Onapsis Webinar

Onapsis Research Labs Briefing on SAP CVE-2017-12637

ON DEMAND

CISA recently updated their Known Exploited Vulnerabilities (KEV) catalog with an SAP vulnerability: CVE-2017-12637. When exploited, this vulnerability affecting SAP Netweaver AS Java application servers can enable unauthenticated threat actors to take full control of unprotected SAP systems. 

While this is a known security vulnerability that was promptly patched by SAP in 2017, Onapsis Research Labs have observed this issue being present in several environments to this day.

Onapsis Research Labs has also recently identified active exploitation via our global SAP Threat Intelligence Network, and we will be sharing our findings with the public.

And, in the meantime, check out our CVE-2017-12637 analysis blog.

Onapsis Webinar

SAP BTP und Cyber Security: Risiken minimieren und Abläufe in Produktion und Logistik sichern

SAP BTP und Cyber Security: Risiken minimieren und Abläufe in Produktion und Logistik sichern

ON DEMAND

Sichere SAP-Lösungen für Logistik und Produktion mit RISE und BTP

Ein Webinar im Rahmen der 20. IT-Onlinekonferenz: Produktions- und Logistikprozesse mit SAP – Die führende Konferenz für SAP-gestützte Produktion und Logistik.

Die digitale Transformation in Produktion und Logistik, angetrieben durch SAP RISE und die SAP Business Technology Platform (BTP), eröffnet Unternehmen neue Möglichkeiten zur Prozessoptimierung. Gleichzeitig entstehen Herausforderungen, diese geschäftskritischen Systeme sicher und compliant zu gestalten.

In diesem Webinar erfahren Sie, wie Onapsis Unternehmen unterstützt, SAP-Anwendungen in Cloud- und hybriden Umgebungen zu schützen, Sicherheits- und Compliance-Anforderungen zu erfüllen und die Integrität sensibler Daten und Prozesse sicherzustellen.

Highlights:

  • Effiziente Sicherheitslösungen für hybride SAP-Landschaften.
  • Echtzeit-Bedrohungserkennung und Schwachstellenmanagement.
  • Best Practices für SAP RISE und BTP.

Onapsis Podcasts

2024 Year in Review with Onapsis Research Labs

With 2024 behind us, the best way to prepare for a successful 2025 is to evaluate the past. JP Perez-Etchegoyen and Paul Laudanski from Onapsis Research Labs (ORL) will recap trends from 2024 and provide best practices to prepare you for threats targeting business critical applications in 2025.

In this session you’ll gain a greater understanding of:

  • Macro trends and observations gleaned from the extensive security research conducted by Onapsis Research Labs
  • A comprehensive recap of critical patches and noteworthy news from 2024, ensuring you can prioritize to support your team’s efforts
  • Actionable insights to empower your team in securing your SAP landscape in 2025 and beyond.
Case tsudy 500 Utility Company - RISE

Fortune 500 Utility Company Partners with Onapsis to Build Security into Their RISE with SAP Transformation and Achieve Secure, On-Time, On-Budget Go-Live

Industry: Utilities, Gas & Electric
Company Size: 2K+ employees, >$2B revenue

Challenge

A Fortune 500 utility company operating a twenty-year-old, on-premises SAP system chose the RISE with SAP program to more efficiently migrate to SAP S/4HANA and modernize their systems. Due to the age and complexity of their legacy systems, the company opted for a greenfield approach so they could start over and start clean in their new RISE environment. With the knowledge that the company was still responsible for their application security and compliance under the shared security responsibility model of RISE, this company recognized that their existing staff – while very good – required new skills and insights to navigate SAP security and compliance in the cloud. They recognized that they needed greater understanding of their roles and responsibilities for security under RISE. This utility company very much wanted a partner who could offer significant SAP security technology capabilities to help them today, deep R&D teams for both threat insights and product innovation to protect them tomorrow, and knowledgeable resources with deep hands-on expertise in guiding large enterprises with security planning and execution for large, multi-year RISE deployments. 

Fortunately for this company, they had been partnering with Onapsis for many years to secure their on-premises systems, so they already recognized the value of Onapsis technology for securing their SAP landscape and wanted that to continue in RISE. However, when they learned that Onapsis also offered hands-on RISE experts for enterprises to help augment their staff as they journey to RISE, they quickly realized they could get everything they wanted from their partner that knew both themselves and SAP security the best.  

Overall Results

With the help of Onapsis technology, this utility company achieved their goal of building security into their RISE with SAP transformation seamlessly, without interfering with their tight delivery timelines. They expanded their security visibility to their new RISE systems as well as point-in-time vulnerability scanning and continuous monitoring for SAP BTP and SAProuter, while simultaneously protecting their legacy systems as they executed a phased rollout of new systems on RISE. Everything – both legacy on-premises and RISE assets – were all centralized in the Onapsis Platform dashboard which simplified security and compliance for their teams. The research-driven analysis built into the Onapsis Platform paired with efficiencies from security automation helped them eliminate a significant amount of manual processes throughout the project as well as make project decisions much faster, resulting in both better security and greater risk reduction and significant time and cost savings. 

By far, the biggest advantage this utility company had during their RISE transition was enlisting the Onapsis RISE experts to augment their existing staff and guide them along the way. From the initial project discussions with SAP through the build phases and go-live, the utility company had SAP-security-focused experts on their team to help them address challenges as they arose, recommend best practices, troubleshoot with GSIs, SAP, and the hyperscale, prevent scope creep, and mitigate or avoid security or compliance project delays. 

“In the five years we’ve worked with Onapsis to secure our on-premises systems, we’ve not only experienced the day-to-day value of their technology – cutting our investigation times in half and reducing our mean-time-to- remediate by over 75% – but we’ve come to rely on them as true expert partners in shaping and optimizing our SAP security strategy. We knew we had to have them involved from the start when we began our RISE discussions and their guidance was invaluable, helping us to not only navigate but anticipate potential security and compliance obstacles so we could get ahead of them and avoid unexpected project delays.

The automation and risk-based analysis provided by their solutions made it easy to build security checks into each stage of the product, so we could find and fix things quickly, our teams were aligned, and we were ultimately able to deliver our RISE project on time and on budget.”

VP of Security, Utility Company

Conclusion

With the Onapsis partnership, the utility company saw great success by starting early and building security into their RISE with SAP transformation project. The risk-based analysis, automated processes, and expert guidance provided by Onapsis not only de-risked the project and improved overall security, but also offered significant time and cost savings.

The partnership helped them finish the project ahead of schedule with practically no delays due to security or compliance issues, and they will continue to leverage Onapsis RISE experts and technology to ensure their expanding RISE landscape stays clean and protected.