Cybercrime and the real threat it poses have received a lot of media attention in recent months. However, little has been written about the way in which companies deal with this threat on a day-to-day basis.
In general companies are focused on their core business and they typically do not like to get sidetracked by cybercrime and risk issues.
Although SAP provides the instruments necessary for risk reduction, relatively few of their customers spend the time and effort needed to implement them effectively. In addition to this, most don’t take the trouble to analyse the hundreds of SAP system parameter settings or the thousands of SAP Security Notes, let alone keeping up with these notes and applying them as they are released.
However, SAP parameter changes and security note applications are mitigation measures that can be applied with relative ease and are very worthwhile in terms of risk reduction.
Protect4S identifies these easy-to-solve vulnerabilities
ERP Security has found that this group constitutes at least 50% of all detected vulnerabilities.
For example, on a typical SAP IDES system (ERP6.0 EHP4 based on Netweaver 7.01) the Protect4S vulnerability scanner identifies these vulnerabilities using a heatmap:
As can be seen above the vulnerabilities with either extra low or low mitigation effort represent at least 50% of the total weighted risk in the system.
Automatically generated mitigation plan
We define mitigation effort as :
Protect4S automatically generates a mitigation plan containing all actions having either an extra low or a low mitigation effort :
This mitigation plan nicely groups the required mitigation actions and also contains the solutions for the vulnerabilities found. It can be executed by any SAP technical consultant in a single day.
Risk history overview
The risk history overview in Protect4S shows the results of the mitigation measures taken. In this specific example, the total weighed risk was reduced by 62,5% in a single day through the application of security notes and adjustment of SAP parameters only
Protect4S elimitates risk and simplifies SAP security
- Using Protect4S you can at least halve the risk to your SAP systems within a day. The rest of the vulnerabilities can also be solved, but that will take longer.
- Protect4S enables a simple 3-step SAP Security Process – scan -> analyse -> mitigate -which puts you in control of your business security.
Start reducing the risks in your SAP systems now with Protect4S.
For more information: