Onapsis Assess Datasheet
Vulnerability management for business-critical applications such as SAP and Oracle, including deep visibility into the attack surface across the entire application landscape, automated assessments with detailed solutions and descriptions of associated risk and business impact.
“Onapsis removes the mystery around SAP security by increasing visibility. We can see issues—misconfigurations, missing patches or unusual user activity—what risk they pose and how to fix them.”
— Enterprise Security Manager, Fortune 500 Utility Company
InfoSec professionals frequently lack visibility into their organization’s most critical business applications because the tools they traditionally rely on don’t adequately cover these systems. Security administrators are typically responsible for vulnerability management for the business. However, their tools don’t cover business critical applications and they often rely on cohorts within application teams for remediation.
A lack of visibility and tools aren’t the only challenge, the applications themselves are also complex. The frequency of releases, the complexity of patching processes, and size of application landscapes mean enterprises are facing a growing backlog of patches and lack prioritization tools.
Onapsis Assess directly addresses these challenges for enterprise teams. It provides focused and comprehensive vulnerability management for business-critical applications like those from SAP and Oracle. It provides deep visibility into the entire application landscape, automated assessments with detailed solutions, and descriptions of associated risk and business impact. Onapsis Assess aligns InfoSec and IT Teams and lets them make empowered decisions on how to respond to incidents, reduce investigation and remediation times, and achieve greater risk reduction with less effort.
Sensors are deployed - either on-premises or in the cloud - which provide deep scanning of assets at the system, application, and code level. Assess runs scans with preset and customizable policies and modules which search assets for a comprehensive and regularly updated set of known issues, including missing patches, unsecured or incorrect configurations, and risky user authorizations/permissions. Custom policies and modules allow alignment with organizational policies and best practices. The results are displayed in a single dashboard to prioritize risks and identify action for mitigation. Each vulnerability identified contains an explanation of the business impact, severity, and remediation steps for resolution.
Onapsis’ highest priority is the security of our software and the confidentiality, integrity, and availability of customer information as it flows through that software. We embed the strongest possible security measures into our software development life cycle (SDLC) and into the operating system, database, web security, and logging layers of our products. Onapsis contracts with accredited, third-party, auditing companies who have audited our SDLC process and we have the following certifications: ISO 27001:2013, SOC 1 Type 1, SOC 2, and Veracode Verified Program. Our product design and development requirements follow the OWASP ASVA v4 framework or other industry standard guidelines.
Onapsis Assess can be deployed on-premises, in your cloud environment (all major cloud providers supported), or on Onapsis cloud environment, as a SaaS. Technical components needed to support each deployment type are described in Table 2 below.
Onapsis Research Labs
The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting mission critical applications from SAP, Oracle, and SaaS providers. They have discovered over 1,000 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and pre-patch protection ahead of scheduled vendor updates.
The Onapsis Platform
Onapsis Assess is part of the Onapsis Platform. The Platform focuses on four pillars of business-critical application security that directly targets interconnected risk - vulnerability management, threat monitoring, compliance automation, and application security testing.
learn moreFeatures & Benefits
Users can create custom policies to include the set of vulnerability checks that meets their needs.
*Not available with Assess Baseline license
Onapsis provides predefined vulnerability checks, called modules, but also enables the ability to define custom checks.
*Not available with Assess Baseline license
Feature that leverages AI and 14+ years of Onapsis data and experience from security engagements to help security and IT leaders answer the question, “How are we doing with SAP security?” Acts as a personalized, trusted “security advisor” to help you establish better security goals, guide your ERP security journey, and track progress in comparison to baselines and other companies and industries at different stages.
Vulnerability checks are regularly updated and added based on the latest investigation results from the Onapsis Research Labs.
Extends vulnerability scanning to custom code deployed to production. This gives security teams a more complete view of their SAP application attack surface.
Prerequisite for Onapsis Comply. With a valid Comply license, adds the right-sized, frictionless SAP audit packs to the Assess scanning engine.
*Not available with Assess Baseline license
Delivers a regularly-updated and curated library of new and ongoing threat research, directly from the Onapsis Research Labs. The Threat Intel Center provides one-click access to comprehensive research designed for both the education of cybersecurity team members and providing organization-specific business impact for cybersecurity leaders.
*Not available with Assess Baseline license