New in The Onapsis Platform: Deeper SAP Insights and Automated Defenses
We’re excited to announce major updates to The Onapsis Platform designed to give you deeper insights, greater visibility, and more automation to strengthen your SAP application security. In response to a record number of attacks on business-critical applications, we’re launching four new capabilities: the SAP Notes Command Center to streamline patching, Rapid Controls to proactively defend against dangerous exploits, expanded our Alert on Anything capabilities for SAP BTP, and expanded our Coverage Analysis in Onapsis Security Advisor. These updates help you eliminate false positives, automatically validate patches, and ensure no critical systems are left unmonitored, allowing your team to stay ahead of threats and secure your most valuable data.
The Challenge: A Pivotal Moment for SAP Security
The security landscape for SAP applications is more intense than ever. This year, the industry has seen a record number of attacks targeting the business-critical applications that run your organization, leaving thousands of companies compromised. Just this month, it was reported that a large global manufacturer had been attacked and breached by the same threat actor group behind the release of a public SAP exploit in August 2025. Sophisticated threat actors are able to directly target and successfully attack business-critical systems.
Where SAP has commonly been a black box for InfoSec, it’s challenging for security teams to not only remain knowledgeable of the current SAP threat landscape but also to respond as rapidly as possible to defend their companies. As our CEO, Mariano Nunez, puts it, “This is a pivotal time in SAP security. Organizations no longer have the time to spend sorting through false positives or wondering if a patch is applied correctly; instead, they need security solutions that are customizable to their business and attack surface.”
To meet this challenge, we’re delivering powerful updates that help make it even easier for you to proactively discover threats and streamline your SAP security operations through intelligent prioritization and validation.
What’s New: A Deeper Look at the Updates
These new enhancements are integrated directly into The Onapsis Platform to give you more control over your security posture.
SAP Notes Command Center in Onapsis Assess
Patching SAP can be a complex undertaking. The new SAP Notes Command Center in Onapsis Assess empowers your team to easily take command on SAP patch days and prioritize remediation tasks with precision. The SAP Notes Command Center centralizes all activities related to SAP patching, providing deep insights into SAP Note applications and guidance on how to most effectively address the issues across your landscape, Unlike other vendors which lack this feature, Onapsis can automatically validate that all patches, including those that require manual configurations and workarounds, were applied correctly. The result is less time wasted on false positives, a reduced risk of undetected or unaddressed vulnerabilities, and validated confidence that your organization is secured.
Rapid Controls for Dangerous Exploits
When a critical vulnerability is announced, every second counts. Onapsis clients leverage our Platform to patch as well as implement compensating controls for security and compliance, when it’s improbable to update a system. We’ve now made this powerful feature even easier for customers with the ability to activate a control from your Assess scan results. Our new Rapid Controls leverage Onapsis Defend’s unique exploit detection rules (straight from the worldwide experts at the Onapsis Research Labs and their Global Threat Intel Network) to continuously monitor for any threat activity targeting the most dangerous SAP vulnerabilities. These controls help you proactively address the most critical risks and ensure your organization remains compliant with regulatory requirements, such as the EU’s NIS2 directive and new US SEC rules.
Alert on Anything for SAP BTP
As more organizations adopt SAP’s Business Technology Platform, the need for customized threat monitoring grows. We’ve expanded our already market-leading, comprehensive SAP BTP security capabilities with our popular Alert on Anything engine, a flexible feature that enables you to build and customize unlimited bespoke security controls and alerts tailored to your specific use cases and risk tolerance. No other vendor can offer the level of SAP cybersecurity support for SAP BTP that Onapsis can.
Expanded Coverage Analysis in Onapsis Security Advisor
You can’t improve your SAP security posture, if your teams don’t have the knowledge and visibility they need. The Onapsis Security Advisor now automatically identifies assets and components in your SAP landscape that are not being actively monitored for threats. This expanded visibility helps you detect and act on any unmonitored critical systems that could be a weak link in your security posture.
Taking Control of Your SAP Security
These updates are more than just new features; they represent our ongoing commitment to giving you unparalleled control over your application security in the face of escalated attacks against your critical SAP systems. As our Chief Product Officer, Sadik Al-Abdulla, says, “Onapsis’ unique insights and unmatched data set put us at the forefront of application security. With the launch of these new enhancements, organizations are able to take control of their SAP security by proactively addressing any vulnerabilities and automatically identifying assets that aren’t protected in their security landscape but could weaken or cause disruption to their SAP applications.”
Powered by threat intelligence from the Onapsis Research Labs, these enhancements empower you to proactively address vulnerabilities and strengthen your defenses against disruption.
Frequently Asked Questions (FAQ)
How do these new features fit with my existing Onapsis setup?
These capabilities are integrated directly into the Onapsis Platform modules you already use at no additional charge. The SAP Notes Command Center requires an Assess license, Rapid Controls require Assess and Defend licenses, and the coverage analysis is an update to the Security Advisor. They are designed to enhance and optimize your current product usage, so you can be even more effective with addressing risk in your critical SAP systems.
How do the new Rapid Controls work? Are the Rapid Controls only for known, patched vulnerabilities?
The Rapid Controls basically connect the dots between vulnerabilities identified by Assess and the proprietary exploit detection rules we have in Defend. Now, for critical vulnerabilities identified by an Assess scan, customers can start monitoring for exploit activity targeting that open vulnerability right from the scan results screen.
The result is very easy-to-implement, very targeted compensating controls – focused just on the asset(s) with that open vulnerability and using all of our proprietary exploit rules for that specific vulnerability. Because this monitoring is so specific, should any attack or exploitation be detected, the resulting alert will be very easy for the customer to understand and act on. They won’t have any “noise” to sift through.
This is in direct contrast with what is offered by other vendors with regards to monitoring for systems with open vulnerabilities. Because they completely lack both the threat intelligence as well as the exploitation detection capabilities Onapsis has, their monitoring rules and features are highly prone to generating both too much activity (related to business-as-usual activity that someone must review manually) and not the right targeted activity that is indicative of a real threat.Our very targeted Rapid Controls give Onapsis customers a massive advantage with defending their systems against real threat actor exploit activity explicitly targeting SAP.
Does the SAP Notes Command Center help with the manual steps in SAP Notes?
Yes. This is one of its key benefits. tThe Command Center leverages Onapsis’s unique analysis and advanced checks to automatically validate that all of the manual steps, configurations, or workarounds were actually completed.
Other vendors are simply incapable of verifying manual actions, whereas Onapsis customers can automatically validate the correct implementation of manual fixes for a vulnerability.
What types of activity can I monitor for with Alert on Anything for BTP?
The new capability allows our customers to alert on practically any BTP activity above and beyond the already market-leading coverage that Defend monitors for out-of-the-box. This gives our customers even more flexibility to further customize their monitoring as their BTP usage continues to expand and evolve. For example, you could create a rule to monitor for a single user and role changes, or you could create a bespoke rule alerting on a specific user’s login. Bespoke rules also include Defend’s native alert capabilities as well. So, for example, you could monitor for the creation of a new identity provider but include filtering to prevent triggering an alert from anything within your corporate domain, ensuring you’re not wasting time investigating “business-as-usual” activity.
