Protect4S

Blog

SAP systems: 50 % less risk in just 1 day

April 21, 2016

Cybercrime and the real threat it poses have received a lot of media attention in recent months. However, little has been written about the way in which companies deal with this threat on a day-to-day basis.

In general companies are focused on their core business and  they typically do not like to get sidetracked by cybercrime and risk issues.
Although SAP provides the instruments necessary for risk reduction, relatively few of their customers spend the time and effort needed to implement them effectively. In addition to this, most don’t take the trouble to analyse the hundreds of SAP system parameter settings or the thousands of SAP Security Notes, let alone keeping up with these notes and applying them as they are released.

However, SAP parameter changes and security note applications are mitigation measures that can be applied with relative ease and are very worthwhile in terms of risk reduction.

Protect4S identifies these easy-to-solve vulnerabilities

ERP Security has found that this group constitutes at least 50% of all detected vulnerabilities.

For example, on a typical SAP IDES system (ERP6.0 EHP4 based on Netweaver 7.01) the Protect4S vulnerability scanner  identifies these vulnerabilities using a heatmap:

Risk Mitigation heatmap

Risk Mitigation effort Heatmap

As can be seen above the vulnerabilities with either extra low or low mitigation effort represent at least 50% of the total weighted risk in the system.

Automatically generated mitigation plan

We define mitigation effort as :

Risk Mitigation effort

Risk Mitigation effort

Protect4S automatically generates a mitigation plan containing all actions having either an extra low or a low mitigation effort :

Risk Mitigation plan

Risk Mitigation plan

This mitigation plan nicely groups the required mitigation actions and also contains the solutions for the vulnerabilities found. It can be executed by any SAP technical consultant in a single day.

Risk history overview

 

Risk History overview

Risk history overview

The risk history overview in Protect4S shows the results of the mitigation measures taken. In this specific example, the total weighed risk was reduced by 62,5% in a single day through  the application of security notes and adjustment of SAP parameters only

Protect4S elimitates risk and simplifies SAP security

  • Using Protect4S you can at least halve the risk to your SAP systems within a day.  The rest of the vulnerabilities can also be solved, but that will take longer.
  • Protect4S enables a simple 3-step SAP Security Processscan -> analyse -> mitigate -which puts you in control of your business security.

Start reducing the risks in your SAP systems now with Protect4S.

For more information:

FAQ
Request a demo
Contact us: +31 (317) 84 26 46


Back to the blog overview