Press Release

Onapsis Releases SAP Security In-Depth Publication for High Priority Security Note Configuration

Boston, MA – February 27, 2018 – Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today released a new SAP Security In-Depth (SSID) publication, Setup of Trusted RFC in GRC. This publication analyzes a complex High Priority security note, 2413716, regarding configuration changes to secure Trusted RFC for GRC Access Control (AC) Emergency Access Management (EAM). As the 14th edition in the Onapsis SSID series, Setup of Trusted RFC in GRC aims to give context to this complicated note and enable SAP customers to secure it.

The Emergency Access Management (EAM) module provides SAP GRC Access Control (AC) with the ability to determine how access can be granted in case of an emergency. To achieve this, it is necessary to set up Trusted RFC to connect all SAP systems within your entire organization to each other.

“All organizations know that installing SAP Security Notes is not a simple process based on the complexity of their implementation and the configurations that are set up. This particular note is a High Priority note that should be implemented immediately. We have received feedback from our customers that it has been difficult to do this, which is why we have written a guide to help simplify and provide a step-by-step process to configure it securely,” said Matias Sena, Author and SAP Security Researcher, Onapsis.

Onapsis SSID publications detail innovative security aspects of business-critical applications as identified by the Onapsis Research Labs. Each release analyzes the unique risks introduced to these applications and the different mitigation strategies that allow organizations to protect their SAP implementations.

Setup of Trusted RFC in GRC is now available for download.

The Onapsis Research Labs is proud to present a live webcast highlighting this SAP Security In-Depth publication on March 14th. Our researchers will breakdown this security note as well as the configuration steps to ensure your SAP platform is protected. Register for the webcast here.

About Onapsis Research Labs™
SAP and Oracle Security Threat Intelligence is produced by Onapsis Research Labs, a team of leading security experts who combine in-depth knowledge and experience to deliver technical analysis with business context, and provide sound security judgment to the market. The team works closely with SAP and Oracle product security teams to responsibly deliver the information to customers and has released over 150 advisories to date, with over 35 affecting SAP HANA; has consulted on impact with over 180 Onapsis enterprise customers; and regularly presents at leading security and SAP conferences around the world. Onapsis was the first to deliver “SAP Security In-Depth” publications that provide detailed analysis on security risks impacting SAP and SAP HANA.

About Onapsis
Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’s solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.
Onapsis solutions include the Onapsis Security Platform™, which is the most widely-used SAP-certified cybersecurity solution on the market. Unlike generic security products, Onapsis’s context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs, who continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™. This patented technology is well known, industry wide, and has gained Onapsis recognition on the Deloitte Technology Top 500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.

For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.