December 2018 - Layer Seven Security

Layer Seven Security Recognized as an SAP Cybersecurity Leader

Layer Seven on December 17, 2018

Layer Seven Security has been named as the leading SAP cybersecurity provider in the 2018 Top 10 SAP Solution Providers. According to the source of the study, Layer Seven Security provide a “unique and innovative approach to securing business-critical SAP systems against cyber threats”. The study recognizes Layer Seven as an “innovative force in the SAP cybersecurity industry” for delivering “leading-edge vulnerability management, patch management, threat detection and incident response without requiring customers to license and install complex and expensive new platforms.”

The report also acknowledges the SAP partner’s “extraordinary levels of year-on-year growth”. Layer Seven Security more than doubled it’s customer base and experienced a 350% surge in revenue in 2018. The company recently announced an ambitious 3-year roadmap that includes recent innovations such as interactive security reporting based on SAP Web Intelligence, monitoring for Java users with administrative privileges, and security monitoring for SAP databases including Sybase ASE. Planned innovations include integration between SAP Solution Manager and the NetWeaver add-on for Code Vulnerability Analysis, the development of Fiori applications for embedded security reporting in SAP Solution Manager, and support for OS, cloud and network platforms for end-to-end security monitoring of the SAP technology stack.

Webinar Recording: Security Analytics with SAP Web Intelligence

Layer Seven on December 17, 2018

Watch the webinar replay to learn how to visualize security risks in your SAP systems using interactive reports in SAP Web Intelligence. Powered by the BusinessObjects platform, Web Intelligence connects directly to data sources in SAP Solution Manager to convey system vulnerabilities, missing security notes and open alerts using dynamic charts and graphs and detailed tables.

Join the global leaders in security monitoring with SAP Solution Manager to learn how to:

– Discover security vulnerabilities
– Manage missing patches
– Detect alerts for security incidents
– Collaborate and track remediation efforts using comments
– Filter and sort report data
– Export and share results
– Access reports remotely

We will also demonstrate how you can trial Web Intelligence using Layer Seven’s cloud platform.

Watch Now

SAP Security Notes, November 2018

Zarah on December 7, 2018

Hot News Note 2622660 includes critical security updates for web browser controls delivered with SAP Business Client. The Client provides a unified environment for SAP applications including Fiori, SAP GUI, and Web Dynpro. It supports browser controls from Internet Explorer (IE) and Chrome for displaying HTML content. Security corrections for the WebBrowser control of the .NET framework in IE are delivered directly by Microsoft. Unlike IE, the browser control for Chrome is embedded in SAP Business Client using the open source Chromium Embedded Framework (CEF). Security fixes are provided by the Chromium project and delivered by SAP through periodic Security Notes. Note 2622660 was updated for multiple high-risk vulnerabilities addressed by Chromium release 70.0.3538.

Note 2681280 patches a critical remote code execution vulnerability in SAP HANA Streaming Analytics (HSA). The vulnerability impacts the open source Java-based Spring Framework library used by HSA. The note carries a CVSS score of 9.9/10.

Note 2701410 deals with a high-risk directory traversal vulnerability that could be exploited by attackers to access, modify or corrupt files on hosts supporting SAP Disclosure Management.

Note 2693083 removes transaction ZPTTNO_TIME from the standard role SAP_PS_RM_PRO_RECMANAGER. The transaction could be abused to escalate privileges in CRM Records and Case Management.