Pressemitteilung

Onapsis Releases SAP Security In-Depth Publication for SAP HANA

Leaders in business-critical application security publish in-depth report identifying how to properly audit and securely configure SAP HANA systems

Boston, MA – August 24, 2016 - Onapsis, the global experts in business-critical application security, today released SAP HANA System Security Review Part 2. This publication analyzes SAP HANA Internal Communication Channels, details associated risk, and identifies how to properly audit an SAP HANA system. As the 13th edition in the SAP Security In-Depth series, SAP HANA System Security Review Part 2 describes how to update the SAP HANA platform, noting new improvements in each Support Package.

SAP HANA is regarded by SAP as the absolute in-memory database for its products and more recently, as a standalone platform. The vast majority of companies who have already adopted SAP HANA are leveraging its capabilities to support business-critical applications. Due to its nature, SAP HANA stores an organization’s most important assets including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.

“Improperly configuring SAP HANA has a huge impact on security, as there are many aspects of this product that by default, in certain versions, do not have the most effective security measures in place. For example, Internal Communication Interfaces were not designed to be used by the end user, and therefore do not include security measures such as encryption or authentication in versions prior to SPS10. If left unsecured, an attacker could access any communication ports to perform espionage, sabotage, and fraud attacks,” said Nahuel D. Sánchez, Author and SAP Security Researcher, Onapsis.

Within SAP HANA are Internal Communication Channels that allow communication between different processes that comprise the SAP HANA platform as well as between hosts and systems. The specific purpose of each internal communication channel depends on the quantity of host deployments, as well as system replication scenarios.

Onapsis SAP Security In-Depth (SSID) publications detail innovative security aspects of business-critical applications as identified by the Onapsis Research Labs. Each release analyzes the unique risks introduced to these applications and the different mitigation strategies that allow organizations to protect their SAP implementations. Following SAP HANA System Security Review Part 1, which focuses on understanding the HANA layout, this new edition takes a deep-dive into technical concepts to fully explain how to properly configure critical aspects of SAP HANA.

SAP HANA System Security Review Part 2 steht zum Download bereit unter: https://www.onapsis.com/research/publications/volume-xii-sap-hana-system-security-review-part-2.

Über Onapsis Research Labs™

SAP and Oracle Security Threat Intelligence is produced by Onapsis Research Labs, a team of leading security experts who combine in-depth knowledge and experience to deliver technical analysis with business context, and provide sound security judgment to the market. The team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers and has released over 150 advisories to date, with over 35 affecting SAP HANA; has consulted on impact with over 180 Onapsis enterprise customers; and regularly presents at leading security and SAP conferences around the world. Onapsis was the first to deliver “SAP Security In-Depth” publications that provide detailed analysis on security risks impacting SAP and SAP HANA.

Über Onapsis

Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis’ patented solutions enable security and audit teams to have visibility, confidence and control of advanced threats, cyber risks and compliance gaps affecting their enterprise applications.

Onapsis hat seinen Hauptsitz in Boston, MA und bedient über 200 Kunden, darunter viele der Global 2000. Die Lösungen von Onapsis sind auch der De-facto-Standard für führende Beratungs- und Prüfungsunternehmen wie Accenture, Deloitte, E&Y, IBM, KPMG und PwC.

Zu den Onapsis-Lösungen gehört die Onapsis Security Platform, die am weitesten verbreitete SAP-zertifizierte Cybersicherheitslösung auf dem Markt. Im Gegensatz zu generischen Sicherheitsprodukten bieten die kontextsensitiven Lösungen von Onapsis sowohl präventive Schwachstellen- und Compliance-Kontrollen als auch Echtzeiterkennungs- und Vorfallreaktionsfunktionen, um Risiken für kritische Geschäftsprozesse und Daten zu reduzieren. Durch offene Schnittstellen kann die Plattform in führende SIEM-, GRC- und Netzwerksicherheitsprodukte integriert werden und Unternehmensanwendungen nahtlos in bestehende Schwachstellen-, Risiko- und Incident-Response-Managementprogramme integrieren.

Diese Lösungen werden von den Onapsis Research Labs betrieben, die kontinuierlich führende Informationen zu Sicherheitsbedrohungen liefern, die SAP- und Oracle-Unternehmensanwendungen beeinträchtigen. Experten der Onapsis Research Labs hielten als erste einen Vortrag über SAP-Cyberangriffe und haben bis heute Hunderte von Sicherheitslücken aufgedeckt und behoben, die SAP Business Suite-, SAP HANA-, SAP Cloud- und SAP Mobile-Anwendungen sowie Oracle JD Edwards betreffen und Oracle E-Business Suite-Plattformen.

Onapsis wurde das US-Patent Nr. 9,009,837 mit dem Titel „Automated Security Assessment of Business-Critical Systems and Applications“ erteilt, das bestimmte Algorithmen und Fähigkeiten hinter der Technologie beschreibt, die die Softwareplattformen Onapsis Security Platform™ und Onapsis X1™ antreibt. Diese patentierte Technologie ist branchenweit anerkannt und hat Onapsis die Auszeichnung als SINET 2015 Innovator 16 eingebracht.

Weitere Informationen finden Sie unter www.onapsis.comoder verbinden Sie sich mit uns auf Twitter, Google+, oder LinkedIn.

Onapsis und Onapsis Research Labs sind eingetragene Marken von Onapsis, Inc. Alle anderen Firmen- oder Produktnamen können eingetragene Marken ihrer jeweiligen Eigentümer sein.