Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

Survey Reveals 65 percent of SAP Platforms Were Breached Between 2014-15

Posted on
Earlier this week, the Ponemon Institute released the results of the most comprehensive study performed to date on the state of SAP cybersecurity. The Institute is widely known for the annual Cost of Data Breach report that trends average data breach costs across major countries. However, it also performs a variety of other studies related …
Read Article Survey Reveals 65 percent of SAP Platforms Were Breached Between 2014-15

Cybersecurity Targets in China’s New Five Year Plan

Posted on
The details of China’s latest five year plan covering the period between 2016-2020 are expected to be released next month but early indications suggest it will focus upon reducing China’s reliance on foreign technology. Intelligence agencies and security researchers contend there is a strong correlation between industries targeted for growth by China and industries that suffer data …
Read Article Cybersecurity Targets in China’s New Five Year Plan

What’s New in the SAP Cybersecurity Framework 3.0

Posted on
Released earlier this month, the third version of the SAP Cybersecurity Framework includes important changes in the areas of transport layer security, logging and monitoring, and vulnerability management. It also discusses the most significant hack against SAP systems to date: the devastating data breach suffered by U.S Investigation Services (USIS). USIS performed background checks on …
Read Article What’s New in the SAP Cybersecurity Framework 3.0

Season’s Greetings

Posted on
As we near the end of the year, we would like to express our gratitude to the customers, partners and supporters that have contributed to another record year at Layer Seven Security. We look forward to relentlessly serving your cybersecurity needs in 2016 by securing your SAP assets and enabling you to maximize the value of …
Read Article Season’s Greetings

Are your System Users Vulnerable to SAP Hacks?

Posted on
One of the most telling statistics revealed at BlackHat USA earlier this year was the fact that 84 percent of InfoSec professionals regard unmanaged privileged credentials as the biggest cyber security vulnerability within their organizations. For SAP environments, the dangers posed by abusing user accounts with privileged access are well-known and can include shutting down SAP …
Read Article Are your System Users Vulnerable to SAP Hacks?

Monitoring SAP Security Metrics with SolMan Dashboards

Posted on
SAP Solution Manager (SolMan) includes a complete dashboard framework for visualizing data metrics and KPIs across a wide variety of areas. This includes areas such as availability, performance, service delivery, and crucially, system security. What’s more, the process for enabling and customizing dashboards is relatively quick and simple. This short guide walks through the steps to …
Read Article Monitoring SAP Security Metrics with SolMan Dashboards

How to Discover Missing Security Notes for Your SAP Systems using ConVal

Posted on
Earlier this month, the New York Stock Exchange released a definitive guide to cybersecurity targeted at directors and officers of public companies. Developed with Palo Alto Networks, the guide includes contributions from over thirty-five industry experts and contends with a wide range of questions including legal and regulatory issues, cyber insurance, supplier risks, and incident …
Read Article How to Discover Missing Security Notes for Your SAP Systems using ConVal

Featured in SAPinsider: Unlocking the Cyber Security Toolkit in SAP Solution Manager

Posted on
How to Implement Advanced Security Monitoring Without Third-Party Software The fear and anxiety driven by the wave of cyber attacks in recent years has led many companies to bolster their security programs. It’s also led to a stream of software solutions from third-party developers offering to solve customers’ cyber security challenges. You may have heard the sales spin, watched the …
Read Article Featured in SAPinsider: Unlocking the Cyber Security Toolkit in SAP Solution Manager

How to Protect Sensitive Data in Your SAP Systems with Read Access Logging

Posted on
The need to monitor access to classified data in SAP systems has never been greater. End users are increasingly working with SAP data from outside the borders of corporate networks. Corporate information is also increasingly under threat from cyber criminals, hacktivists, cyber spies and terrorists that seek to exploit classified information for financial gain or …
Read Article How to Protect Sensitive Data in Your SAP Systems with Read Access Logging

OPM Data Breach Reveals the Limitations of Cybersecurity Solutions

Posted on
The fallout from the record-breaking breach disclosed by the Office of Personnel Management (OPM) earlier this month reached a low point at a Capitol Hill hearing on June 16. During the hearing, members of the House Committee on Oversight and Government Reform scolded OPM officials and IT executives for their “complete and utter failure” to protect …
Read Article OPM Data Breach Reveals the Limitations of Cybersecurity Solutions

Are 95 percent of SAP systems really vulnerable to cyber attack?

Posted on
Earlier this month, SAP issued a strongly-worded response to claims made by the software vendor Onapsis in a press release that over 95 percent of SAP systems assessed by Onapsis were exposed to vulnerabilities that could lead to the compromise of SAP systems. According to SAP, “The press release published by Onapsis is aimed at …
Read Article Are 95 percent of SAP systems really vulnerable to cyber attack?

Turn the Tide against Cyber Attacks with SAP Enterprise Threat Detection

Posted on
One of the most striking facts revealed by the 2014 Verizon DBIR is that only one in every six data breaches are detected by organizations that are the victim of such breaches. The statistic revealed that the vast majority of organizations lack the capability to detect incidents that lead to a data breach. According to …
Read Article Turn the Tide against Cyber Attacks with SAP Enterprise Threat Detection

Discover Security Patches for your SAP Systems using System Recommendations

Posted on
One of the most startling facts revealed by the 2015 Cyber Risk Report is that over 44 percent of data breaches stem from the exploitation of known vulnerabilities that are over two years old. This suggests that effective patching can dramatically lower the likelihood of a successful data breach and, when employed with other countermeasures …
Read Article Discover Security Patches for your SAP Systems using System Recommendations

Five Logs that Could Reveal a Data Breach in your SAP Systems

Posted on
One of the most important discoveries uncovered by security researchers investigating the recent data breach at Anthem is that the original compromise may have occurred as early as April 2014, nine months before the breach was discovered by the organisation.  The attack has led to the loss of personal information impacting over 80 million individuals. …
Read Article Five Logs that Could Reveal a Data Breach in your SAP Systems

SAP Cybersecurity Framework 2.0: What’s New?

Posted on
Since the official release of the SAP Cybersecurity Framework in 2014, the standard has become the de facto benchmark for securing SAP systems from advanced cyber threats. Drawing upon guidance issued directly by SAP, as well as the real-world experience of front-line SAP security architects and forensic investigators, the framework delivers a single point of …
Read Article SAP Cybersecurity Framework 2.0: What’s New?

Three Steps to Prevent a Sony-Scale Breach of Your SAP Systems

Posted on
The recent attack experienced by Sony Pictures Entertainment may well prove to be the most significant breach of the year. By all measures, the impact has been devastating for the organization, leading to the loss of almost 40GB of data to attackers. This includes not only proprietary intellectual property such as digital media, blueprints and …
Read Article Three Steps to Prevent a Sony-Scale Breach of Your SAP Systems

New SAP Guidance Recommends Configuration Validation for Security Monitoring

Posted on
Some of the most critical recommendations issued by SAP in the recently released paper Securing Remote Function Calls include the use of configuration validation in Solution Manager to monitor RFC destination settings. This includes checks for destinations with stored credentials, trusted connections, and authorizations granted to RFC users in target systems. It also includes the …
Read Article New SAP Guidance Recommends Configuration Validation for Security Monitoring

Featured in SAPinsider: How to Build Security using SAP Solution Manager

Posted on
Data breaches occur all too often and organizations are frequently left blindsided. As a result, cybersecurity has become a board-level issue across all industries. According to a recent survey of global business leaders, cyber risk is regarded as one of the most significant threats faced by corporations today, and is consistently rated higher than legislation, …
Read Article Featured in SAPinsider: How to Build Security using SAP Solution Manager

FBI Director James Comey Speaks out on the Threat of Cybercrime

Posted on
During a candid discussion with host Scott Pelley of 60 Minutes at FBI headquarters in Washington DC, James Comey speaks out about the threat of cybercrime confronted by American citizens and corporations. Comey declares that cybercrime perpetrated by nation states, criminal syndicates and terrorist organizations has reached epidemic proportions and is directly costing the US …
Read Article FBI Director James Comey Speaks out on the Threat of Cybercrime