Sensitive enterprise data demands special protection. In addition to company-specific protection requirements, industry-specific specifications and legal regulations must also be observed. Minimizing the risk of losing critical data from SAP systems requires a variety of coordinated measures, collectively known as “data loss prevention”.
Real-time monitoring
Knock, knock! What if a hacker has already broken in when your IT auditor is at the door?
The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?
New customer: TRR opts for SAST SUITE on the occasion of their upcoming S/4HANA conversion
We are very pleased to be able to support the Swedish foundation TRR with our software solutions in the future! The company is planning to migrate their classic SAP ERP systems to SAP S/4HANA within a time frame of 6-12 months. Our SAST SUITE can be used for both the old and the new SAP landscapes.
Security dashboards – Just a buzzword or a true help with the daily security routine?
Companies that use SAP software, as well as the German-speaking SAP User Group (DSAG), are demanding security dashboards to provide for greater transparency and indicate necessary activities. The most critical risks, however, are those that arise as a combination of other events, which are not critical in and of themselves. After all, even the best dashboards aren’t able to display this kind of unidentified security incident.
Don’t lose track of the big picture – a security dashboard provides transparency for all your SAP systems
The lack of SAP security management dashboards is discussed often by the Security & Vulnerability Working Group at DSAG, the German-speaking SAP User Group. The Working Group sees such tools an essential prerequisite for developing and monitoring the improved security concepts that are urgently needed. Yet a majority of companies has yet to implement the dashboard technology although now would be a particularly good time to implement this efficient tool for mitigating attacks in light of the increasing threat level posed by malware and ransomware.
Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneously
Incorrect parameter settings in the SAP system, operating system, or database often result in serious security deficiencies. Numerous companies using a central auditing policy developed as a document are up against the same challenges. Typically, parameter values are compared manually with the target requirements, which of course is time consuming. This a lot of effort even just for one single system. As you might imagine, making the comparisons on system-landscape level is that much more complicated. By centralizing monitoring with an automated solution, you can use resources more efficiently while boosting your IT security.
Hacker attack on Düsseldorf University Hospital – cyber criminals got in through the VPN interface
In September 2020, the attack made headlines:
- Hackers responsible for IT disruption at Düsseldorf University Hospital.
- Hackers under investigation: Woman dead after attack on University Hospital.
- Hacker attack on Düsseldorf University Hospital: Investigation into involuntary homicide opened.
A hacker attack can be fatal. Data, goods and assets aren’t the only things to consider: Human lives are at stake where public spaces, in particular public health, is concerned.
SAP security: Rest easy with a threat intelligence solution
The transition of the business world to SAP S/4HANA is picking up speed: that’s why every company should start preparing an end-to-end migration strategy for the new SAP system. It is essential that this strategy consider security aspects, as well, to avoid ending up sitting on millions in subsequent costs. The solution is Threat Intelligence.
SAP home goes rogue – preventable attack vectors through the SAP GUI
In most cases, enterprise networks are infected as a result of human error. Employees click on spoofed links, accidentally reveal their passwords to third parties, or open a file that contains unexpected malware. In attack vectors involving the SAP GUI, employees are often not to blame, because an incorrectly configured SAP system is enough to enable damage to the IT landscape.
The Buchbinder case: how incorrect configurations impact data security
On January 23, 2020, news broke on one of the biggest data leaks to date in Germany. Apparently, it was possible for anyone on the Internet to gain full access to the backup of the entire database of car rental company Buchbinder. The ramifications are difficult grasp.