Incorrect parameter settings in the SAP system, operating system, or database often result in serious security deficiencies. Numerous companies using a central auditing policy developed as a document are up against the same challenges. Typically, parameter values are compared manually with the target requirements, which of course is time consuming. This a lot of effort even just for one single system. As you might imagine, making the comparisons on system-landscape level is that much more complicated. By centralizing monitoring with an automated solution, you can use resources more efficiently while boosting your IT security.
Global gas plant engineer LINDE revamps its processes.
LINDE, a global technology company with a focus on gases and processing facilities, has a sophisticated system landscape with some 60 SAP production systems around the world. A number of different service providers managed system operations and IT security management combined both centralized and decentralized approaches. Global IT security policies were defined as valid for all systems. However, checking compliance was extremely time consuming. There was always the risk that vulnerabilities in the system might be discovered too late. This is the reason why the company wanted to centralize its auditing while also automating it.
The goal: central monitoring with a detailed overview of the entire SAP system landscape.
Choosing an automated solution used at short intervals and covering the entire system landscape as much as possible conserves resources while simultaneously increasing security: vulnerabilities are detected immediately. It quickly became apparent that LINDE would need to find a suitable software solution.
Ideally, this software solution should provide a wide variety of functions for analyzing and increasing the security of SAP systems. The goal was to systematically detect incorrect parameter settings in the SAP systems, the operating system, or the database. Evaluations should regularly and automatically be executed from a central system for all connected systems, enabling all settings to be monitored in one place, allowing the threat level to be transparent at all times, and keeping the reaction time to a minimum each time a vulnerability is identified.
Automating the checks with the SAST SUITE.
LINDE decided in favor of this very approach: centralization into the Solution Manager and automation of the checks with SAST SUITE.
SAST SUITE automates a policy audit. The internal auditor can then use this to immediately evaluate the risks found. If important information is identified in the course the evaluation, it can be “paper clipped” directly to the risk. For example, if the competent auditor changes the status of a risk to “mitigated”, this indicates acceptance of the risk or a control mechanism (e.g. an approval process or a network firewall) that moderates the threat.
LINDE also benefits from the detailed description of each risk, including how to approach it. Who can view and edit the risk evaluation can be specified as certain groups of people. For example, database admins can view and edit only those risks that affect them.
When SAST SUITE is installed, it comes with both a comprehensive auditing policy, which complies with common audit standards, and also has a template for the DSAG auditing guidelines. LINDE used this standard as a basis for creating its own auditing policy.
The DSAG auditing guidelines are structured as follows:
Advantages for LINDE: analysis and real-time monitoring of all risks.
Thanks to SAST SUITE, LINDE successfully reorganized its IT security management. It is now possible to run a check on all risks across all systems at the touch of a button. And – using SAST SUITE allowed the company to establish real-time monitoring of all risks. Deviations from the defined policy are therefore detected immediately.
“The depth of experience of the SAST teams’ SAP consultants was immensely helpful for analyzing security events and investigating critical events,” explains Klaus Brenk, Head of Monitoring, QA & Governance at the Linde Group. “Last but not least, our experience of working with AKQUINET was as pleasant as it was successful.”
You, too, can take advantage of monitoring your SAP system settings centrally:
- Automate risk evaluations across systems
- Monitor an overview of your critical, global system settings at a glance
- Directly detect deviations from defined standards
- Make comments on the risk status via selected responsibilities
- Define who is responsible for risks
- Enable comparability of audit periods
- Use pre-fab policies to quickly improve security standards
Thomas Tenberge (SAP Security Consultant, SAST SOLUTIONS)
Linde is a leading global technology group operating in the industrial gases and engineering sectors in over 100 countries. In October 2018, Praxair and Linde AG came together to create Linde plc. In the following year, LINDE generated sales of $28 billion US dollars (25 billion euro). The company serves a variety of end markets including chemicals & refining, food & beverage, electronics, healthcare, manufacturing and primary metals. Linde’s industrial gases are used in countless applications, from life-saving oxygen for hospitals to high-purity & specialty gases for electronics manufacturing, hydrogen for clean fuels and much more. Linde also delivers state-of-the-art gas processing solutions to support customer expansion, efficiency improvements and emissions reductions.
Further posts on the topic: