limkedin Skip to main content

Detect downloading of sensitive data in SAP 

By 7 February 2023No Comments

Highlighting an SAP Threat Detection use case  

Our recently launched SAP Threat Detection solution helps organisations protect their sensitive data from external and internal threats. SAP systems are widely used by organisations to manage critical business processes and data. However, these systems are also vulnerable to data breaches, as external attackers or internal actors can gain access to sensitive data by exploiting vulnerabilities, abuse too wide privileges or by stealing login credentials. To protect against these threats, organisations can use Protect4S Threat Detection to monitor and detect many types of behaviour and actions that may pose a risk to the organisation. For example, the downloading of sensitive data from specific tables within their SAP systems.  

SAP systems typically store a lot of sensitive data. For example competition relevant data, trade secrets, secret recipes for production of consumer goods, customer data, employee data, credit card data, data that can be used to manipulate the stock market value, etc. All this information is eventually stored in SAP tables and should be carefully protected by setting strict authorisations so only allowed users have access.  

However, these authorisations can be bypassed. For example by authorisations that are set too wide by accident, by exploiting vulnerabilities in the system or via social engineering. This introduces the risk of unauthorised people being able to access and download sensitive data from your SAP system. 

To be able to detect the above threat, one of the use cases within the Protect4S Threat Detection solution actively monitors for downloading of data from sensitive tables. This can be done by setting up custom rules that are triggered when for example data is being downloaded or even copied to the clipboard from specific tables. The use case is shipped with many sensitive standard SAP tables such as HR tables, tables that contain password hashes and the table that contains the secure store. This list can be modified and extended with custom tables that customers create themselves. Exceptions can be made to prevent false positives, as in the below example: 

image - Detect downloading of sensitive data in SAP 

Whenever these tables are downloaded or copied to the clipboard, Protect4S Threat Detection will create a threat that in turn can be sent to a SIEM solution for further processing. This will help the organisation quickly detect and respond to suspicious activities. The threat alert contains all relevant information for further containment, references for more information, details about the involved user and hostname and the original event that triggered the threat, for example:

image - Detect downloading of sensitive data in SAP 

To summarise, Protect4S SAP Threat Detection is a powerful solution that can help organisations protect their sensitive data in SAP systems from unauthorised access and downloads. By setting up custom rules, organisations can quickly detect and respond to suspicious activities and prevent further distribution of sensitive data. 

Interested to learn more? We are happy to tell you more about our SAP Vulnerability Management and Threat Detection capabilities. For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn!