CONTACT AN SAP EXPERT
Search
CONTACT AN SAP EXPERT

Cyber Tech Talk: Best Practices to Combat the Rapidly Evolving Threat Landscape for ERP Applications

/in /by

ON DEMAND

ERP applications power the global economy and support the most critical and complex processes for the largest organizations in the world. We all know it, and threat actors know it too. Over the past few years, the Onapsis Research Labs have seen an accelerated increase in the threats and attacks targeting ERP applications, leading to frustrating business disruptions and significant monetary loss. Join us to learn about the latest developments in the ERP threat landscape as well as three recommended best practices to keep these ERP attacks out of our business-critical systems.

Onapsis Control: Application Security Testing for Business-Critical Applications

/in /by
speak to Us

Accelerate and Secure Development with Automated Application Security Testing Built for SAP

Challenge

SAP Applications Are Increasingly Appealing Attack Targets for Threat Actors

These highly customizable ERP systems are cornerstones of business and financial operations, containing sensitive, proprietary, and confidential data. With digital transformation projects such as SAP RISE as well as migrations to SAP S/4HANA accelerating, any organization could have multiple application development teams – contractors, systems integrators, and internal – working simultaneously on new custom code to power the business. However, these projects introduce security flaws and elevated risk. Threat actors have taken notice and are more aggressively targeting SAP applications directly.1 The need for secure application development and testing has never been greater. Yet there is a lack of tools that sufficiently support SAP languages, components, and development environments, leading to over-reliance on time-consuming, error-prone manual code reviews.

43% of organizations are emphasizing security in the development of new applications 2
$50K+/HOUR average cost of ERP application downtime 3

The Solution

Save Time and Money Securing SAP Application Development with Onapsis Control for Code

Recognized by the Gartner Magic Quadrant for Application Security Testing three years in a row, Onapsis Control for Code provides automated application security testing for SAP applications, enabling organizations to build security into development processes to find and fix issues as quickly as possible.

  • Analyze and fix code with step-by-step guidelines
  • Gain visibility into 3rd party developed code 
  • Identify common code errors and remediate them in a mass correction with one-click fix 
  • Integrate with a wide variety of SAP development environments

Better Identify and Mitigate Application Development Risk (On Page Graphics) 

  • Reduce Time to Identify Code Vulnerabilities
    Discover risks to production earlier in the development cycle
  • Gain Visibility into Third Party Code
    Ensure contractors adhere to best practices for secure development
  • Create a Security Baseline for Code and Enable a ‘Clean’ Slate
    Remediate existing custom code prior to migrating to the cloud or an SAP RISE transformation

“We have much higher confidence that our changes won’t add risk or disrupt the business.”

–F100 Chemical Company

Build Security into Agile Development 

  • Automate Developer-Centric Application Security Testing
    Replace time-consuming manual testing with automated assessments
  • Streamline Remediation for Code in Development
    Gain step-by-step instructions to remediate complex code development errors
  • Mitigate Common Code Errors Easily
    Leverage automatic bulk code identification and remediation tool to resolve common code errors

“Reduced both our time and costs for reviewing code by almost 70%.”

– F500 Global Manufacturing Company

Improve Your App Security and Compliance

  • Integrate with Common SAP Development Environments
    Drive alignment across the organization between SAP, Development, and Security teams
  • Mitigate Security Risks That Lead to Downtime
    Prevent code issues from negatively impacting system security, compliance, performance, or availability
  • Build the Latest Threat Insights into Your Development
    Keep up with the latest security best practices from Onapsis Research Labs

“Onapsis enables us to prove our code is secure and compliant and ensures [it] meets our high standards.” 

– US Defense Health Agency

1 https://onapsis.com/active-cyberattacks-business-critical-sap-applications 
2 Ponemon Institute, Reducing Enterprise Application Security Risks: More Work Needs to Be Done; February 21
3 https://onapsis.com/active-cyberattacks-business-critical-sap-applications

Security Survey Insights Dach 2022

/in /by

Insights zu aktuellen Trends im Bereich SAP-Sicherheit Statements aus der SAP-Community

ON DEMAND

In diesem kompakten Webinar möchten wir Ihnen die Ergebnisse der Security-Umfrage DACH 2022 vorstellen. Erfahren Sie welche Security-Topics andere Unternehmen vorantreiben und in welchen Bereichen grundlegend Handlungsbedarf besteht. Wir versorgen Sie mit aktuellen Zahlen und Handlungsempfehlungen.

Wir kläre Fragen wie:

  • Was ist bedeutet Cybersecurity für Unternehmen?
  • Welche Schwerpunkte stehen im Jahr 2022 im Vordergrund?
  • Was sind Treiber zur Verbesserung der Security?
  • Wird der Zero-Trust Ansatz bereits umgesetzt?
  • Wie oft werden SAP-Systeme angegriffen?
Onapsis Webinar

Customer Spotlight: How Dow Chemical Leverages Onapsis for Harmonized, Proactive Security & Compliance

/in /by

ON DEMAND

Traditionally, cybersecurity and compliance have been two very separate functions where oftentimes the misalignment has been emphasized more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.

Onapsis customer, Dow Chemical, discusses their journey and best practices utilizing The Onapsis Platform and how they solve these challenges–bringing their cybersecurity and compliance functions together in harmony.

Watch this session to gain an understanding of how to:

  • Harmonize and remove barriers between security and compliance/audit teams for a holistic assessment of organizational risk
  • Save budget and resources by identifying opportunities where one solution can support both cybersecurity and compliance/audit efforts
  • Develop a proactive approach to ERP by securing the application layer–vital protection for business continuity and threat remediation for faster response to zero days
  • Navigate the current regulatory landscape and save hundreds of hours with automation of critical governance activities (i.e. ICFR/SOX)”

A leading European technology trading group mitigates SAP Cyber security risks with managed service from 1DigitalTrust

/in /by
Industry: European Technology
Company Size: 900 employees

Customer Success Story

One of Europe’s leading technology trading groups within products and systems for industrial applications has secured its SAP systems all over Europe with an Onapsis cybersecurity solution delivered by 1DigitalTrust as a managed service to avoid expensive downtime to its business. 

With 3,3 billion SEK in yearly turnover and 36 business units in 14 countries, the organisation employs more than 900 people who serve more than 30,000 customers and 400 suppliers. With that customer and supplier base, it is business critical for the company to have a well-functioning and secure SAP system that will not be exposed to cyberattacks. 

Recently, the company saw how one of their competitors was hit by a ransomware attack. The company wanted to ensure that this would not happen to them. 

As a global company, it has its own resources as well as external ones distributed across different locations. That called for a structured approach to prevent security holes in the global SAP system.

“We have been able to reduce our risks significantly with the SAP Cyber security managed service from 1DigitalTrust. The costs have been planned, and we have been able to stay within the budget for mitigating the risks.”

CFO at the Company

Mitigating SAP Risks

To stay secure, 1DigitalTrust has implemented an SAP cybersecurity managed service at the company’s SAP installation. 1DigitalTrust did the installation and delivers security services, as the company does not have dedicated inhouse SAP cybersecurity resources. As a security service partner, 1DigitalTrust continuously monitors the systems. Every month, the company and 1DigitalTrust go through the current risks and plan how to mitigate the risks.  

Known Security Costs

One of the advantages for the company is that they now have experts at hand to help with mitigating all the risks. Furthermore, the company’s costs for ensuring SAP Cyber security are known. Everything concerning the monitoring and related infrastructure is included in the fee and is taken care of by 1DigitalTrust. Time to resolution for any risks has been faster than anticipated. After the initial work to remove all critical risks within the first months, the work is now more operational. When new critical risks occur, which they unfortunately will from time to time, the company has easy access to resources, and risks will be mitigated by 1DigitalTrust as soon as a solution is available.

Solution: Business Critical Cybersecurity from Onapsis

The solution from 1DigitalTrust is based on the Onapsis Platform, which focuses on the unique cyber security challenges of business-critical applications such as SAP and Oracle. Currently, the Onapsis Platform protects business-critical applications and data for over 300 global enterprises, including 20% of the Fortune 100. The Onapsis Platform also delivers timely and impactful threat intelligence to SAP and their customers to help mitigate vulnerabilities.

“We now have a structured process to evaluate and mitigate risks in SAP. That enables us to quickly and efficiently determine when and how to mitigate the risks together with the experts from 1DigitalTrust.” 

ERP Manager at the Customer

Results

  • 77 % of C-level executives (CTO, CIO, etc.) are concerned about security, when considering moving ERP applications to the cloud.
  • In 64% of the cases, ERP downtime cost per hour is higher than 50,000 USD.
  • In 74% of surveyed organizations, ERP applications are currently accessible from the Internet.

Despite efforts to patch, 62% of the respondents said that their applications have critical vulnerabilities.

Every second a large organization experiences a security breach related to their ERP system.

Avoiding Security Roadblocks to SAP S/4HANA Migrations

/in /by

Best Practices & Lessons Learned

ON DEMAND

Moving to SAP S/4HANA is a complex process, requiring collaboration from multiple stakeholders across the business to deliver the project on time and on budget.  All too often, security ends up being a roadblock to meeting those goals, but it doesn’t have to be.

KPMG and Onapsis work side-by-side with organizations to build security into their SAP S/4HANA migrations to avoid setbacks and establish secure SAP operating models. Join us for a conversation on best practices for a security-by-design approach based on our experience helping customers migrate their systems. Topics include:

  • Aligning stakeholders across security, IT, SAP Basis, and internal audit
  • Putting security-by-design into practice without interfering with or burdening SAP teams
  • The three biggest challenges we hear for each stage of a migration project and how to overcome them
  • Other lessons learned from our customers, so you can avoid those challenges yourself

How Tech Executives are Leading Organizational and Technology Change – CIO Benchmark Research

/in /by

Change has come in many forms for business and IT leaders across all industries. Geopolitical events, market forces, changing consumer behavior, and commodity price fluctuations have all put various pressures on decision makers. Add to the fact that technology is rapidly evolving and transitions to new solutions such as SAP S/4HANA and the Cloud are top of mind. In this benchmark report we examine how executives are approaching organization and technology change.

Active SAP Exploitation Activity Identified by the Onapsis Research Labs

/in /by

Threat Intel Briefing


The Onapsis Research Labs continuously monitors the evolving SAP threat landscape to rapidly identify elevated risk, trending threat behavior and activity, and vulnerabilities that are being leveraged by attackers to compromise business applications. 

The Onapsis Research Labs observed active exploitation attempts against three existing and previously patched SAP vulnerabilities. These vulnerabilities are remotely exploitable through the HTTP(s) protocol and have publicly available exploits and PoCs which facilitate its exploitation. 

As a result of this, on June 9, 2022, CISA updated its Catalog of Known Exploited Vulnerabilities to now include these three aforementioned SAP vulnerabilities. This catalog is a dynamic collection of known vulnerabilities that are currently being exploited in the wild. Mitigation and/or remediation of these vulnerabilities is mandatory for all federal civilian executive branch agencies, but this catalog also serves as an excellent repository of current exploitation activity for the private sector as well.

These three new additions only further support the continuing threat intelligence published by CISA documenting this growing knowledge and exploitation activity around older vulnerabilities for unpatched, unprotected SAP systems. It’s important to ensure that your critical systems have these SAP Security Notes effectively applied.

This session with SAP, CISA and Onapsis covers the latest developments in the Threat Landscape for SAP business-critical  applications, including:

  • The assets organizations can leverage from CISA to help with securing application
  • Which vulnerabilities are currently being exploited by threat actors
  • Tactics and behaviors that threat actors may exhibit when exploiting these vulnerabilities on unpatched SAP applications
  • How you can leverage Onapsis technology to protect your SAP applications

Sitemap  | Terms of Use | Privacy Policy   |  Quality Policy  |  Disclosure PolicySecurity Vulnerability Reporting Guidelines |  ©2025 Onapsis  |  All rights reserved