Did you ever hear about it? What does it do?
How does it work and what are the attention points of this tool?
It is a tool, included in the Solution Manager suite that allows you to carry out checks on the aspects of SAP Security.
If you already saw the Early Watch service in SAP, produced through the Solution Manager too, well it's really similar. But there are a couple of differences.
If Early Watch wasn't meant for SAP security, it for sure contains some indications, the SAP SOS (Secure Optimization Service) is specific for security aspects. Furthermore, it can be customized, meaning that for some types of searches it's possible to define personalized alert levels.
In the Word or PDF document that is made you can find all the researched findings, as shown below.
It's used to periodically carry out security controls on you SAP systems. But what controls are made? There are many on different areas.
In some cases they can be customized, in other words they can disable some evidence that I think are correct (this isn't possible in EWA - Early Watch).
These are some of the macro areas of controls.
In the OSS Note "1484124 - Guided Security Optimization Self Service - Prerequisites" you can find the pre-requisites that the solution manager must have for this functionality to be available.
Once all the configurations have been done it's possible to plan the execution of the SOS through the SM_WORKCENTER transaction.
Through the use of a survey it's possible to customize the emerged exceptions for different findings.
The SAP SOS is a great tool to start keeping under control your company's SAP systems.
On the other hand, there are some limitations that have to be considered:
But are these truly limitations?
Actually, no in my opinion. The SOS is ideal to begin a path of enterprise maturity and start a process of remediation. Also considering what said above.
To carry out a further maturity path the natural solution would be to activate the SAP Enterprise Threat Detection.