Press Release

Onapsis Recognized in Gartner 2017 Hype Cycle for Application Security

Boston, MA – August 2, 2017 – Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today announced that it has been recognized as a Sample Vendor in Gartner’s “Hype Cycle for Application Security”¹ for the emerging category of Business-Critical Application Security.

In the report, Gartner analyst Neil MacDonald illuminates that, “As financially motivated attackers turn their attention ‘up the stack’ to the application layer, business applications such as ERP, CRM and human resources are attractive targets. In many organizations, the ERP application is maintained by a completely separate team and security has not been a high priority. As a result, systems are often left unpatched for years in the name of operational availability. In other cases, systems are misconfigured, exposing these systems directly to the public internet and attackers. Publicly disclosed attacks are rare, so the problem remains largely ignored. “

The report goes on to caution, “As business-critical applications are opened up to partners and exposed on the public internet, and as attackers target these applications, their risk profile is changing. By definition, business-critical application security applies to applications critical to the functioning of the business. Downtime of the core ERP system of an enterprise can be catastrophic. Outages and theft caused by hackers should be viewed as critical as downtime caused by hardware or software failures.”                            

Because this layer of application security has been a blind spot for many organizations, CISOs, IT and SAP BASIS teams are looking for guidance on how to align internally to achieve not only compliance but build best practices for securing these applications.

“When we founded Onapsis we were the first to identify a true industry problem: that business-critical applications such as SAP and Oracle are fully exposed to cyber-attacks. We believe that Gartner’s creation of the Business-Critical Application Security market on this recent hype cycle not only validates our mission, but will help enable organizations to understand the importance of securing their most critical information and processes housed within these systems,” said Mariano Nunez, CEO, and co-Founder, Onapsis.

87% of the Global 2000 rely on business-critical applications such as SAP and Oracle to manage their data such as ERP, HCM, CRM, BI and Supply Chain Management. Despite housing an organization’s “crown jewels” – intellectual property, financial, credit card, customer data, supplier data and database warehouse information – SAP and Oracle systems and their application layer are not protected by traditional security solutions. In addition, these systems are very complex, often having been implemented with customizations that map to specific business processes as outlined by an organization making them more difficult to secure.

Onapsis’ flagship product, the Onapsis Security Platform delivers a near real-time preventative, detective and corrective approach for securing business-critical applications such as SAP and Oracle whether deployed on-premise, or in a private, public or hybrid cloud environment. The Onapsis Security Platform provides unmatched coverage and protection with context-aware insight across SAP NetWeaver, ABAP, J2EE, HANA, and S/4HANA platforms. The platform integrates with network security, security management, SIEM solutions and workflows as well as leading cloud providers. The Onapsis Security Platform also enables customers to securely migrate to cloud environments by seamlessly integrating into private, public or hybrid deployments.

¹Hype Cycle for Application Security, 2017, Published: 28 July 2017 ID: G00314199,      Analyst(s): Ayal Tirosh


Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Onapsis

Onapsis cybersecurity solutions automate the monitoring and protection of your SAP applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator.

For more information, please visit, or connect with us on Twitter,Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.