SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonetheless

SAST Blog: SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonethelessStandard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.

Continue reading

Knock, knock! What if a hacker has already broken in when your IT auditor is at the door?

SAST Blog: What if a hacker has already broken in when your IT auditor is at the door? The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?

Continue reading

Interview with Ralf Kempf and Norbert Klettner – Cybersecurity in logistics: Multinational attacks on the weakest links in the chain

SAST Blog: Interview with Ralf Kempf and Norbert Klettner – Cybersecurity in logisticsHow should companies in the port and transportation logistics sector tackle cybersecurity? Can smaller and midmarket companies even protect themselves against the growing threats? Our CTO Ralf Kempf and his colleague Norbert Klettner, Managing Director of AKQUINET PORT CONSULTING, were interviewed on this subject by DVZ, a German transportation newspaper.

Continue reading

Practical tip: How you can avoid special roles and create new organizational levels in your SAP system based on an authorization field

Practical tip: How you can avoid special roles and create a new organizational level in your SAP system based on an authorization fieldIn the standard SAP system, there are many authorization fields that are not declared as organizational levels, but instead characterized by special values. But the more authorization fields without organizational levels that contain organization-specific values like location or country, the larger the proportion of special roles grows.

However, to achieve the greatest possible transparency in role administration and avoid unnecessary authorizations – not least with system security in mind – the creation of additional special roles should be avoided wherever possible.

Continue reading

SAP compliance: the benefits of an automated audit rules at HellermannTyton

SAST Blog: SAP Compliance: the benefits of an automated audit rules at HellermannTytonWherever electricity is flowing through a cable or data is being transmitted over a fiber optics cable, HellermannTyton products are never far away. Over the last 85 years, the company has developed into a leading global provider of cable management solutions and is on track to continue this growth both nationally and internationally. This expansion is also reflected in its SAP systems and authorizations, which have grown alongside its success. Today, systems with this level of complexity are expected – internally and externally – to comply with strict requirements.

Continue reading

Improve security by redesigning your SAP authorizations – the right role template can save you time and money

SAST Blog: Improve security by redesigning your SAP authorizations – the right role template can save you time and moneyThe authorization structures at many companies have grown organically. Over the course of time, users have often been granted wider authorization privileges than they actually need for their everyday work. As a result, data availability and integrity, as well as system availability, can be critically endangered. Authorization managers see an increasing need for action to minimize the risk of SAP security incidents. After all, many more IT incidents still remain unreported compared to published cases.

Continue reading