At the DSAG Technology Days in Early May, the Vulnerability Management Working Group renewed its demand for a security dashboard, which SAP announced many years ago. In light of the current threat situation, it is advisable to stop waiting for it, particularly since good solutions from security specialists have become available in the interim, which also optimize the integration of SAP security with the overall enterprise security architecture. When it comes to end-to-end IT security, it is worthwhile to take a look at the operators of critical infrastructure (CIP) and the new German IT Security Act 2.0 (ITSA 2.0).
Real-time monitoring
Press release: Global security alliances in cyber warfare
In the current Digital Defense Report, Brad Smith, President of Microsoft, called for international collaboration and coalitions for a “new form of collective defense” as a comprehensive strategy against the full spectrum of destructive cyberattacks, espionage, and interference. One of the first and largest of these cyber warfare initiatives is the Pathlock Group, formed from seven leading IT security firms and now the global market leader in access orchestration and application security for mission-critical applications. One of these firms is the Hamburg-based SAST SOLUTIONS, an IT security specialist.
Pathlock Group News: Interview with the Security Guy TV about preventative controls, securing ERP systems, and data privacy
Pathlock’s Vice President of Product Strategy and Customer Experience, David Vincent, recently appeared on Security Guy TV to talk about how effective preventive controls and security measures at the data and transaction level play an important part in securing ERP systems. He also takes a deep dive into the important difference between data security and data privacy.
Security projects do not stop at the authorization concept
An end-to-end security strategy must also include regular checks, maintenance, and protection of authorizations, installations, and proprietary developments against internal and external threats – especially in an SAP landscape. But what roles do project organization and project management play when it comes to improving SAP security?
Important aspect of SAP data collection: S/4HANA embedded analytics uses the BI analysis “Authorizations”
Data collection and the subsequent analyses are important, complex processes; it’s difficult to imagine modern business processes without data analytics. To address customers’ specific needs, customer data is analyzed, material inventories are recorded automatically, and entire work processes are scrutinized to squeeze out efficiency gains. Important data collection also takes place within the SAP landscape, for example, with SAP S/4HANA embedded analytics. The check logic in the authorizations deserves special attention here.
Interview with Ralf Kempf about winning the “Top Identity and Access Management Solution Provider in Europe 2021” award
Last year came to a very pleasant end, as we won the award for “Top Identity and Access Management Solution Provider in Europe 2021”. The December issue of Enterprise Security Magazine reported extensively on our IAM solution and about the innovative features that make our software so unique. We interviewed Mr. Kempf to find out more about the software solution and the current technology trends.
SAP Cyber Security: Five questions and answers about effectively monitoring SAP systems
Do companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.
Rectify your top findings before the external auditors arrive!
Once a year, as every SAP administrator and security manager knows, the annual external audit is a given. Despite this, the current risk situation of the SAP systems is often uncertain. Have all the vulnerabilities from the last audit really been taken care of? Have new risks arisen in the meantime? If you don’t take active countermeasures, you might end up in the same situation again and again.
Full transparency thanks to security dashboard – how DÜRR IT Service GmbH protects its SAP systems in real time
Do you run multiple SAP systems in a hybrid landscape? Are you worried about how you can protect them in real time above and beyond the authorization level? A variety of challenges can arise in such situations, because the implementation of security-relevant measures is time and resource-intensive.
SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonetheless
Standard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.