Large utility company builds SAP vulnerability management program, reduces remediation time by 80%
DownloadIndustry – Utilities, Gas and Electic
Company Size – 2k+ employees, >$2B revenue
Challenge
Unaddressed risk in critical SAP applications due to complex patching process and no visibility into other vulnerabilities
A large American utility company relies on SAP applications for many of their business-critical processes. Despite their critical nature, however, the company lacked visibility into the security posture of these applications- what vulnerabilities existed and what risk they posed to the business. Their patching process was complicated and time-consuming, and their existing vulnerability management tools didn’t sufficiently support SAP. The organization realized they had unaddressed risk within their critical systems, but they had no way to measure, understand, and act on it. With a major SAP S/4HANA migration project planned, they knew they needed a solution that could address this risk in the short-term and be used throughout the transformation.
“Onapsis removes the mystery around SAP security by increasing visibility. We can see issues — misconfigurations,missing patches or overly privileged users — what risk they pose and how to fix them.”
Enterprise Security Manager, Utility Company
Solution
Onapsis time-saving vulnerability scans provide deep visibility, detailed solutions, and business impact to identify risk and accelerate response
The utility company found their ideal solution with Onapsis Assess, which uniquely provides focused and comprehensive vulnerability management designed for SAP applications. Automated assessments, detailed solutions, and descriptions of business impact enable the organization to easily identify the true risk to their critical application landscape and understand how to respond. Onapsis Assess also significantly improved their patching processes, eliminating much of the manual work that was previously required. The included context from the Onapsis Research Labs helps them quickly determine which SAP Security Notes to prioritize, the best way to implement, and if they are missing any critical patches.
“With Onapsis, we were able to establish and maintain SAP security baselines and can now build them into transformation projects from the start. Onapsis enables us to keep SAP secure without impacting system performance or interfering with Basis teams.”
Enterprise Security Manager, Utility Company
Results
60% less time spent investigating issues and 80% reduction in mean time to remediate (MTTR) thanks to research-driven analysis provided by Onapsis
- 80% Reduction in Mean Time to Remediation (MTTR)
- 90% Less time spent on patching
- 60% Reduction in investigation time
The deep visibility and research-driven results provided by Onapsis Assess give the utility company an accurate understanding of risk within their critical systems and the context they need to quickly act on it. The detailed explanations and business impact provided by Onapsis mean the company’s security teams don’t have to be SAP experts themselves; they can make informed decisions on how to respond without having to spend a lot of time investigating each issue. Integrating Onapsis Assess with their ServiceNow further facilitates remediation efforts by aligning their security teams using Onapsis with their Basis teams responsible for fixing the issues. Leveraging this workflow and arming the Basis teams with Onapsis-provided step-by-step fixes has helped reduce the company’s mean time to remediate (MTTR) by eighty percent.
The utility company has also leveraged the customizability of Onapsis Assess to establish their own security baseline. By creating a custom scan catered to their business priorities and risk profile, they can regularly assess against it to ensure their systems continue to meet their security standards. They will use this baseline throughout their upcoming SAP S/4HANA migration to ensure their new systems are being configured securely.