

Get complete visibility into your SAP security, custom code risks, and vulnerabilities with the SecurityBridge platform.

Our brochure provides detailed information on how our platform can help protect your company from cyber threats. Discover how our cutting-edge technology helps you identify and address security risks in real-time. Download our brochure today to learn more.

SecurityBridge

Customers around the Globe rely on us

“We selected SecurityBridge as the platform most comprehensive in functionality that is completely and seamlessly integrated within the SAP technology stack. SecurityBridge’s agile and holistic approach enable us to transition very quickly and smoothly.”

Stéphane Peteytas, Head of SAP Cybersecurity at Sanofi

SecurityBridge​

PARTNERs & ALLIANCES

“The expansion of our partnership with SecurityBridge is an important step in complementing our portfolio. It will help us strengthen our position in a dynamic market environment and underpin our leading role as SAP Partner.”

Nicolaj Vang Jessen

EVP, Global Innovation & IP, Global SAP Alliances & Region NEE
NTT DATA Business Solutions AG

Protect Your Business: How SecurityBridge Can Keep Your Organization Safe

Introducing the first and only holistic, natively integrated SAP security product that addresses all aspects necessary to protect organizations against cyber threats. The SecurityBridge Platform identifies SAP vulnerabilities and risks, providing mitigation measures to safeguard your organization’s critical assets. With our product, you can rest assured that your business is protected against potential security breaches.

Fast implementation, rapid discovery, actionable insights. Advanced SAP security technology includes anomaly detection for identifying sophisticated threats.

Find out more >

Eliminate false positives, optimize Security Analyst’s effort with a specialized Security Operation Center (SOC) integration for SAP.

Find out more >

Experience truly integrated real-time threat monitoring with SecurityBridge for SAP Threat Detection. Evolving results increase awareness of your organization’s threat posture.

Find out more >

Streamline your SOC team’s focus with SecurityBridge, the easy-to-maintain, deploy, and install SAP security solution.

Find out more >

Experience a unified platform with SecurityBridge. Our open architecture enables intelligent sharing of findings across all modules.

Find out more >

Streamline your security operations with the SAP SIEM connector. Our platform offers seamless, out-of-the-box integration with leading SIEM products.

Find out more >

Automate Patch detection with SecurityBridge. Our platform detects missing patches, including SNotes and SAP Kernel Patches, for a timely implementation.

Find out more >

Get a single source of truth with our Dashboard, providing comprehensive insights in one place.

Find out more >

Report security incidents with one click, document risk acceptance inline, and access the integrated knowledge base.

Find out more >

Ready to meet security like never before?

BUSINESS CASE CALCULATOR

How much can you save?

Calculate an individual business case for SecurityBridge usage and related improvement.

CYBER SECURITY

Customer Security Story

Reinforcing the security of the global organization.

Press

Resilience, security, and responsiveness are your core operational requirements. Our solutions help you to deliver your…

alliance

How to detect SAP Attacks?

SecurityBridge integrates with Fortinet’s FortiGate a NextGen Firewall to increase the accuracy of detecting attacks on SAP applications.

Recent Highlights

The Platform receives frequent updates of attack detection patterns, compliance rules, and SAP security features. In our publications, we also inform you about active threats or security trends for SAP customers.

CISA - NIST Webinar Q3 2023
Events

Mastering NIST & CISA Compliance for SAP

Join us for an enlightening webinar where we simplify these regulatory frameworks, map CISA guidelines to SAP instances, and showcase how the SecurityBridge platform can assist you in achieving your SAP compliance needs.

SAP vulnerability
SAP Vulnerability

Top 10 Vulnerabilities in SAP

As we know, SAP (Systems, Applications, and Products in Data Processing) is a widely used enterprise resource planning (ERP) software suite that helps organizations manage various business operations. No digital system is secure by nature or by default – there will always be security challenges, and SAP is no exception.

In this article, we discuss the Top 10 vulnerabilities in SAP – how they affect the security of an SAP system, and finally, how to identify and manage them with SecurityBridge.

SAP security Patch day
SAP Security Patch Day

SAP Security Patch Day – September 2023

Today, September 12th, 2023 brings the release of SAP Security Patches for the extensive enterprise application portfolio developed by the Walldorf giant. SAP released 13 new Security Notes and provided 5 updates to previously released Security Notes.

ONE-STOP SHOP PLATFORM FOR SAP SECURITY

ABAP, HANA, JAVA, SAP CLOUD – We cover it all