Missing SAP Security notes: a massive attack surface (meaning Risk)
Let’s start with some numbers related to SAP security notes:
- SAP has released 4000+ security notes to date
- Each month 20+ are added to that number
- In 2017 alone 268 Security notes were released where 44 have priority HIGH or HOTNEWS, which means not applying these notes can have severe security consequences due to a.o. an increased risk of reverse engineering
Over 95% of the SAP systems we have assessed over the past 7 years, contained vulnerabilities that could lead to a full compromise. Proper vulnerability management would have prevented this in most cases. But we see customers struggle with applying SAP patches over and over again, while this is one of the key areas for proper protection of business critical systems like SAP systems are.
We heard all the excuses for not applying the SAP security patches before:
- Functional business changes are prioritized over security fixes
- Patches might break business-critical processes
- SAP Security notes are bundled with functional releases only 3 or 4 times a year, not every month
- Fear that patching might lead to unwanted business downtime
- No time for testing
- Heavy change processes prevent rapid SAP Note implementation
But if you want your business to thrive, your level of protection should match your level of innovation and speed of business. If not; your systems might fall prone to Sabotage, Fraud or Sabotage.
Automate your SAP Security note implementation
When confronted with the struggle customers face in this area, we were challenged to find a solution for this problem. And here we are, with a simple, yet powerful solution; automate the things! We found a way of applying 50-75% of SAP ABAP Security notes automatically, leading to a significant reduction of boring, repetitive work for your SAP basis team. Saving you time and money.
How does it work? First: run a scan with Protect4S and determine all required SAP Security Notes for your specific system. After that: apply them with the click of a button. Tests have proven effectiveness for 50-75% of SAP ABAP Security notes, which only leaves you with the ones requiring extra manual actions. This will save you the repetitive and boring work of:
- determining with SAP Security Notes are applicable for your specific SAP systems
- downloading and applying simple SAP Security Notes
See the video for a demonstration:
Curious to find out more?
Get in touch and we’d be happy to tell you all about it…