Layer Seven Security Blog

Stay up to date on the latest trends in SAP security, new threats and information on protecting your critical systems against an attack

How to Discover Missing Security Notes for Your SAP Systems using ConVal

Posted on
Earlier this month, the New York Stock Exchange released a definitive guide to cybersecurity targeted at directors and officers of public companies. Developed with Palo Alto Networks, the guide includes contributions from over thirty-five industry experts and contends with a wide range of questions including legal and regulatory issues, cyber insurance, supplier risks, and incident …
Read Article

Featured in SAPinsider: Unlocking the Cyber Security Toolkit in SAP Solution Manager

Posted on
How to Implement Advanced Security Monitoring Without Third-Party Software The fear and anxiety driven by the wave of cyber attacks in recent years has led many companies to bolster their security programs. It’s also led to a stream of software solutions from third-party developers offering to solve customers’ cyber security challenges. You may have heard the sales spin, watched the …
Read Article

How to Protect Sensitive Data in Your SAP Systems with Read Access Logging

Posted on
The need to monitor access to classified data in SAP systems has never been greater. End users are increasingly working with SAP data from outside the borders of corporate networks. Corporate information is also increasingly under threat from cyber criminals, hacktivists, cyber spies and terrorists that seek to exploit classified information for financial gain or …
Read Article

Can You Trust SAP with Your System Security?

Posted on
Can you trust SAP with your system security? The question is worth pondering, not least since it is one of the key arguments used by third party software vendors to support the use of their security tools over SAP-delivered solutions. Although the argument is usually made in the context of vulnerability management for cybersecurity, the …
Read Article

Counting the Costs of Cyber Espionage

Posted on
According to a recent study performed by the Center of Strategic and International Studies, the annual cost of cybercrime is more than $400 billion. This is equal to almost 1 percent of global income and higher than the national income of most countries. The report states that “The most important loss from cybercrime is in the …
Read Article

Five Logs that Could Reveal a Data Breach in your SAP Systems

Posted on
One of the most important discoveries uncovered by security researchers investigating the recent data breach at Anthem is that the original compromise may have occurred as early as April 2014, nine months before the breach was discovered by the organisation.  The attack has led to the loss of personal information impacting over 80 million individuals. …
Read Article

SAP Cybersecurity Framework 2.0: What’s New?

Posted on
Since the official release of the SAP Cybersecurity Framework in 2014, the standard has become the de facto benchmark for securing SAP systems from advanced cyber threats. Drawing upon guidance issued directly by SAP, as well as the real-world experience of front-line SAP security architects and forensic investigators, the framework delivers a single point of …
Read Article

Three Steps to Prevent a Sony-Scale Breach of Your SAP Systems

Posted on
The recent attack experienced by Sony Pictures Entertainment may well prove to be the most significant breach of the year. By all measures, the impact has been devastating for the organization, leading to the loss of almost 40GB of data to attackers. This includes not only proprietary intellectual property such as digital media, blueprints and …
Read Article

New SAP Guidance Recommends Configuration Validation for Security Monitoring

Posted on
Some of the most critical recommendations issued by SAP in the recently released paper Securing Remote Function Calls include the use of configuration validation in Solution Manager to monitor RFC destination settings. This includes checks for destinations with stored credentials, trusted connections, and authorizations granted to RFC users in target systems. It also includes the …
Read Article

Featured in SAPinsider: How to Build Security using SAP Solution Manager

Posted on
Data breaches occur all too often and organizations are frequently left blindsided. As a result, cybersecurity has become a board-level issue across all industries. According to a recent survey of global business leaders, cyber risk is regarded as one of the most significant threats faced by corporations today, and is consistently rated higher than legislation, …
Read Article

How to Secure SAP Systems from Password Attacks

Posted on
Exploiting weak password hashes is one of the most common and successful attack scenarios used against SAP systems. The availability of open-source programs such as Hashcat and John the Ripper enables even novice hackers to perform attacks against SAP passwords. In fact, Hashcat is capable of breaking any SAP password encoded using the BCODE hash …
Read Article

FBI Director James Comey Speaks out on the Threat of Cybercrime

Posted on
During a candid discussion with host Scott Pelley of 60 Minutes at FBI headquarters in Washington DC, James Comey speaks out about the threat of cybercrime confronted by American citizens and corporations. Comey declares that cybercrime perpetrated by nation states, criminal syndicates and terrorist organizations has reached epidemic proportions and is directly costing the US …
Read Article

Three More Reasons for using Solution Manager to Secure SAP Systems from Cyber Attack

Posted on
Our recent article outlining the advantages of using SAP-delivered components versus third party software resonated strongly with customers seeking an effective and cost-efficient solution to address cyber threats impacting their SAP systems. The article examined the five key benefits of a Solution Manager-based strategy that included lower costs through the avoidance of licensing and maintenance …
Read Article

Cybersecurity Insurance: Is it Worth the Cost?

Posted on
According to the most recent annual Cost of Cyber Crime Study by the Ponemon Institute, the average cost of detecting and recovering from cyber crime for organizations in the United States is $5.4 million. Median costs have risen by almost 50 percent since the inaugural study in 2010. The finding masks the enormous variation of …
Read Article

M-Trends, Verizon DBIR & Symantec ISTR: Detecting and responding to cyber attacks has never been more important

Posted on
The release of three of the most important annual threat intelligence reports earlier this month confirmed that 2013 was an explosive year for cybersecurity. All three reports point to rising incidences of cyber attack, increasing sophistication of attack vectors and a growing diversity of threat actors and targets. The first of the reports is entitled …
Read Article

Trustwave Survey Reveals that IT Professionals are Feeling the Pressure of Board Level Scrutiny over Cyber Security

Posted on
The rise in the rate and sophistication of cyber attacks has predictably fuelled the pressure on security resources. However, the precise complexion and source of the pressure was largely unknown until the recent release of the Trustwave Security Pressures study. The study examines the threats most concerning to security professionals and the preferred responses. The …
Read Article

A First Look at the U.S Data Security and Breach Notification Act

Posted on
On January 30, members of the U.S Senate and House of Representatives introduced a new bill intended to enforce federal standards for securing personal information and notifying consumers in the event of a data breach. Sponsored by leaders of the Senate Commerce, Science and Transportation Committee, the Security and Breach Notification Act of 2014 would …
Read Article

Measuring the Risks of Cyber Attack

Posted on
Most studies that examine the impact of cyber attack tend to focus on a combination of direct and indirect costs. Directs costs include forensic investigations, financial penalties, legal fees, hardware and software upgrades, etc. The approach is typified by the annual Cost of Data Breach Study performed by the Ponemon Institute, now in its eighth …
Read Article