CONTACT AN SAP EXPERT
Search
CONTACT AN SAP EXPERT

Onapsis Control: Application Security Testing for Business-Critical Applications

/in /by
speak to Us

Accelerate and Secure Development with Automated Application Security Testing Built for SAP

Challenge

SAP Applications Are Increasingly Appealing Attack Targets for Threat Actors

These highly customizable ERP systems are cornerstones of business and financial operations, containing sensitive, proprietary, and confidential data. With digital transformation projects such as SAP RISE as well as migrations to SAP S/4HANA accelerating, any organization could have multiple application development teams – contractors, systems integrators, and internal – working simultaneously on new custom code to power the business. However, these projects introduce security flaws and elevated risk. Threat actors have taken notice and are more aggressively targeting SAP applications directly.1 The need for secure application development and testing has never been greater. Yet there is a lack of tools that sufficiently support SAP languages, components, and development environments, leading to over-reliance on time-consuming, error-prone manual code reviews.

43% of organizations are emphasizing security in the development of new applications 2
$50K+/HOUR average cost of ERP application downtime 3

The Solution

Save Time and Money Securing SAP Application Development with Onapsis Control for Code

Recognized by the Gartner Magic Quadrant for Application Security Testing three years in a row, Onapsis Control for Code provides automated application security testing for SAP applications, enabling organizations to build security into development processes to find and fix issues as quickly as possible.

  • Analyze and fix code with step-by-step guidelines
  • Gain visibility into 3rd party developed code 
  • Identify common code errors and remediate them in a mass correction with one-click fix 
  • Integrate with a wide variety of SAP development environments

Better Identify and Mitigate Application Development Risk (On Page Graphics) 

  • Reduce Time to Identify Code Vulnerabilities
    Discover risks to production earlier in the development cycle
  • Gain Visibility into Third Party Code
    Ensure contractors adhere to best practices for secure development
  • Create a Security Baseline for Code and Enable a ‘Clean’ Slate
    Remediate existing custom code prior to migrating to the cloud or an SAP RISE transformation

“We have much higher confidence that our changes won’t add risk or disrupt the business.”

–F100 Chemical Company

Build Security into Agile Development 

  • Automate Developer-Centric Application Security Testing
    Replace time-consuming manual testing with automated assessments
  • Streamline Remediation for Code in Development
    Gain step-by-step instructions to remediate complex code development errors
  • Mitigate Common Code Errors Easily
    Leverage automatic bulk code identification and remediation tool to resolve common code errors

“Reduced both our time and costs for reviewing code by almost 70%.”

– F500 Global Manufacturing Company

Improve Your App Security and Compliance

  • Integrate with Common SAP Development Environments
    Drive alignment across the organization between SAP, Development, and Security teams
  • Mitigate Security Risks That Lead to Downtime
    Prevent code issues from negatively impacting system security, compliance, performance, or availability
  • Build the Latest Threat Insights into Your Development
    Keep up with the latest security best practices from Onapsis Research Labs

“Onapsis enables us to prove our code is secure and compliant and ensures [it] meets our high standards.” 

– US Defense Health Agency

1 https://onapsis.com/active-cyberattacks-business-critical-sap-applications 
2 Ponemon Institute, Reducing Enterprise Application Security Risks: More Work Needs to Be Done; February 21
3 https://onapsis.com/active-cyberattacks-business-critical-sap-applications

Security Survey Insights Dach 2022

/in /by

Insights zu aktuellen Trends im Bereich SAP-Sicherheit Statements aus der SAP-Community

ON DEMAND

In diesem kompakten Webinar möchten wir Ihnen die Ergebnisse der Security-Umfrage DACH 2022 vorstellen. Erfahren Sie welche Security-Topics andere Unternehmen vorantreiben und in welchen Bereichen grundlegend Handlungsbedarf besteht. Wir versorgen Sie mit aktuellen Zahlen und Handlungsempfehlungen.

Wir kläre Fragen wie:

  • Was ist bedeutet Cybersecurity für Unternehmen?
  • Welche Schwerpunkte stehen im Jahr 2022 im Vordergrund?
  • Was sind Treiber zur Verbesserung der Security?
  • Wird der Zero-Trust Ansatz bereits umgesetzt?
  • Wie oft werden SAP-Systeme angegriffen?
Onapsis Webinar

Customer Spotlight: How Dow Chemical Leverages Onapsis for Harmonized, Proactive Security & Compliance

/in /by

ON DEMAND

Traditionally, cybersecurity and compliance have been two very separate functions where oftentimes the misalignment has been emphasized more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.

Onapsis customer, Dow Chemical, discusses their journey and best practices utilizing The Onapsis Platform and how they solve these challenges–bringing their cybersecurity and compliance functions together in harmony.

Watch this session to gain an understanding of how to:

  • Harmonize and remove barriers between security and compliance/audit teams for a holistic assessment of organizational risk
  • Save budget and resources by identifying opportunities where one solution can support both cybersecurity and compliance/audit efforts
  • Develop a proactive approach to ERP by securing the application layer–vital protection for business continuity and threat remediation for faster response to zero days
  • Navigate the current regulatory landscape and save hundreds of hours with automation of critical governance activities (i.e. ICFR/SOX)”

A leading European technology trading group mitigates SAP Cyber security risks with managed service from 1DigitalTrust

/in /by
Industry: European Technology
Company Size: 900 employees

Customer Success Story

One of Europe’s leading technology trading groups within products and systems for industrial applications has secured its SAP systems all over Europe with an Onapsis cybersecurity solution delivered by 1DigitalTrust as a managed service to avoid expensive downtime to its business. 

With 3,3 billion SEK in yearly turnover and 36 business units in 14 countries, the organisation employs more than 900 people who serve more than 30,000 customers and 400 suppliers. With that customer and supplier base, it is business critical for the company to have a well-functioning and secure SAP system that will not be exposed to cyberattacks. 

Recently, the company saw how one of their competitors was hit by a ransomware attack. The company wanted to ensure that this would not happen to them. 

As a global company, it has its own resources as well as external ones distributed across different locations. That called for a structured approach to prevent security holes in the global SAP system.

“We have been able to reduce our risks significantly with the SAP Cyber security managed service from 1DigitalTrust. The costs have been planned, and we have been able to stay within the budget for mitigating the risks.”

CFO at the Company

Mitigating SAP Risks

To stay secure, 1DigitalTrust has implemented an SAP cybersecurity managed service at the company’s SAP installation. 1DigitalTrust did the installation and delivers security services, as the company does not have dedicated inhouse SAP cybersecurity resources. As a security service partner, 1DigitalTrust continuously monitors the systems. Every month, the company and 1DigitalTrust go through the current risks and plan how to mitigate the risks.  

Known Security Costs

One of the advantages for the company is that they now have experts at hand to help with mitigating all the risks. Furthermore, the company’s costs for ensuring SAP Cyber security are known. Everything concerning the monitoring and related infrastructure is included in the fee and is taken care of by 1DigitalTrust. Time to resolution for any risks has been faster than anticipated. After the initial work to remove all critical risks within the first months, the work is now more operational. When new critical risks occur, which they unfortunately will from time to time, the company has easy access to resources, and risks will be mitigated by 1DigitalTrust as soon as a solution is available.

Solution: Business Critical Cybersecurity from Onapsis

The solution from 1DigitalTrust is based on the Onapsis Platform, which focuses on the unique cyber security challenges of business-critical applications such as SAP and Oracle. Currently, the Onapsis Platform protects business-critical applications and data for over 300 global enterprises, including 20% of the Fortune 100. The Onapsis Platform also delivers timely and impactful threat intelligence to SAP and their customers to help mitigate vulnerabilities.

“We now have a structured process to evaluate and mitigate risks in SAP. That enables us to quickly and efficiently determine when and how to mitigate the risks together with the experts from 1DigitalTrust.” 

ERP Manager at the Customer

Results

  • 77 % of C-level executives (CTO, CIO, etc.) are concerned about security, when considering moving ERP applications to the cloud.
  • In 64% of the cases, ERP downtime cost per hour is higher than 50,000 USD.
  • In 74% of surveyed organizations, ERP applications are currently accessible from the Internet.

Despite efforts to patch, 62% of the respondents said that their applications have critical vulnerabilities.

Every second a large organization experiences a security breach related to their ERP system.

Avoiding Security Roadblocks to SAP S/4HANA Migrations

/in /by

Best Practices & Lessons Learned

ON DEMAND

Moving to SAP S/4HANA is a complex process, requiring collaboration from multiple stakeholders across the business to deliver the project on time and on budget.  All too often, security ends up being a roadblock to meeting those goals, but it doesn’t have to be.

KPMG and Onapsis work side-by-side with organizations to build security into their SAP S/4HANA migrations to avoid setbacks and establish secure SAP operating models. Join us for a conversation on best practices for a security-by-design approach based on our experience helping customers migrate their systems. Topics include:

  • Aligning stakeholders across security, IT, SAP Basis, and internal audit
  • Putting security-by-design into practice without interfering with or burdening SAP teams
  • The three biggest challenges we hear for each stage of a migration project and how to overcome them
  • Other lessons learned from our customers, so you can avoid those challenges yourself

How Tech Executives are Leading Organizational and Technology Change – CIO Benchmark Research

/in /by

Change has come in many forms for business and IT leaders across all industries. Geopolitical events, market forces, changing consumer behavior, and commodity price fluctuations have all put various pressures on decision makers. Add to the fact that technology is rapidly evolving and transitions to new solutions such as SAP S/4HANA and the Cloud are top of mind. In this benchmark report we examine how executives are approaching organization and technology change.

Active SAP Exploitation Activity Identified by the Onapsis Research Labs

/in /by

Threat Intel Briefing


The Onapsis Research Labs continuously monitors the evolving SAP threat landscape to rapidly identify elevated risk, trending threat behavior and activity, and vulnerabilities that are being leveraged by attackers to compromise business applications. 

The Onapsis Research Labs observed active exploitation attempts against three existing and previously patched SAP vulnerabilities. These vulnerabilities are remotely exploitable through the HTTP(s) protocol and have publicly available exploits and PoCs which facilitate its exploitation. 

As a result of this, on June 9, 2022, CISA updated its Catalog of Known Exploited Vulnerabilities to now include these three aforementioned SAP vulnerabilities. This catalog is a dynamic collection of known vulnerabilities that are currently being exploited in the wild. Mitigation and/or remediation of these vulnerabilities is mandatory for all federal civilian executive branch agencies, but this catalog also serves as an excellent repository of current exploitation activity for the private sector as well.

These three new additions only further support the continuing threat intelligence published by CISA documenting this growing knowledge and exploitation activity around older vulnerabilities for unpatched, unprotected SAP systems. It’s important to ensure that your critical systems have these SAP Security Notes effectively applied.

This session with SAP, CISA and Onapsis covers the latest developments in the Threat Landscape for SAP business-critical  applications, including:

  • The assets organizations can leverage from CISA to help with securing application
  • Which vulnerabilities are currently being exploited by threat actors
  • Tactics and behaviors that threat actors may exhibit when exploiting these vulnerabilities on unpatched SAP applications
  • How you can leverage Onapsis technology to protect your SAP applications

Onapsis Defend: Threat Monitoring and Pre-Patch Protection for Business-Critical SAP Applications

/in /by

Continuously Monitor and Protect Your Most Important Assets from Threats

Challenge

Your Window to Defend Your Business-Critical Applications Is Shrinking

Digital transformation initiatives have left business-critical applications more exposed than ever, and this increased exposure hasn’t gone unnoticed. Threat actors are targeting business-critical applications through a variety of attack vectors and at a faster pace than ever before. Attempting to monitor for threat activity by manually reviewing system logs are inefficient and require extensive internal knowledge. Given the speed at which threat actors operate, this leaves far too much time for successful attacks to take place. To protect their critical business operations and data, organizations need continuous threat monitoring designed specifically for these applications. They need to identify potential threats in real-time and understand the risk they pose, so they can prioritize incident response. And they need the ability to define and customize criteria for alerts, including threats related to user actions such as authorization and sensitive data access.

<3 hours for the first exploit attempt on an unprotected system coming online 1
<72 hours between release of a patch and first exploit attempts 1

The Solution

Continuous Threat Monitoring for SAP with Onapsis Defend

Powered by research and insights from the Onapsis Research Labs, Onapsis Defend uniquely provides the visibility and context security teams need to respond faster and smarter to threats targeting their business-critical applications. Onapsis is proud to be an Oracle partner and the only application security platform in the SAP Endorsed Apps Program.

  • Over 2,000 detection rules specific for SAP, including zero days to protect applications from threats prior to patch release
  • Detect anomalies, understand root cause and how to mitigate
  • Integrate with SIEMs for SOC visibility and cross-system analysis
  • Get the latest threat intelligence from Onapsis Research Labs

Understand Threats to Your Critical Systems 

  • Automatically Detect Potential Threats or Suspicious Activity
    Eliminate the need for manual log reviews and in-house SAP security expertise to identify threats to critical assets (e.g., ABAP, JAVA, HANA, SAProuter)
  • Start Monitoring Immediately and Realize Value Quickly
    2,000+ detection rules and 30 pre-configured alarms provide a base level of threat monitoring upon install
  • Ease the Burden of Security Responsibilities under RISE with SAP
    Better manage your RISE security responsibilities, including tracking user behavior and detecting & mitigating external / insider threats

“We’re saving 20 hours a week compared to manual log reviews”

– F500 Financial Institution

Respond Faster and Smarter

  • Reduce Investigation Time and Accelerate Response
    Receive real-time alerts with detailed explanations, including root cause, severity, machine learning anomaly score, and business context
  • Transform SOC Teams into Instant SAP Experts
    Easily send curated SAP threat activity and intelligence to your existing SIEM tools; threat explanations and remediation guidance facilitate playbook creation
  • Extend Onapsis Threat Intelligence to the Network Layer
    Augment your existing network security products with vendor agnostic, open-source rules that alert on (and potentially stop) Onapsis-research-based network threats before they reach your ERP applications

“We’re saving 20 hours of week addressing security controls around useraccess”

– F500 Consumer Good Company

Reduce Risk to Critical Systems

  • Get the Best SAP Exploit and Zero-Day Protection
    Detect more types of exploit activity with 400+ exploit rules across the SAP stack, including zero-day rules to protect you before patches are available
  • Find Suspicious User Behavior Faster
    Monitor for insider threats and potential indicators of compromise with targeted alerts and user behavior analysis (UBA) to detect anomalies faster
  • Easily Implement Compensating Controls
    Address the risk of open vulnerabilities by monitoring for exploit activity or help meet regulatory requirements by adding additional controls

 “We’re confident our most important assets are protected from zero-days and other emerging threats”

– F500 Chemical Company

1  IDC ERP Security Report 

Sitemap  | Terms of Use | Privacy Policy   |  Quality Policy  |  Disclosure PolicySecurity Vulnerability Reporting Guidelines |  ©2025 Onapsis  |  All rights reserved