This article is the result of research done by the Onapsis Research Labs in 2023. It covered the standard capabilities provided in SAP systems to register evidence of user activity and attacks.
Reflecting on over three decades of experience in tackling enterprise security, founders & CEO’s Mariano Nunez (Onapsis) and Richard Hunt (Turnkey) will share their lessons learned and provide practical tips and best practices for securing your organization. We will examine how the approach to SAP security has shifted and the most significant threats facing organizations today and where SAP security fits within the larger context of cybersecurity.
The threat intelligence and impactful research from The Onapsis Research Labs power the security responses of the largest ERP vendors. To date, the Labs have discovered and mitigated well over 1,000 vulnerabilities and zero-day threats over the years – far and away the most by any threat intelligence group.
Over the past few months, the Onapsis Research Labs has continued our close working relationship with SAP and their Product Security Research Team (PSRT) as we helped investigate and remediate a family of vulnerabilities in SAP core systems. The SAP PSRT response has been rapid and comprehensive, demonstrating their continued commitment to protecting all SAP customers in partnership with Onapsis.
In this security briefing the Onapsis Research Labs will cover this family of vulnerabilities and provide our insights and security recommendations for you and your team.
Digital transformation and innovation remain a top priority for tech executives, but how are these projects going? And, are they delivering tangible benefits to the business?
Read this report to:
Gain visibility into SAP HEC operational environment to understand security threats, manage risk, protect supply chain integrity and avoid disruptions to business operations.
The Onapsis Platform assesses and monitors SAP environments, including those operating in the cloud, for vulnerabilities, misconfigurations and threats. With this insight, the manufacturer can understand risk to their business operations and verify that their supply chain is adequately protected, even when it is being hosted by a third-party.
A large international apparel manufacturer running multiple independent, in-house SAP systems around the world wanted to implement an additional system to cover new geographical regions, but this time running on the SAP HANA Enterprise Cloud (HEC). The business relies on these systems to run their supply chain and manufacturing processes, so ensuring performance, availability and security of the new system was critical.
While moving to SAP HEC would bring processing, analytics and performance improvements, having an SAP instance outside of their data centers for the first time, along with the shared security nature of cloud implementations, raised major concerns for the project. In order for the implementation to succeed, the manufacturer needed visibility into the SAP HEC operating environment so they could manage risk and verify that their new system was secured in line with their existing standards.
The apparel manufacturer found their ideal solution in Onapsis, including them as a mandatory security control for the SAP HEC implementation. Onapsis provided visibility into the cloud operational environment, continuous vulnerability assessment and threat monitoring, empowering the organization to understand and manage risks for their business-critical supply chain. With direct insight into the cloud environment, the manufacturer is now able to verify that their instance is being secured according to contractual obligations and their security baselines. Given this was their first cloud implementation—the first time they were no longer responsible for operating, maintaining and securing SAP themselves—this “trust, but verify” approach was an essential element to the project, powered by the data and insights provided by Onapsis.
“We knew moving our sap instance to a cloud environment would introduce new risks and we needed a solution to support the shared security model. Only onapsis provides visibility into the sap hec operational environment so we can ‘trust, but verify’ that our system is secured to our standards. We can now continually monitor risk, ensure the integrity and security of our supply chain and protect our business.”
CISO, Apparel Manufacturer
Over a decade ago, Onapsis was founded in a small office in Buenos Aires, Argentina. Today, the organization has grown by leaps and bounds with a global presence and capabilities centered around protecting the critical systems of hundreds of the world’s leading brands including 20% of the Fortune 100. Join this fireside chat with two of the founders of Onapsis – Mariano Nunez, CEO, and JP Perez-Etchegoyen, CTO – to hear their take on the state of critical application security, thoughts on modern day SAP and Oracle attacks and threat actor groups, and a new way of thinking about ERP security to protect what matters most to your organization.
Enhancing Security and Efficiency: Exploring the Benefits of DevSecOps Integration in SAP Environment
ON DEMAND
What is DevSecOps? It is the process of implementing security best practices within the application development lifecycle. As digital transformation projects accelerated work schedules on new code and applications, security frequently fell to the wayside in favor of business application output. With the average SAP system having well over 2 million lines of custom code, large global enterprises are growing more concerned about how vulnerable their critical applications may be. Join this webinar to get a better understanding of why you, too, should consider incorporating your SAP application development into a broader DevSecOps framework and some best practices on how to get started in your SAP development.
Unlocking the Security Potential of Your ERP Landscape: Discover the Five Essential Reasons for Integrating Your ERP Applications into Your Vulnerability Management Program
Frequently thought of as a “black box” for many reasons, SAP and Oracle application landscapes present challenges for modern day security professionals, which has frequently led to a policy of layered security around the critical systems that matter most. However, neglecting to include these ERP applications as part of your vulnerability management program leaves your organization more open than ever before to potential security breaches and data loss. In this webinar, let Onapsis provide you with five compelling reasons why it’s time to crack open that black box and better integrate SAP and Oracle applications into your overall vulnerability management strategy.
Utility companies, whether they are responsible for the delivery of electricity, gas, or water, need to focus on ensuring reliability, resiliency, and maintaining security for systems and data.
