Skip to content

The road to our new feature Security Roadmap

SAP security roadmap

Over the past months, I’ve spent a lot of time talking to customers and prospects to better understand their requirements,  challenges and motivations. In these conversations, one question has been frequently asked: “What’s the best way to move forward in SAP security after the initial security analysis?”

Christoph Nagy
CEO SecurityBridge

From the question to the concept

The question is not easy to answer in a generalized way. SAP implementations are typically complex structures consisting of SAP NetWeaver, SAProuter, SAP WebDispatcher, SAP S4/HANA, and possibly SAP Cloud. This is however a great question facing many security teams, so we discussed it with the SecurityBridge engineering team, who love a technical quandry and debate. A few discussions later, we had a concensus and a concept.

From concept to pilot

The problem with concepts is that they’re worthless unless proven. This is usually not a problem, as our experts are very good at assessing what’s feasible, but more importantly you need to know if the concept meets your clients’ requirements.

SAP security workshop

That’s why we discussed it with customers and partners. I particularly enjoy the constructive atmosphere and the open discussions and freely exchanged ideas. This gives each of our customers and partners the best opportunity to help shape the future of the solution. A few discussions later, and admittedly some changes to the initial concept, we moved on to implement a pilot.

The solution must be simple

The best solution to a complex problem is often based on a simple idea, as it proved to be in this case. Remember, customers are faced with the challenge of how to best proceed in order to increase system security. They look at an actual picture of the current system security which may contain many red lights and warnings.

SecurityBridge (from version 5.85.4 onwards) has the ability to evaluate the resolution complexity of any security issue, as well as the probability of exploitation. This is the basis for a security roadmap that can be implemented. So now, our customers can set priorities on findings that are easy to resolve but have a high risk of exploitation.

Feedback is important!

It is particularly important to ask for feedback from end-users in assessing whether the new feature is accepted and meets the intended added-value. For this purpose, all security applications included in the SecurityBridge platform have a “Send Feedback” function. Additionally, we ask our customers and partners about their experiences in the course of regular discussions. The Security Roadmap function, by the way, is well received and has already helped many SecurityBridge customers to identify and realize quick wins. More complex topics can be planned specifically on a roadmap.

Final words

Our common goal is to help you to enhance your SAP system security, and to sustain the achieved security posture holistically. This is a huge task and will be accomplished more easily and efficiently as a team. Therefore, we are continually growing the numbers of our partners and extended “team”. We’d love to share our insights with you so feel free to reach out at any time.

Posted by

Till Pleyer
Find recent Security Advisories for SAP©

Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.

Webinar: SAP Security Baseline: Surviving an SAP Audit

With the recent increase in attention to SAP security from auditors, we decided to investigate SAP baselines. We took a closer look into what SAP baselines are, how they can help you, and how to survive an audit.

Innovator für SAP-Sicherheit: SecurityBridge auf den DSAG-Technologietagen 2023

DSAG-Technologietage, das bedeutet traditionell: Wissensaustausch unter Technologen und Technologiebegeisterten. „Work in progress“ lautet das diesjährige Motto (22.- 23. März 2023, Congress Center Rosengarten, Mannheim). SecurityBridge nimmt die DSAG beim Wort und veranstaltet zusammen mit seinem Partner cbs Corporate Business Solutions Unternehmensberatung GmbH einen zweitägigen Hackathon, bei dem Studierende einen Prototyp für Security entwickeln können, unterstützt durch Coaches führender Beratungsunternehmen.
SAP security by design
Security-by-design is a principle that emphasizes the need to build security measures into software systems from the start rather than as an afterthought. SAP projects need to embed security conciseness to respect this principle and gain a cyber-resilient application. Thus, they should prioritize security when designing and implementing their SAP systems rather than attempting to bolt on security measures afterward. This can help to prevent security breaches and minimize the damage caused by cyberattacks.
coding
Remote Code Execution (RCE) vulnerability in SAP is a type of security issue that allows an attacker to execute arbitrary code on a target system remotely. has gained control of a user's click, they can execute a range of actions, such as transferring funds, changing user settings, or stealing sensitive data.
Management Dashboard
SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform—the Management Dashboard for SAP security. The SAP Management Dashboard is a no-cost, additional application for the existing SecurityBridge Platform that combines all SAP data aspects and presents the information through a customizable, single pane of glass security dashboard view.
Hacker mining SAPsecurity
SAP Cybersecurity- SAP Vulnerability
In recent years, cyberattacks against SAP systems have become more common, with attackers gaining network access and then exploring critical applications through port scanning and script-based exploration. Two examples of such attacks that use the SAP RFC SDK are the password lock attack and the password spray attack. In this article, we will outline how to detect these script-based attacks against SAP.

“SecurityBridge is committed to supporting our ecosystem of partners to continue our fast company growth. Our partners bring us the scale we need with their extensive customer relationships and substantial technical expertise that ensures customer success.”

Christoph Nagy
CEO SecurityBridge