It’s all about continuous improvement
Like last year, the first half of 2021 was not business as usual in many industries. Yet, for us, it brought many opportunities and improvements for Protect4S, our flagship SAP Security solution. By listening to our customers, conducting research and internal brainstorming, we managed to introduce some exciting new features within Protect4S. This blog by no means lists all improvements, but we would like to sum up some of the biggest improvements in some Protect4S innovations throughout 2020:
1) Number of checks from 1700 up to almost 2000
As said before, SAP Security is not static, it is developing constantly and therefore requires to be embedded in a process to make sure you ‘won’t drop the ball’. It is therefore important to keep adding the latest vulnerabilities to Protect4S and include new checks where risk is found. We do this by releasing Support Packages on a frequently and by continuously adding new checks and functionality to Protect4S, as seen in the changelog. For the last 6 months alone, we added almost 300 new checks to Protect4S. These are not just the monthly SAP Security notes, but also checks for Wily Introscope, the SAP Crypto library and more advanced filtering options for the authorisation checks.
2) Support for SAP BusinessObjects
Protect4S already has coverage for the traditional SAP solutions based on the SAP NetWeaver platform supporting ABAP and JAVA based systems. Next to that, we also support SAP Web Dispatchers and SAP HANA standalone deployments.
Based on customer requests, we have further strengthened our support for other SAP products and Protect4S now also supports SAP BusinessObjects Business Intelligence. Customers can now scan SAP BusinessObjects Business Intelligence systems for missing SAP Security notes and additional checks.
3) Check Exemptions
Often driven by regulations/compliance, customers scan their SAP landscape and focus on vulnerabilities with a High or Very High risk. That is where the mitigation or remediation efforts pay off the most in terms of reducing risk.
This is commonly accepted as a best practice, but it might very well happen that a finding in Protect4S is:
- not applicable to a specific situation.
- that the risk has been diverted or mitigated by other measures already implemented.
- in the process of being mitigated or remediated.
- or that there are other valid reasons why a specific risk would be accepted.
You would then no longer want to see that finding in the output of a scan.
For those specific cases, we have created the Check Exemptions functionality that lets you accept risks in a well-documented way, and if desired, limited to only a specific period and only if you have the authorisations to do so.
4) Support for the SAProuter
Just recently, we added support for the SAProuter. A critical component in routing external traffic to your intranet or routing internal traffic. If it is not secured, it can open up your SAP landscape in unintended ways and introduce risks to the network layer. Therefore, we made it possible to now connect to the SAProuter and scan it for specific SAProuter vulnerabilities and misconfigurations. This makes your SAP landscape even more secure.
5) Improved automated implementation of SAP Security notes
Based on customers’ feedback, we improved the feature to automatically import SAP Security notes for SAP ABAP based systems. This unique feature is only provided by Protect4S and can help you get rid of a large backlog of SAP security notes by automating big parts of the boring and repetitive work. This feature is now more stable, has better feedback and does a better job leading to a maximum of 75% implementation score.
Summing up the above improvements (leaving out even the tons of smaller improvements), we are happy to show that Protect4S is improving continuously and adding more value to our customers.