Press Release

Onapsis Showcases Latest ERP Cybersecurity Research During RSA Conference 2018

Boston, MA – March 22, 2018 – Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today announced that it will be attending the 2018 RSA Conference in San Francisco, California April 16 – 20. The business-critical application security experts, recent winners of multiple ISPG Awards including Grand Trophy Winner, will share the latest cybersecurity and compliance research, host a CISO educational session and present on best practices for securing applications during digital transformation.

As more organizations move applications to the cloud and build complex digital transformation strategies, they often overlook what this means for the security of critical ERP applications. Without a clear understanding of the security challenges, keeping applications securely configured becomes an issue, one that can cause costly delays in projects. This is mainly due to the complexity of these business-critical, or ERP, applications.

“Security usually isn’t a key component in digital transformation projects but it should be,” said Juan Pablo Perez-Etchegoyen, CTO at Onapsis. “Strictly from a business perspective, it’s typically way more expensive to implement security after the fact than when business processes and the flow of information are being changed.”

In addition to application security, ensuring systems do not fall out of compliance during upgrades or changes requires continuous monitoring and proactive protection. Identifying where PII exists in complex ERP landscapes is difficult, and with GDPR on the radar, it’s more important than ever for organizations to understand where their critical business information and processes live and how they are protected.

“In working with many of our customers and partners we know that GDPR is a huge initiative and organizations don’t have much time remaining until the May deadline. Onapsis aims to help organizations understand where their data resides in complex SAP and Oracle financial systems and build a plan to become compliant. At RSA we will be hosting several meetings and speaking about the importance of GDPR and how to apply it within an organization,” stated Mariano Nunez, CEO and Co-founder of Onapsis.
Onapsis will also be hosting a CISO roundtable focused on the top SAP and Oracle application security priorities for 2018. During this discussion, Nunez, alongside CISOs and representatives from large audit firms, will address strategies that CISOs need to focus on to protect their organizations or maintain strict compliance requirements. Attendees will receive valuable information they can use immediately to begin or enhance an ERP application security plan.

“At RSA Conference, we want to give organizations the tools to protect their SAP and Oracle applications and help them understand what’s at risk from a cybersecurity and compliance perspective. We know many teams are currently formulating security plans and Onapsis’s goal is to help them succeed,” continued Nunez.

Onapsis Presence at RSA Conference
Onapsis Booth: North Hall, #4227. Visit the Onapsis RSA Conference website for more details, including how to request a meeting with Onapsis executives.

CISO Roundtable: “A CISO’s Top Five SAP and Oracle Application Security Priorities in 2018” (Invite Only)

Moderators: CISO, Fortune 500 Organization, Sr. Manager, Big 4 Audit Firm and Mariano Nunez, CEO, Onapsis

Abstract: Join Onapsis experts in this informative two-hour roundtable to discuss the key trends in the market and how they affect SAP and Oracle applications. We will give CISOs key takeaways to apply to their organizations immediately, including:

  • How to make information security an enabler instead of a roadblock in complex digital transformation projects
  • How SAP and Oracle application cloud migrations are not a simple “lift and shift” approach and how you can migrate securely in a phased approach
  • How to identify SAP and Oracle systems that may house data that falls under GDPR requirements and key ways to secure this data and ensure compliance
  • How to align with internal audit and application teams (SAP Basis, Oracle DBA) to achieve compliance without compromising security

Speaking Session I: “I Forgot Your Password: Breaking Modern Password Recovery Systems”

Presenters: Martín Doyhenard, Security Researcher, Onapsis; Nahuel Sanchez, Security Researcher, Onapsis
When: Thursday, April 19, 2018, 1:45-2:30 PM PT
Where: Moscone Center, San Francisco, CA, 94103

Abstract: Almost all modern systems implement a password recovery mechanism. Most of these implementations are designed from scratch without any industry standard to follow what leads to a recipe for disaster. This session will outline the most common vulnerabilities affecting these implementations and illustrate, through a real-world case study and live demo, how devastating these vulnerabilities can be.

Speaking Session II: “Protecting Business-Critical SAP and Oracle Applications During Digital Transformation Projects”

Presenter: Juan Pablo Perez-Etchegoyen, CTO, Onapsis
When: Wednesday, April 18, 2018, 1:40-2:00 PM PT
Where: South Hall Briefing Center, Moscone Center, San Francisco, CA, 94103

Abstract: For many organizations, digital transformation is not just buzzwords but a detailed outline of business and operational plans to integrate, prioritize and fully utilize the latest digital technologies available. Security is often a second priority or not in the scope of these projects and many organizations have not identified how they will migrate their SAP and Oracle applications in a secure way, putting their ‘crown jewels’ at risk. Learn how to ensure these business-critical applications that run your business can be protected while your organization is planning for the future.

About Onapsis
Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’s solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.
Onapsis solutions include the Onapsis Security Platform™, which is the most widely-used SAP-certified cybersecurity solution on the market. Unlike generic security products, Onapsis’s context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs, who continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™. This patented technology is well known, industry wide, and has gained Onapsis recognition on the Deloitte Technology Top 500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.

For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.