When it comes to SAP Security, lots of companies already depend on a GRC solution to protect their SAP systems against weaknesses inside their SAP authorisation objects and role distribution.
However, it is common knowledge that the SAP authorisation layer can be bypassed by malicious insiders and outsiders by exploiting vulnerabilities in the SAP infrastructure.
Recent examples include OSS Notes:
|2973735||10.11.2020||[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)|
|2969828||13.10.2020||[CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)|
|2958563||09.09.2020||[CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform|
|2941667||09.09.2020||[CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform|
Vulnerabilities like SQL, Code and command injection present large opportunities for hackers to bypass the SAP authorisation layer. A hacker might, for instance, create a new SAP user with administrative privileges using just a single SQL statement or some operating system commands.
But there are also other vulnerabilities, such as XSRF (Cross-Site Request Forgery) and XSS (Cross-Site Scripting), that are more difficult to exploit whilst still presenting substantial security risks.
To complement their existing GRC-based security solution, SAP Customers ideally need a Vulnerability Management solution that detects these weaknesses hidden deeper in the SAP Infrastructure layers.
Protect4S Vulnerability Management
Protect4S is a dedicated vulnerability management solution that detects around 2000 of these vulnerabilities and is constantly updated with the latest SAP security notes.
Instead of presenting you with a large list of difficult and technical deficiencies, Protect4S explains every vulnerability found in clear and concise terms and classifies the risk that it poses.
Protect4S can therefore be operated by your existing technical SAP or GRC staff. The application basically “educates” its users and works on the principle of continuous improvement to make your SAP systems safer. Because it contains relevant pointers to trusted SAP information (OSS-Notes and SAP-Help) for every vulnerability found, Protect4S will save your staff endless hours of searching for information.
Other Protect4S benefits are:
- Manual SAP Security processes are automated
- Complex activities are made easier by information pointers and dashboards
- Less dependent on expensive projects or consultancy
- Always up-to-date with SAP Security notes
- Better insight into risks, mitigation and trends
- Clear and understandable management reports for CISO and SAP Security Officer
- From reactive and ad hoc to preventive and continuous protection
- Better prepared for annual audits
Make sure that your SAP risk prevention is 100% by adding Vulnerability Management to your existing GRC security application!
See also the webinar that we held together with ERP Maestro on The Convergence of Internal Access Controls and Cyber Security on our YouTube Channel.
Try out Protect4S on your SAP systems for free and see how you can achieve 100% risk prevention!