Pathlock Group News: Interview with the Security Guy TV about preventative controls, securing ERP systems, and data privacy

Interview Video PLG ENPathlock’s Vice President of Product Strategy and Customer Experience, David Vincent, recently appeared on Security Guy TV to talk about how effective preventive controls and security measures at the data and transaction level play an important part in securing ERP systems. He also takes a deep dive into the important difference between data security and data privacy.

Continue reading

Application security: SAST SOLUTIONS is now a global player with the Pathlock Group

SAST Blog: Application security: SAST SOLUTIONS is now a global player with the Pathlock GroupSAST SOLUTIONS, your Hamburg-based specialist for SAP Security and Access Governance, is now part of the new Pathlock Group, a one-of-a-kind alliance of international providers of access governance and application security solutions. The alliance’s objective is to lift the understanding and scope of end-to-end security to a new level. Our CEO Bodo Kahl and CTO Ralf Kempf talk about the perspectives that will be opening up to SAST SOLUTIONS and its customers.

Continue reading

SAP patch day: How an identified vulnerability paves the way for a patch

SAST Blog Security-AlertEvery month, SAP publishes a collection of new and updated SAP Notes involving vulnerabilities in the SAP software on patch day. It’s a key date in the calendar for everyone concerned about security and the subsequent system patching is often very work-intensive and time-consuming. But where do the reports come from and how does SAP find out about them? Does the software vendor intentionally search for vulnerabilities to correct?

Continue reading

SAP February patch day: Highly critical vulnerability in core component threatens central SAP products (key word: ICMAD) – act immediately!

SAST Blog: Act immediately to remedy the Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management!A major security vulnerability, which has been assigned a top severity rating, threatens SAP ERP 6.0, S/4HANA, NetWeaver, and Web Dispatcher, among others. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert warning of potential attacks on SAP products. Patch your SAP systems IMMEDIATELY!

Continue reading

Why are SIEM tools blind to SAP? An interesting question, and not only for operators of critical infrastructure who are migrating to SAP S/4HANA.

Ralf Kempf (SAST SOLUTIONS)Cybersecurity is a hot topic right now: increasing numbers of external attacks on company networks during the pandemic and the further professionalization of the attackers have made it even more important. In recent months, we’ve been reading about attacks on companies almost every day, which have suffered consequences up to and including total shutdowns that lasted for days. What elements of SAP security have changed, for whom is Germany’s IT Security Act 2.0 relevant, how can you take this account during migration to SAP S/4HANA, and what can every company do to improve SAP security?

Continue reading

SAP Cyber Security: Five questions and answers about effectively monitoring SAP systems

SAST Blog: SAP Cyber Security: Five questions and answers about effectively monitoring SAP systemsDo companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.

Continue reading

SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonetheless

SAST Blog: SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonethelessStandard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.

Continue reading