An end-to-end security strategy must also include regular checks, maintenance, and protection of authorizations, installations, and proprietary developments against internal and external threats – especially in an SAP landscape. But what roles do project organization and project management play when it comes to improving SAP security?
SAP Security
SAP patch day: How an identified vulnerability paves the way for a patch
Every month, SAP publishes a collection of new and updated SAP Notes involving vulnerabilities in the SAP software on patch day. It’s a key date in the calendar for everyone concerned about security and the subsequent system patching is often very work-intensive and time-consuming. But where do the reports come from and how does SAP find out about them? Does the software vendor intentionally search for vulnerabilities to correct?
SAP February patch day: Highly critical vulnerability in core component threatens central SAP products (key word: ICMAD) – act immediately!
A major security vulnerability, which has been assigned a top severity rating, threatens SAP ERP 6.0, S/4HANA, NetWeaver, and Web Dispatcher, among others. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert warning of potential attacks on SAP products. Patch your SAP systems IMMEDIATELY!
SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonetheless
Standard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.
Trusted system relationships simplify the logon procedure for RFC communication – but how sensible and secure is their use?
The RFC (Remote Function Call) is the main SAP technology for exchanging data between SAP systems. In addition to standard RFC connections, it is also possible to configure trusted relationships. In our technology tip, find out when you should use trusted system relationships and how you can use them securely.
Get your SAP S/4HANA migration into high gear with a sound security strategy
Seize the opportunity to take your SAP S/4HANA migration to a new level with a cleanly designed, holistically planned security and compliance strategy. After all, having structured plans from the start will reduce the workload in the long term. That’s why you should ultimately see this challenge as an opportunity as well: to improve the security of your SAP systems, streamline your role concepts, and enable use of the new system with all its benefits.
Act immediately to remedy the Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management!
Information just now officially provided as part of the November SAP Patchday describes a new critical vulnerability: The SAP Security Note 2928635 (CVE-2020-6284) is a Cross-Site Scripting vulnerability (XSS) in SAP NetWeaver Knowledge Management. Act now to close the loophole!
Interview with Ralf Kempf: Secure transformation to SAP S/4HANA
Ralf Kempf, CTO SAST SOLUTIONS, and his team have already guided many enterprises through their migration to SAP S/4HANA. He talked about his recipes for success in an interview with Ulrich Parthier, publisher of it management magazine.
Excerpts from the interview are provided below.
Vulnerability Scan, Audit, or Penetration Test: Find the right method for identifying vulnerabilities.
There are many methods for assessing the risk potential of SAP landscapes and identifying potential vulnerabilities, so it isn’t always easy to keep track of all the alternatives. Options range from vulnerability scans to audits and penetration tests. But which approach is the right one for identifying vulnerabilities depends entirely on your individual requirements.
SAP home goes rogue – preventable attack vectors through the SAP GUI
In most cases, enterprise networks are infected as a result of human error. Employees click on spoofed links, accidentally reveal their passwords to third parties, or open a file that contains unexpected malware. In attack vectors involving the SAP GUI, employees are often not to blame, because an incorrectly configured SAP system is enough to enable damage to the IT landscape.