Skip to main content
Blog

6 reasons why SAP Solution Manager is too limited for SAP Vulnerability Management

By 4 May 2022No Comments

Limitations of EWA, SR, SOSS and CV 

SAP Vulnerability Management

When talking to customers on the topic of SAP Vulnerability management, quite often we get back that they “have this covered”. But when zooming in on specifics, this often means that they look at the Security chapter of the EarlyWatch Alert report occasionally. Sometimes this is combined with other standard SAP Solution Manager functionality like the System Recommendations, Security Optimisation Self Service or (rarely) Configuration Validation. A non-representative survey held among members of a focus group of the Dutch User group VNSG shows the same indication. When asked “What does your organisation use in the area of SAP Vulnerability Management?” they responded:

SAP Vulnerability Management survey

While in the past this might have been enough for specific offline scenarios, nowadays it surely isn’t. With more and more customers opening their SAP systems to the internet, using hybrid scenarios partially in the cloud and stricter compliance pressure, there is a stronger need for being in control of the security of your SAP systems. And the security chapter of an EarlyWatch Alert report alone doesn’t get you there. The feedback we get from customers on the standard SAP Solution Manager tooling, condensed in a few bullets, is that it is:

  1. Not user-friendly
  2. Not easy to setup / takes many expensive external consulting hours
  3. Not integrated
  4. Incomplete / has false positives around SAP System Recommendations
  5. Not informative enough when it comes to mitigation
  6. Not really supporting the Vulnerability Management process

To solve the above shortcomings, we developed Protect4S. An easy-to-deploy solution (no agents needed) providing customers with deep insight into the security status of their SAP systems, without the need for additional manpower, that helps raise the level of SAP Security when embedded in a structural SAP Vulnerability Management process. This is to get, and stay, in control of the security of your business-critical SAP systems while preventing Fraud, Sabotage or Espionage.

For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn and subscribe to our YouTube channel!