Pathlock’s Vice President of Product Strategy and Customer Experience, David Vincent, recently appeared on Security Guy TV to talk about how effective preventive controls and security measures at the data and transaction level play an important part in securing ERP systems. He also takes a deep dive into the important difference between data security and data privacy.
Threat Detection
Application security: SAST SOLUTIONS is now a global player with the Pathlock Group
SAST SOLUTIONS, your Hamburg-based specialist for SAP Security and Access Governance, is now part of the new Pathlock Group, a one-of-a-kind alliance of international providers of access governance and application security solutions. The alliance’s objective is to lift the understanding and scope of end-to-end security to a new level. Our CEO Bodo Kahl and CTO Ralf Kempf talk about the perspectives that will be opening up to SAST SOLUTIONS and its customers.
SAP February patch day: Highly critical vulnerability in core component threatens central SAP products (key word: ICMAD) – act immediately!
A major security vulnerability, which has been assigned a top severity rating, threatens SAP ERP 6.0, S/4HANA, NetWeaver, and Web Dispatcher, among others. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert warning of potential attacks on SAP products. Patch your SAP systems IMMEDIATELY!
Why are SIEM tools blind to SAP? An interesting question, and not only for operators of critical infrastructure who are migrating to SAP S/4HANA.
Cybersecurity is a hot topic right now: increasing numbers of external attacks on company networks during the pandemic and the further professionalization of the attackers have made it even more important. In recent months, we’ve been reading about attacks on companies almost every day, which have suffered consequences up to and including total shutdowns that lasted for days. What elements of SAP security have changed, for whom is Germany’s IT Security Act 2.0 relevant, how can you take this account during migration to SAP S/4HANA, and what can every company do to improve SAP security?
SAP Cyber Security: Five questions and answers about effectively monitoring SAP systems
Do companies need a comprehensive security strategy for their SAP systems? The objective should be the integration into the bigger picture. Due to the lack of structures for overall security, however, security measures on a smaller scale are frequently omitted. It is therefore necessary to optimize internal control systems and – particularly for securing SAP systems – and to establish comprehensive monitoring. Learn more open the interplay of point in time and time frame of the security monitoring.
Rectify your top findings before the external auditors arrive!
Once a year, as every SAP administrator and security manager knows, the annual external audit is a given. Despite this, the current risk situation of the SAP systems is often uncertain. Have all the vulnerabilities from the last audit really been taken care of? Have new risks arisen in the meantime? If you don’t take active countermeasures, you might end up in the same situation again and again.
Full transparency thanks to security dashboard – how DÜRR IT Service GmbH protects its SAP systems in real time
Do you run multiple SAP systems in a hybrid landscape? Are you worried about how you can protect them in real time above and beyond the authorization level? A variety of challenges can arise in such situations, because the implementation of security-relevant measures is time and resource-intensive.
SAP security: Why SIEM doesn’t spot everything and how you can draw attention to SAP incidents nonetheless
Standard SIEM monitoring is often insufficient to ensure SAP security, because the specific SAP logs and analyses can’t be interpreted and, consequently, attack patterns cannot be identified or recognized. Why this is the case, what companies can do to integrate SAP in their monitoring nonetheless, and why this end-to-end safeguarding can deliver additional benefits – our CTO Ralf Kempf explains it all in an article for it management magazine.
Data Loss Prevention – protect your sensitive data!
Sensitive enterprise data demands special protection. In addition to company-specific protection requirements, industry-specific specifications and legal regulations must also be observed. Minimizing the risk of losing critical data from SAP systems requires a variety of coordinated measures, collectively known as “data loss prevention”.
Knock, knock! What if a hacker has already broken in when your IT auditor is at the door?
The procedure is well-known at SMEs and large companies: Every year, the auditor comes around for the IT audit, which is carried out as part of the annual overall review. The general objective is to ensure the security and integrity of the audited system (usually the SAP system used for accounting) and to identify potential risks. A management letter then describes follow-up measures to mitigate these risks in future. But does this approach still make sense today?