An important step forward in real-time protection of your SAP environment
Introduction
Every month, new security features and use cases are released for our Threat Detection (TD) solution. We do this to keep on top of the current state of SAP security and help our customers in their journey to keep their SAP systems secure. In our May TD release (2305), we added support of the SAP Java system type which means critical use cases for SAP Java systems can now also be detected!
Why is this important?
The SAP Java stack is, next to the classic ABAP stack, commonly deployed in SAP landscapes and therefore widely used. SAP Java stacks unfortunately are also not immune to vulnerabilities and misconfigurations and therefore it is important to have support for this system type. Over the years quite some HotNews SAP Security notes have been released by SAP to fix vulnerabilities in SAP Java components, for which sometimes publicly known exploits exist like the #10Kblaze or SAP Recon vulnerability.
This is even more important since a breach of an SAP Java stack in many cases can lead to lateral moving towards the rest of the (ABAP) landscape. Often SAP Java systems are seen as technical systems or less relevant to the business, yet in many cases they are gateways into the rest of the SAP landscape via e.g. RFC or JCO connections and therefore important to monitor.
Some use case examples
For some examples of existing SAP Java use cases see the list below.
These are all important use cases, some of these are providing initial unauthenticated access into your SAP Java stacks and monitoring this is therefore critical. In our own penetration testing practices, we still find unpatched systems for the SAP Recon exploit for example leading to full administrative access.
Concluding
The support of SAP Java systems is needed to be able to detect abuse and exploitation (attempts) in these widely used SAP systems. Also, SAP Java systems are important from a risk perspective and monitoring is therefore needed. By adding this, the Protect4S Threat Detection solution offers better support for the most used SAP system types and therefore even better capabilities for the detection of threats.
We are excited to have support for the SAP Java stack. Feel free to contact us about the capabilities of our Vulnerability Management and Threat Detection solutions.
For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn!
