Onapsis was founded over a decade ago when we realized that the world’s most critical enterprise resources were being overlooked. Business-critical applications like SAP help run your organization—supporting financial systems, human capital management, supply chains, supplier relationships, and more. These applications are at the center of the global economy, used by 92% of the Global 2000 and touch 77% of the world’s revenue. Based on our experience engaging with large SAP customers, we often ﬁnd vulnerabilities present in systems even though SAP released patches years ago. Despite their importance, many organizations lack the proper preventative, detective, and corrective controls to secure a company’s SAP applications, and have a reigning false sense of security provided by generic security products. That’s why Onapsis and SAP have been partnering together to empower executives to mitigate what we believe is one of the most critical types of cyber risk facing organizations.
During SAP Sapphire from May 10-12, 2022, Onapsis will showcase our latest threat intelligence with SAP, and strategic recommendations to help organizations better understand how they can protect themselves from cyber attacks targeting their business-critical applications. We’ll also be hosting a happy hour with SAP on Tuesday, May 10 at Charley’s Steakhouse. Meet us there!
As we get ready for Orlando, take a look at some of our joint research and threat intelligence from SAP and Onapsis Research Labs to help you secure your crown jewels.
April 2021: Onapsis and SAP Partner to Release New Threat Intelligence on Active Threats
In our first joint report, Onapsis and SAP outlined a critical cybersecurity blind spot impacting how many organizations protect their business-critical SAP applications. Our research showed that not only has the threat landscape grown in recent years, but threat actors have gotten more sophisticated using well-known exploits, and the window for defenders has gotten increasingly smaller.
December 2021: Onapsis and SAP Work Together to Protect SAP Applications from Ransomware
There’s one thing that was clear through 2021 and it’s that cybercriminals love a holiday. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert that threat actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends. To prepare our customers for potential attacks over the 2021 holiday season and beyond, SAP and Onapsis outlined several key steps organizations can take to minimize the risk of an attack on their business-critical SAP applications.
January 2022: Onapsis and SAP Share Threat Intelligence on Log4j
Since we became aware of Log4j, Onapsis worked around the clock to understand the impact of this vulnerability on some of the most widely used SAP products. Onapsis and SAP partnered together for a customer session on protecting SAP applications from the threat of Log4j.
February 2022: Onapsis and SAP Partner to Discover and Patch Critical ICMAD Vulnerabilities
Onapsis and SAP partnered on the discovery and mitigation of a set of three vulnerabilities affecting the SAP Internet Communication Manager (ICM) component in SAP business-critical applications. The ICMAD vulnerabilities require immediate attention by most SAP customers. One of the vulnerabilities, CVE-2022-22536, received the highest possible risk score, a 10 out of 10. As a result, CISA has issued a Current Activity Alert. If exploited, these vulnerabilities enable attackers to execute serious malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications.