Security dashboards – Just a buzzword or a true help with the daily security routine?

Expert talk of IT-Onlinemagazin with SASTCompanies that use SAP software, as well as the German-speaking SAP User Group (DSAG), are demanding security dashboards to provide for greater transparency and indicate necessary activities. The most critical risks, however, are those that arise as a combination of other events, which are not critical in and of themselves. After all, even the best dashboards aren’t able to display this kind of unidentified security incident.

Continue reading

Takeda trusts in the SAST SUITE to reduce SoD conflicts in their heterogeneous SAP landscape

AST Blog: Takeda trusts in the SAST SUITE to reduce SoD conflicts in their heterogeneous SAP landscapeTakeda, Japan’s largest pharmaceuticals company, manages its business processes in a global, heterogeneous IT landscape. From SAP ERP to SAP Cloud applications, employees work at a variety of levels, depending on their involvement in processes, and therefore need access to a number of systems. As a result, the company has to constantly review conflicting authorizations to meet strict compliance requirements, such as segregation of duties (SoD). Most standard software solutions on the market only monitor SoD conflicts and risks in a single system, however, which led the company to search for an end-to-end solution.

Continue reading

Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneously

SAST Blog: Monitoring SAP system settings centrally – how LINDE keeps an eye on all its SAP systems simultaneouslyIncorrect parameter settings in the SAP system, operating system, or database often result in serious security deficiencies. Numerous companies using a central auditing policy developed as a document are up against the same challenges. Typically, parameter values are compared manually with the target requirements, which of course is time consuming. This a lot of effort even just for one single system. As you might imagine, making the comparisons on system-landscape level is that much more complicated. By centralizing monitoring with an automated solution, you can use resources more efficiently while boosting your IT security.

Continue reading

Hacker attack on Düsseldorf University Hospital – cyber criminals got in through the VPN interface

SAST Blog: Hacker attack on Düsseldorf University Hospital – cyber criminals got in through the VPN interfaceIn September 2020, the attack made headlines:

  • Hackers responsible for IT disruption at Düsseldorf University Hospital.
  • Hackers under investigation: Woman dead after attack on University Hospital.
  • Hacker attack on Düsseldorf University Hospital: Investigation into involuntary homicide opened.

A hacker attack can be fatal. Data, goods and assets aren’t the only things to consider: Human lives are at stake where public spaces, in particular public health, is concerned.

Continue reading

Vulnerability Scan, Audit, or Penetration Test: Find the right method for identifying vulnerabilities.

SAST Blog: Vulnerability Scan, Security Audit, or Penetration Test: Finding the Right Method for Identifying Vulnerabilities. There are many methods for assessing the risk potential of SAP landscapes and identifying potential vulnerabilities, so it isn’t always easy to keep track of all the alternatives. Options range from vulnerability scans to audits and penetration tests. But which approach is the right one for identifying vulnerabilities depends entirely on your individual requirements.

Continue reading

SAP security through virus protection: practical significance for the operation of SAP systems

SAST Blog: SAP Security Through Virus Protection: Practical Significance for the Operation of SAP SystemsIt is well known that SAP systems present an attractive target for hackers and manipulators. After all, SAP systems gather all the sensitive company data in one place, making it all the more important to protect them against unauthorized access. In addition to conventional measures for improving SAP security and compliance, this includes extensive anti-virus protection adapted specifically to the requirements of SAP systems.

Continue reading

Detect and Eliminate Vulnerabilities in SAP Systems – Thanks to Security Audit and RFC Interface Analysis

SAST System Security ValidationSAP systems require special attention when it comes to their security and this is no longer news to anyone. More often than not, the ERP systems supplied from Walldorf in Baden-Württemberg store some of the most crucial and sensitive company data. That said, what is the best approach to achieving the optimum level of security? A security audit would fit the bill!

Continue reading

Audit or Penetration testing? Find your vulnerabilities before you get hurt!

SAST-Blog_Audit-vs-Pentest_Abb_1804To answer the question of which Security & Compliance check is right for you, we must first remember that the term “vulnerabilities” can refer to very different levels of your system landscape and thus refer to a number of attack vectors.

This ranges from system-side levels (e.g. operating system and network security) to the underlying database including the current parameterization of your SAP systems down to the authorizations required for operations and applications, including any SoD conflicts.

So, the first question is – how sure are you that you know where your vulnerabilities are? Continue reading