On every second Tuesday of each month, SAP releases new Security Notes. Many SAP administrators install these patches relatively quickly – but are they putting too much faith in the security they provide?
Very few customers know that security gaps can still be exploited.
Machine learning, Internet of Things and Blockchain are some of the new concepts that SAP Leonardo is bringing to the SAP ecosystem to reduce TCO, optimize business processes, and add more value to companies. If these terms are unknown territory for you, our new blog series “IT trends explained easily” is just right for you.
Our first article is about Machine Learning algorithms and how they can be applied.
Last year, WannaCry brought some companies to the edge of absolute ruin. While the most common entry vectors are known, companies are still making it much too easy for hackers.
Officially, emails were to blame for the largest-scale cyberattack in recent years. If users clicked on the mail attachment, WannaCry implanted malware into the computers, propagated itself, and encrypted accessible data in the blink of an eye. In an alternative scenario, hackers had infiltrated the manufacturer of a subsystem and built the malware code into a software patch.
While unfamiliar emails can simply be deleted, the deployment of such a patch can undermine the in-house security system with breathtaking speed.
Practical tip: How you can easily prevent your SAP users from being inadvertently locked out.
The parameter “icf/reject_expired_passwords” is intended to prevent SAP users from being able to log in via “http” with an expired password. So far so good…
The use of critical transactions is one of the most frequent items to be found on the lists of deficiencies prepared by auditors. And rightly so, since accessing SAP tables and ABAP programs with these kinds of transactions is unfortunately often associated with major security risks.
So how can you protect yourself from critical transaction accesses while ensuring your users have the permissions they need? Find out with our best practice tip.
One of the biggest challenges that any customer faces when migrating or redesigning their SAP authorizations is ensuring the continuity of their normal business operations. As a result, IT units are often wary of curtailing user rights – so as to avoid conflicts with business departments that would result from increased testing workloads or more frequent error messages.
With SAST Safe Go-Live Management, these problems are now a thing of the past.
In many SAP systems, there are RFC connections which address strange hostnames or even point to Amazon servers. This is due to the fact that SAP transports “RFC data garbage” from its own development computers to the customer during new installations.
Read our practical tip to discover the connections which this affects.
You might already know that, as of Release 7.40 Sp8, you can use SAP security policies to define user-specific security parameters, contrary to the system profile values. But did you also know that you can inadvertently weaken secure values such as login restrictions and password complexity as a result?
Our practical tip will show you how to effectively prevent such a weakening.
GRC tools, IT vulnerability analysis, authorization management, SIEM management – these are four of the top five topics cited by IT decision-makers when asked which current and future technologies are of vital importance to them. *
This means that the new release of GRC Suite SAST from AKQUINET – couldn’t have arrived at a better time to offer answers on some of the subjects that are on the minds of these managers right now. In this interview, Lars Henning (product manager for the SAST SUITE) presents the highlights of the latest version, along with some helpful tips.
Linde prioritized transparent and, in particular, timely success to guarantee a completely ensuring the security of their global SAP landscape.
At Linde, the sheer complexity of the SAP Systems meant that a Project of this scale would not be possible with internal resources and security knowhow alone.
