SAP Cyber Security for SME

Posted by Fabio Mambretti on Apr 29, 2022 12:00:00 AM

Who said that in order to have powerful systems you need to have many resources?

Security Bridge

 

How can a small enterprise be compete with a big corporation?

What is an SME?

The European Union provides a definition of what SME are, see here

One of the difficulties that this type of enterprise has is the lack of strategy and vision in terms of security, including in the SAP security. This means that they have a contingent approach, without any overall view.

 

Which are the most common struggles?

They are many, even if they're not true in all contexts. These are:

  • Limited expertise on very vertical solutions (internal or external)
  • New software management or tools
  • Costs for hardware and software in general
  • A lacking of strategic vision on security topics

 

What can a new software simplify? It's true, it's rare for a new software to just resolve the problem. In most cases though, if this is set correctly, it can make things easier.

 

That would be the case, for example, for the SecurityBridge suite. With its modules it's possible to understand and evaluate risks on SAP systems. All of this taking advantage of the limited footprint of the already existing resources or through a dedicated outsourcing service.

 

What is SecurityBridge?

SecurityBridge is a suite, certified by SAP AG, that allows to control in real time:

  • Threat exposure
  • Vulnerabilities
  • Code security
  • Patch management
  • Management and control of interfaces

It can be utilized in ABAP systems starting from Basis version 7.3x and can be used both via WebDynpro interface and FIORI interface. In this last case the presence of a SAP Gateway is needed. In the image below you can see the FIORI SecurityBridge launchpad

FIORI SAP Security Bridge

 

Where can you install it and what does it allow you to do?

The installation is quite simple since it's based on the loading of Change Requests through the standard transport system (TSM).

 

Having an ABAP based system with the cited requisites is enough, as it has to assume the role of controller on which the tool and the base configurations are installed.

 

Afterwards the systems that need to be supervised can be connected. On these only the run-time (Agent) part is installed, and they receive the Controller's configurations, as in the image below, where you can see two SAP ERP systems and an S/4HANA system, as well as SAP Solution Manager (Controller)

SISTEMI

By this point on the Controller system it's already possible to run analysis both on the "static level" (global status of the system security) and the "dynamic level" (real time event collection).

 

Below it's possible to see for every connected system the controls that were run and the entity of risk. It's also possible to have a segregated view (Area of responsibility), which is useful to address various incidents to the right teams.

Area of Responsability SAP

If we delve into the details it's possible to find, for example in the Identity and Access part, the details of controls:

Indentity and Access

 

While at the dynamic level it's possible to see the events and use the dashboards for the detailed navigation

Threat Management SAP

For every type of information, you can descend to a deeper level of detail until you get you single events.

SAP log real time

 

The generated events can be then shared with a SIEM or SOAR for more analysis.

 

Do you want to learn more about how to control your systems with this tools?

 

Blog post originally translated from: https://www.aglea.com/blog/sap-cyber-security-per-pmi

 

Ask for a demonstration

Topics: sap cyber security, siem, threat detection, security bridge

Subscribe Here!

Blog Aglea, cosa puoi trovare?

Ogni mercoledì pubblichiamo articoli, interviste e documenti relativi alla security SAP.

Cosa puoi trovare:

  • Suggerimenti su come mettere in sicurezza i sistemi SAP
  • Come fare a … (How To)
  • Checklist
  • Gli errori comuni che spesso vengono fatti in ambito Security SAP
  • Interviste con esperti del settore
  • Chi è AGLEA quale è la nostra vision security SAP

Recent Posts

Post By Topic

See all