The SAP Security Blog

On September 15, Equifax released a statement to confirm the initial attack vector that led to the compromise of personal information relating to 143 million consumers in the US, UK and Canada targeted an Apache Struts vulnerability within a web application that supports the organization’s online dispute portal. The patch for the vulnerability had been available since March but had not been applied by Equifax at the time the breach was detected on July 29. The patch was subsequently applied by ...
read more
Interface Monitoring provides the answer to one of the most vexing questions in SAP security: where are our vulnerable cross-system connections and how do we monitor them to ensure they’re not abused by attackers? Although Interface Monitoring, also known as Interface Channel Monitoring or ICMon, has been available in SAP Solution Manager since version 7.10 SP05, the application has been completely overhauled in version 7.2, especially in SP05, which has been in general availability since J ...
read more
How does Solution Manager detect threats and vulnerabilities in SAP systems? What specific applications in SolMan are used for vulnerability, patch and threat management? What are the requirements for using these areas? How long does it take to configure? What are the differences between monitoring using SolMan 7.1 and 7.2? What are the benefits of using SolMan versus third party tools such as Onapsis? Why should you partner with Layer Seven Security to help you leverage the cybersecurity capabi ...
read more
Released earlier this month, Support Pack 5 for SAP Solution Manager 7.2 delivers important enhancements in several key areas. This includes support for exporting and importing solution documentation between systems, improved SAP-delivered solution blueprints, and an enhanced graphical editor for mapping business processes. SP05 also introduces a new Fiori App for Quality Gate Management in ChaRM. There are also new Fiori Apps for Data Volume Management to support data aging and identifying unus ...
read more
The results of the recent Verizon DBIR revealed significant differences between industries in terms of vulnerability patching. Organizations in sectors such as information technology and manufacturing typically remove over 75% of vulnerabilities within 3 weeks of detection. At the other end of the spectrum, 75% or more of vulnerabilities discovered in financial and public sector organizations and educational institutions remain unpatched for longer than 12 weeks after discovery. The DBIR ...
read more
The Data Breach Investigations Report (DBIR) has chronicled the growth in security and data breaches for over a decade.  The findings of the most recent report released on April 27 are based on the analysis of more than 42,000 security incidents across a variety of industries and countries. For the first time, the DBIR examines security breaches for key industries to analyze threats confronted by specific verticals. According to the report, attack patterns and motives, as well as susceptibil ...
read more
Attending next month's SAPPHIRE NOW and ASUG Annual Conference? Drop by booth #1280A for a live demonstration of security monitoring using SAP Solution Manager. Learn how to schedule Service Level Reports to automatically detect vulnerabilities in your SAP systems, enable Dashboards to monitor security KPIs, detect and apply security notes using System Recommendations, monitor system interfaces with Interface Monitoring, and leverage Security Alerts for real-time threat detection. ...
read more
SAP Fiori revolutionizes the user experience in Solution Manager 7.2. The dynamic tile-based layout replaces the work center approach in Solution Manager 7.1. In fact, since the Fiori launchpad provides direct and customizable access to applications, it virtually removes the role of work centers in Solution Manager.  Fiori and Fiori Apps are the first pillar of the new user experience in Solution Manager. The second is the revised dashboard framework. Both Fiori and the dashboard framework a ...
read more
Service Level Reporting (SLR) in SAP Solution Manager performs regular checks against key performance indicators using information available from the EarlyWatch Alert (EWA), Business Warehouse (BW) and the Computer Center Management System (CCMS). The checks can be for single systems or systems grouped into solutions. Reports run automatically on a weekly or monthly schedule but can also be triggered manually for on-demand reporting. SLRs can be displayed in HTML or Microsoft Word. SAP Solution ...
read more
Cyber attacks are at epidemic levels. According to research performed by 360 Security, there were over 85 billion attacks in 2015, equivalent to 2000 attacks per second. The cost of data breaches continues to grow, year after year, and reached record levels in 2016. Juniper Research estimate that average costs will exceed $150M within three years. Introduced in 2014, the SAP Cybersecurity Framework provides the most comprehensive benchmark for securing SAP systems against advanced persistent ...
read more