Top-5 Questions from Customers
More and more SAP companies are seeing or recognizing the need for additional SAP security software. Especially since last year, we have seen the demand for SAP vulnerability management increasing rapidly. Why this is the case can best be described based on the top 5 most important and most frequently asked questions from customers before they chose Protect4S.
1) We currently use the functionalities of SAP Solution Manager (EarlyWatch reports, SOS reports, etc), what is the added value of Protect4S?
SAP Solution Manager offers several SAP security functionalities that might help customers like the Security Optimisation Service report, System Recommendations and Configuration Validation.
Nevertheless, there are good reasons to choose Protect4S:
- A more complete out-of-the-box solution that is installed as an add-on to the SAP Solution Manager, without agents, and up and running within 1 day.
- No expensive complicated configuration and custom solution that has to be maintained with great dependence on consultants.
- More complete solution with many more checks on 3 layers (Application, OS, DB) and functionalities (e.g. heatmaps, connection map, automated update of security notes) of which the number of checks and functionalities are continuously expanded without additional costs.
- Protect4S not only automates most aspects of vulnerability management but also enables your staff to learn vulnerability management ‘on the job’ by explaining every vulnerability using known and trusted sources of information.
- Last but not least, the best practice value is enormous, Protect4S contains years of experience and feedback from SAP customers with continuous improvement as a result.
2) We think it is enough to do a SAP security assessment once a year. What is the added value of a Protect4S license?
The outside world is more dynamic than ever before and cybercrime is growing fast. On average, 20 new SAP vulnerabilities are published every month. Since the information in these OSS Notes can be used to reverse engineer working exploits for SAP systems, it is vital that SAP systems are patched as soon as possible to avoid exploitation.
In addition, the requirements from auditors are increasing. For these reasons, it is insufficient to do an SAP security assessment, for example, once a year. The monthly update of the SAP security notes alone is a labour-intensive process that is largely automated by Protect4S. With Protect4S, SAP systems can be scanned automatically as often as desired, making it possible to follow a preventive process of scan-analyse-mitigate based on continuous improvement. Thanks to the clear reports, accountability towards auditors is increased.
3) We have outsourced all SAP matters to our SAP hosting partner. Why is that not enough?
We see that many SAP companies have outsourced the technical support of their SAP systems to SAP Managed Services Providers. However the responsibility for SAP Security does not shift from the end customer to the managed services party, only a large part of technical operations does. In such a construction, the collaboration between the end customer and managed services partner becomes more important to ensure that the SAP systems remain well secured. Protect4S is an excellent way of staying in control of SAP security even when the SAP systems have been outsourced.
Many SAP companies recognize the importance of security and place higher demands on their SAP support partners. But without additional tooling, it is impossible to increase the level of security sufficiently due to the complexity and amount of manual work. Protect4S ensures that SAP security is structurally improved and becomes easier, and at the same time much more transparent for the end customer.
4) What makes Protect4S different or better than its competitors?
To begin with, Protect4S currently offers an SAP vulnerability management solution. Some competitors focus mainly on threat detection or code scanning and to a lesser extent on vulnerability management. We see vulnerability management as the foundation and on top of that, there may be threat detection. That is why we are currently building our threat detection solution and expect to have it ready sometime in 2021.
Customers who have made a supplier selection for vulnerability management, have chosen Protect4S because of the completeness of the solution (e.g. Connection Map, Web Dispatcher checks, Automated implementation of Security notes), the ease of use, quick and easy installation (without agents) and the relatively low costs (no setup costs).
5) What exactly is the business case of such a continuous SAP vulnerability management process powered by Protect4S?
The core of the answer to this question is the fact that the complexity of an SAP landscape in combination with the increasing external risks makes it impossible to follow a continuous SAP security process without additional software such as Protect4S.
At the same time, Protect4S delivers concrete savings (more automation, less and easier manual activities) on the one hand, and structurally better security and accountability on the other. The business case can be illustrated by the following examples:
- Protect4S can run hundreds of security checks in only 2-3 minutes automatically. The costs in terms of labour to execute these checks manually on a complete SAP landscape greatly exceeds the Protect4S license cost.
- The latest Ponemon report (sponsored by IBM) ‘Cost of a Data Breach 2020’ lists $3.86M as the global average total cost of a data breach. The cost of preventing your SAP systems from being hacked by using Protect4S is very, very much lower.