Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

Cybercrime Projected to Reach $2 Trillion by 2019

Posted on
According to a recent study from Juniper Research, the worldwide cost of data breaches will exceed $2 trillion by 2019. This is equivalent to 2.2% of forecast global GDP and represents a four-fold increase upon data breach costs in 2015. The average cost of data breaches will also increase to $150 million or 25 times …
Read Article

SAP CSO Recommends Solution Manager for Security Monitoring

Posted on
SAP Chief Security Officer, Justin Somaini, opened the first of a series of five webcasts from the America’s SAP User Group (ASUG) on the topic of SAP security. The series is intended to present SAP’s response to the growing concern over cybersecurity by discussing: The IT threat landscape and SAP’s approach to strategic security; Best-practices to safeguard both …
Read Article

Detecting SAP Cyber Attacks with SAP Solution Manager

Posted on
Despite the $75 billion spent by organizations on security software in 2015, average times to detection for cyber attacks are an astounding 170 days (DBIR, 2016). Most attacks therefore go undetected for almost six months. An incident response strategy can address this gap by enabling organizations to proactively discover and contain security incidents that could …
Read Article

SAP Security Notes – August 2016

Posted on
Note 2319506 addresses a blind SQL injection vulnerability in Database Monitors for Oracle. The vulnerability impacts all versions of SAP Basis and rates extremely high on the impact scale using the common vulnerability scoring system. Content-based and time-based blind SQL injection is used by attackers to determine when input is interpreted as a SQL statement. …
Read Article

7 Reasons You Should Upgrade to SolMan 7.2

Posted on
SAP Solution Manager (SolMan) is the epicenter of SAP implementations and the standard for monitoring and maintaining SAP landscapes. The general availability of release 7.2 in August is expected to deliver major advances in seven specific areas. The first is support for managing the implementation lifecycle of HANA and S/4HANA. SolMan 7.2 is optimized to …
Read Article

Three Reasons You Should Budget for SAP Breach Costs

Posted on
The average cost of a data breach has now surpassed $4 million. This is according to the latest study from the Ponemon Institute issued earlier this month. The study surveyed 383 organizations in 12 countries. It revealed that not only are data breach costs increasingly across the board, the probability that organizations will suffer a breach …
Read Article

Security in SAP HANA

Posted on
SAP HANA is now deployed by over 7,500 organizations worldwide. While this represents only a fraction of the 300,000 companies that use SAP software globally, adoption is growing rapidly, doubling in 2015 alone. As expected, the introduction of SAP Business Suite 4 SAP HANA (S/4HANA) has accelerated this growth by widening the use-case for SAP …
Read Article

US-CERT Issues Alert for SAP Invoker Servlet Vulnerability

Posted on
US-CERT published an alert yesterday to warn SAP customers of the dangers posed by the invoker servlet vulnerability in AS Java systems. According to the alert, there is evidence to suggest that SAP systems at 36 organizations have been exploited by the vulnerability. The organizations are based in the United States, United Kingdom, Germany, China, …
Read Article

How to Block RFC Callback Attacks in Your SAP Systems

Posted on
Callback attacks exploit weaknesses in RFC security to execute function modules in calling systems. The impact of such attacks can be severe, ranging from the creation of dialog users with system-wide privileges to modifying or extracting sensitive data. This can occur if client systems execute malicious code within the function modules of connected systems. In …
Read Article

Cybersecurity Targets in China’s New Five Year Plan

Posted on
The details of China’s latest five year plan covering the period between 2016-2020 are expected to be released next month but early indications suggest it will focus upon reducing China’s reliance on foreign technology. Intelligence agencies and security researchers contend there is a strong correlation between industries targeted for growth by China and industries that suffer data …
Read Article

Managing Security with SAP Solution Manager

Posted on
SAP Solution Manager is the second most widely deployed SAP product after ECC. In other words, there are more installations of SolMan in the world than there are for products such as BI, PI, CRM and SRM. This isn’t surprising when you take into account that SolMan is for IT what ECC is for business: …
Read Article

What’s New in the SAP Cybersecurity Framework 3.0

Posted on
Released earlier this month, the third version of the SAP Cybersecurity Framework includes important changes in the areas of transport layer security, logging and monitoring, and vulnerability management. It also discusses the most significant hack against SAP systems to date: the devastating data breach suffered by U.S Investigation Services (USIS). USIS performed background checks on …
Read Article

Season’s Greetings

Posted on
As we near the end of the year, we would like to express our gratitude to the customers, partners and supporters that have contributed to another record year at Layer Seven Security. We look forward to relentlessly serving your cybersecurity needs in 2016 by securing your SAP assets and enabling you to maximize the value of …
Read Article

Get Ready for SAP Solution Manager 7.2: What to Expect

Posted on
It’s well known that licenses for SAP Solution Manager are included in SAP maintenance and support agreements. However, with the release of version 7.2 next year, SAP will take this a step further by providing free licenses for SAP HANA for use with SolMan 7.2. Customer’s will still have to pay for hardware costs but …
Read Article

Are your System Users Vulnerable to SAP Hacks?

Posted on
One of the most telling statistics revealed at BlackHat USA earlier this year was the fact that 84 percent of InfoSec professionals regard unmanaged privileged credentials as the biggest cyber security vulnerability within their organizations. For SAP environments, the dangers posed by abusing user accounts with privileged access are well-known and can include shutting down SAP …
Read Article

Monitoring SAP Security Metrics with SolMan Dashboards

Posted on
SAP Solution Manager (SolMan) includes a complete dashboard framework for visualizing data metrics and KPIs across a wide variety of areas. This includes areas such as availability, performance, service delivery, and crucially, system security. What’s more, the process for enabling and customizing dashboards is relatively quick and simple. This short guide walks through the steps to …
Read Article

How to Discover Missing Security Notes for Your SAP Systems using ConVal

Posted on
Earlier this month, the New York Stock Exchange released a definitive guide to cybersecurity targeted at directors and officers of public companies. Developed with Palo Alto Networks, the guide includes contributions from over thirty-five industry experts and contends with a wide range of questions including legal and regulatory issues, cyber insurance, supplier risks, and incident …
Read Article

Featured in SAPinsider: Unlocking the Cyber Security Toolkit in SAP Solution Manager

Posted on
How to Implement Advanced Security Monitoring Without Third-Party Software The fear and anxiety driven by the wave of cyber attacks in recent years has led many companies to bolster their security programs. It’s also led to a stream of software solutions from third-party developers offering to solve customers’ cyber security challenges. You may have heard the sales spin, watched the …
Read Article

How to Protect Sensitive Data in Your SAP Systems with Read Access Logging

Posted on
The need to monitor access to classified data in SAP systems has never been greater. End users are increasingly working with SAP data from outside the borders of corporate networks. Corporate information is also increasingly under threat from cyber criminals, hacktivists, cyber spies and terrorists that seek to exploit classified information for financial gain or …
Read Article

Can You Trust SAP with Your System Security?

Posted on
Can you trust SAP with your system security? The question is worth pondering, not least since it is one of the key arguments used by third party software vendors to support the use of their security tools over SAP-delivered solutions. Although the argument is usually made in the context of vulnerability management for cybersecurity, the …
Read Article

Counting the Costs of Cyber Espionage

Posted on
According to a recent study performed by the Center of Strategic and International Studies, the annual cost of cybercrime is more than $400 billion. This is equal to almost 1 percent of global income and higher than the national income of most countries. The report states that “The most important loss from cybercrime is in the …
Read Article