SAP Cyber Security: Five questions and answers about effectively monitoring SAP systems

SAST Blog: SAP Cyber Security: Five questions and answers about effectively monitoring SAP systemsDo companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.

Continue reading

Rectify your top findings before the external auditors arrive!

Rectify your top findings before the external auditors arrive!Once a year, as every SAP administrator and security manager knows, the annual external audit is a given. Despite this, the current risk situation of the SAP systems is often uncertain. Have all the vulnerabilities from the last audit really been taken care of? Have new risks arisen in the meantime? If you don’t take active countermeasures, you might end up in the same situation again and again.

Continue reading

SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonetheless

SAST Blog: SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonethelessStandard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.

Continue reading

Knock, knock! What if a hacker has already broken in when your IT auditor is at the door?

SAST Blog: What if a hacker has already broken in when your IT auditor is at the door? The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?

Continue reading

Security dashboards – Just a buzzword or a true help with the daily security routine?

Expert talk of IT-Onlinemagazin with SASTCompanies that use SAP software, as well as the German-speaking SAP User Group (DSAG), are demanding security dashboards to provide for greater transparency and indicate necessary activities. The most critical risks, however, are those that arise as a combination of other events, which are not critical in and of themselves. After all, even the best dashboards aren’t able to display this kind of unidentified security incident.

Continue reading

Don’t lose track of the big picture – a security dashboard provides transparency for all your SAP systems

SAST Blog: Don’t lose track of the big picture – a security dashboard provides transparency for all your SAP systemsThe lack of SAP security management dashboards is discussed often by the Security & Vulnerability Working Group at DSAG, the German-speaking SAP User Group. The Working Group sees such tools an essential prerequisite for developing and monitoring the improved security concepts that are urgently needed. Yet a majority of companies has yet to implement the dashboard technology although now would be a particularly good time to implement this efficient tool for mitigating attacks in light of the increasing threat level posed by malware and ransomware.

Continue reading

Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneously

SAST Blog: Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneouslyIncorrect parameter settings in the SAP system, operating system, or database often result in serious security deficiencies. Numerous companies using a central auditing policy developed as a document are up against the same challenges. Typically, parameter values are compared manually with the target requirements, which of course is time consuming. This a lot of effort even just for one single system. As you might imagine, making the comparisons on system-landscape level is that much more complicated. By centralizing monitoring with an automated solution, you can use resources more efficiently while boosting your IT security.

Continue reading