The SAP Security Blog

The General Data Protection Regulation (GDPR) will be enforceable throughout the European Union in less than a month. The regulation specifies how personal data should be managed and applies to organizations that collect data on EU citizens, regardless of whether or not they are located within the EU. GDPR requirements include data protection measures to secure systems that store or process personal data (privacy by design). They also include breach notification requirements that oblige organiza ...
read more
SAP systems operate in highly interconnected landscapes integrated by numerous interfacing technologies.  The most common interface technology is the RFC protocol. The RFC protocol enables remote-enabled function modules (RFMs) to be called in remote systems. Some RFMs can be exploited to perform dangerous, administrative commands in target systems. For example, the function module BAPI_USER_CREATE can be used to create or maintain users. RFC_ABAP_INSTALL_AND_RUN can be used to register and exe ...
read more
How does Solution Manager perform threat detection for SAP systems? What type of events are detected? Which logs are monitored? Is this real-time or near-time monitoring?  Do you receive email and SMS notifications for alerts? How do you prevent alert flooding? How do you use guided procedures for alert handling and forensic investigations? Is it possible to customize workflows in guided procedures? How do you integrate SolMan alerts with SIEM platforms for event correlation? What are the diffe ...
read more
The SAP Integration and Certification Center (ICC) has been validating and certifying solutions from partners and software vendors for over twenty years. The certifications provided by the ICC are based on rigorous testing and enable customers to invest with confidence in technologies that integrate with SAP solutions. This includes technologies that support security scenarios such as automated vulnerability management, code scanning and threat detection. The ICC cannot certify SAP’s own prod ...
read more
Does Solution Manager have a complex installation process? Is it difficult to maintain? Does it create dangerous connections with SAP systems? Is it a high value target for attackers? Does it provide no support for zero-day vulnerabilities? This article tackles the five most common myths about SAP Solution Manager and reveals the truth behind the fiction. The first and most common myth is that SAP Solution Manager is complex to install and difficult to maintain. In fact, the installation p ...
read more
Firewalls, intrusion detection systems, and antivirus solutions may not protect SAP systems against advanced cyberattacks. However, this does not necessarily mean that SAP customers have to license third-party vulnerability scanning or threat detection solutions to deal with the risk. The answer to their security questions may be closer than they realize. Bundled with standard and enterprise SAP support agreements, SAP Solution Manager 7.2 includes five integrated applications to safeguard SAP s ...
read more
There has never been a greater need to monitor access to sensitive data in SAP systems. SAP data is increasingly accessible from access points outside network perimeters. Data in SAP systems is also targeted by attackers for cybercrime and corporate espionage. This article demonstrates how you can use SAP Solution Manager to detect and contain potential information leaks in your SAP systems before they lead to a full-blown data breach. The demonstration leverages the advanced diagnostics capabil ...
read more
On September 15, Equifax released a statement to confirm the initial attack vector that led to the compromise of personal information relating to 143 million consumers in the US, UK and Canada targeted an Apache Struts vulnerability within a web application that supports the organization’s online dispute portal. The patch for the vulnerability had been available since March but had not been applied by Equifax at the time the breach was detected on July 29. The patch was subsequently applied by ...
read more
Interface Monitoring provides the answer to one of the most vexing questions in SAP security: where are our vulnerable cross-system connections and how do we monitor them to ensure they’re not abused by attackers? Although Interface Monitoring, also known as Interface Channel Monitoring or ICMon, has been available in SAP Solution Manager since version 7.10 SP05, the application has been completely overhauled in version 7.2, especially in SP05, which has been in general availability since J ...
read more
How does Solution Manager detect threats and vulnerabilities in SAP systems? What specific applications in SolMan are used for vulnerability, patch and threat management? What are the requirements for using these areas? How long does it take to configure? What are the differences between monitoring using SolMan 7.1 and 7.2? What are the benefits of using SolMan versus third party tools such as Onapsis? Why should you partner with Layer Seven Security to help you leverage the cybersecurity capabi ...
read more