Defenders Monthly Newsletter

Join us for a discussion on how taking a collaborative approach to your RISE with SAP transformation can maximize your application security.

Enhancing your SAP application security during a RISE with SAP migration is a shared responsibility. We’ve teamed up with SAP and Deloitte to provide users with a clear understanding of your application security responsibilities. Join our webinar to witness firsthand the synergy between SAP, Onapsis, and Deloitte and how this relationship helps clients enhance overall application security. Attendees will walk away with practical, actionable strategies for implementation to ensure your enterprise-wide SAP application security framework is up to par within your organization.

September’s Patch Tuesday is Here!

SAP has published nineteen new and updated SAP Security Notes in its September Patch Day, including updates to one HotNews Note and one High Priority Note. A significant number of the SAP Security Notes patches are Missing Authorization Check vulnerabilities in RFC-enabled function modules. Check out our blog for more information.

Read On

The Newest Defenders Digest has Arrived

Paul & JP are back to walk through September’s Patch Tuesday findings. They also have some details to share around new blog posts from our Onapsis Research Labs team.

Watch Now

Securing SAP Remote Function Calls: The Crucial Role of S_ICF Authorization

In SAP landscapes, securing Remote Function Call (RFC) destinations is crucial to prevent lateral movement attacks. A key strategy involves using the S_ICF authorization object to restrict access to RFC destinations based on user privileges. By assigning RFC destinations to authorization groups, organizations can add an extra layer of security, preventing unauthorized access to critical systems. Check out our most recent blog to learn how S_ICF plays a vital role in mitigating RFC hopping and securing your SAP environment.

Read on

On-Demand Session: Siemens Healthineers’ New SAP Security Approach

Siemens Healthineers was able to protect their critical SAP assets during their transformation to SAP RISE, but how did they do it? We recently hosted a session with Harald Hildebrand of Siemens Healthineers to walk us through how they were able to adjust their security posture from a reactive to proactive one, to ensure resilience against evolving cyber threats and maintain operational continuity and compliance. The session is now available to watch on-demand. Check it out!

Watch now

Dig into the Anatomy of a Command and Control Attack

Onapsis Research Labs routinely runs penetration tests to track and monitor both existing and new threats to the ERP ecosystem. During one of their recent tests, they witnessed an attack carry out a command and control attack in under 20 minutes. Our team took this incident and created a report to detail the anatomy of the attack and provide analysis, findings, and recommendations for safeguarding your SAP application landscape.

Read On

New Study: ERP Security in the Age of Ransomware

A recent study of 500 cybersecurity practitioners shows that ransomware is hitting harder than ever. While this isn’t surprising to defenders, we did find some noteworthy trends as it applies to ERP systems:

46% of enterprises faced four or more attacks last year. And 89% of those attacks impacted ERP systems.
Can your business afford 24 hours of downtime? That’s what 61% of companies experienced after an attack.

Check out the results in our infographic

Get Systems Cloud-Ready and Keep Them Protected

Need to simplify your SAP and Oracle cloud migration? We secure and ensure compliance for your critical systems before and during the move, minimizing risks and delays. Once in the cloud, we help you maintain strong security and compliance, keeping your systems safe and optimized.

Learn More

Upcoming Events

Discover more about the SAP security from the Onapsis team during our in-person and virtual events.

All Events

Webinar

Maximizing Application Security in RISE with SAP

Sept. 24 @ 11 am

Join us for an enlightening webinar as we dive into the intricacies of the shared responsibility model within RISE with SAP. Representatives from SAP, Onapsis, and Deloitte will lead this session, providing valuable insights into the specific roles and responsibilities each organization plays in helping clients enhance SAP application security.

Event

Gartner IT Symposium

Oct. 21-24

Visit us at booth #950 or schedule to meet up with us in Orlando. Your SAP applications are the lifeblood of your business, let us help you protect them.

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

CH4TTER: Threat Actors Attacking SAP Applications

Anatomy of an Attack: C2 Incident on SAP

Your S/4HANA Cloud Journey