BlogNewsNews

How to automate and simplify SAP security

By 20 May 2020 No Comments

Companies looking for ways to secure their SAP systems commonly face three problems:

1. Information overload

SAP customers who want to start with SAP Security need to follow the recommendations from the latest security guides for SAP Netweaver which can be found in the SAP Help Portal.

However, when reading the first page of the SAP NetWeaver Security Guide, it soon becomes clear that securing SAP systems is not a trivial matter because there is a vast amount of different SAP security guides.

Few people have the time to study these guides in detail and apply all the recommendations applicable to their SAP Infrastructure, let alone to periodically check whether all the recommendations still exist.

2. High complexity and manual checks

In the last 15 years, SAP system architecture has evolved enormously. From a monolithic piece of application software located on a single server together with its database, it now has 2 distinct layers (application and HANA database) each involving one or more servers. In addition, a company now needs different SAP system types (Portals, Integration, BI, CRM etc.) instead of the old R/3 system that had it all.

The result is that the average SAP system infrastructure has become complex, spanning many servers and resulting in a much larger attack surface. Execution of manual security compliancy type security checks no longer guarantee a secure SAP application.

3. Too dependent on expensive SAP security consultancy

Detection and remediation of vulnerabilities requires extensive knowledge about SAP, IT security in general and knowledge about the techniques that hackers use to penetrate an IT Infrastructure. This combination of skills is rare and expensive.

Protect4S software automates and simplifies SAP Security

These problems that SAP companies are struggling with are the most important reasons why our clients started using Protect4S. With our software they automated most of their periodic SAP security processes and managed to make SAP security much easier.

  • Protect4S has a large repository consisting of some 1600 individual security checks that can be scheduled periodically to run automatically on all your SAP systems. Checks are individually documented in terms of relevant and trusted information from SAP in the form of references to OSS Notes, SAP Help and SAP Blogs.
  • No expert security knowledge, nor expensive courses are needed to run Protect4S. The application is extremely user-friendly and designed to be operated by the very people that manage your SAP systems.

Protect4S uses a unique concept that is based on a continuous and measurable improvement cycle of your security situation involving 3 repeatable steps:

Scan: A Protect4S security scan is scheduled periodically (at a frequency of your choice) and will automatically determine the security vulnerabilities in your SAP systems. From each scan, a mitigation report is automatically generated. This mitigation report contains detailed information on how to remediate every vulnerability.

Analysis: Each scan is then analysed by the SAP technical staff to see which vulnerabilities can be solved and which effort (in terms of time) is required to solve them. For each vulnerability found there are pointers to relevant information such as OSS Notes, SAP help and SAP Wiki’s, saving your technical staff many hours of searching.

Mitigate/Remediate: Supported by a mitigation report acting as a HowTo guide, remediation actions can be planned and executed. In order to measure the actual effect, a new Protect4S scan is run to make sure that the remediation has been successful for all vulnerabilities involved.

  • At any time, IT management can see the current state of security in all SAP systems in terms of easy metrics.
  • The Protect4S security checks are updated monthly and include the latest OSS Security notes
  • The checks are designed to run on the 3 different layers of your SAP infrastructure: application, database and operating system.
  • Protect4S is a lightweight ABAP/Web Dynpro application and no new hardware investments are needed. Protect4S is installed as an Add-On on your existing Solution Manager
  • Protect4S requires no agents in the SAP satellite systems and therefore no extra maintenance efforts

Wonder how you can automate and simplify your SAP security? Try out Protect4S for 1 month for free or request a free demo!

For more SAP security related news, articles and whitepapers, please follow us on LinkedIn!

Leave a Reply