Thank You!
Thank you for contacting Layer Seven Security. We will respond to your request in 1-2 business days.
Here are some recently published articles speaking to securing your SAP systems.
OPM Data Breach Reveals the Limitations of Cybersecurity Solutions
The fallout from the record-breaking breach disclosed by the Office of Personnel Management (OPM) earlier this month reached a low point at a Capitol Hill hearing on June 16. During the hearing, members of the House Committee on Oversight and Government Reform scolded OPM officials and IT executives for their “complete and utter failure” to protect …
Are 95 percent of SAP systems really vulnerable to cyber attack?
Earlier this month, SAP issued a strongly-worded response to claims made by the software vendor Onapsis in a press release that over 95 percent of SAP systems assessed by Onapsis were exposed to vulnerabilities that could lead to the compromise of SAP systems. According to SAP, “The press release published by Onapsis is aimed at …
Turn the Tide against Cyber Attacks with SAP Enterprise Threat Detection
One of the most striking facts revealed by the 2014 Verizon DBIR is that only one in every six data breaches are detected by organizations that are the victim of such breaches. The statistic revealed that the vast majority of organizations lack the capability to detect incidents that lead to a data breach. According to …
Discover Security Patches for your SAP Systems using System Recommendations
One of the most startling facts revealed by the 2015 Cyber Risk Report is that over 44 percent of data breaches stem from the exploitation of known vulnerabilities that are over two years old. This suggests that effective patching can dramatically lower the likelihood of a successful data breach and, when employed with other countermeasures …
Five Logs that Could Reveal a Data Breach in your SAP Systems
One of the most important discoveries uncovered by security researchers investigating the recent data breach at Anthem is that the original compromise may have occurred as early as April 2014, nine months before the breach was discovered by the organisation. The attack has led to the loss of personal information impacting over 80 million individuals. …
SAP Cybersecurity Framework 2.0: What’s New?
Since the official release of the SAP Cybersecurity Framework in 2014, the standard has become the de facto benchmark for securing SAP systems from advanced cyber threats. Drawing upon guidance issued directly by SAP, as well as the real-world experience of front-line SAP security architects and forensic investigators, the framework delivers a single point of …
Three Steps to Prevent a Sony-Scale Breach of Your SAP Systems
The recent attack experienced by Sony Pictures Entertainment may well prove to be the most significant breach of the year. By all measures, the impact has been devastating for the organization, leading to the loss of almost 40GB of data to attackers. This includes not only proprietary intellectual property such as digital media, blueprints and …
New SAP Guidance Recommends Configuration Validation for Security Monitoring
Some of the most critical recommendations issued by SAP in the recently released paper Securing Remote Function Calls include the use of configuration validation in Solution Manager to monitor RFC destination settings. This includes checks for destinations with stored credentials, trusted connections, and authorizations granted to RFC users in target systems. It also includes the …
Featured in SAPinsider: How to Build Security using SAP Solution Manager
Data breaches occur all too often and organizations are frequently left blindsided. As a result, cybersecurity has become a board-level issue across all industries. According to a recent survey of global business leaders, cyber risk is regarded as one of the most significant threats faced by corporations today, and is consistently rated higher than legislation, …
How to Secure SAP Systems from Password Attacks
Exploiting weak password hashes is one of the most common and successful attack scenarios used against SAP systems. The availability of open-source programs such as Hashcat and John the Ripper enables even novice hackers to perform attacks against SAP passwords. In fact, Hashcat is capable of breaking any SAP password encoded using the BCODE hash …
FBI Director James Comey Speaks out on the Threat of Cybercrime
During a candid discussion with host Scott Pelley of 60 Minutes at FBI headquarters in Washington DC, James Comey speaks out about the threat of cybercrime confronted by American citizens and corporations. Comey declares that cybercrime perpetrated by nation states, criminal syndicates and terrorist organizations has reached epidemic proportions and is directly costing the US …
A Five Step Guide to Securing SAP Systems from Cyber Attack Without Breaking the Bank
With SAP solutions deployed by 85 percent of Forbes 500 companies, they are a prized target for cyber attackers. Watch our Webinar playback to discover how to secure your SAP systems against targeted cyber attacks that could lead to denial of service, financial fraud or intellectual property theft. The Webinar is hosted by John Corvin, …
Three More Reasons for using Solution Manager to Secure SAP Systems from Cyber Attack
Our recent article outlining the advantages of using SAP-delivered components versus third party software resonated strongly with customers seeking an effective and cost-efficient solution to address cyber threats impacting their SAP systems. The article examined the five key benefits of a Solution Manager-based strategy that included lower costs through the avoidance of licensing and maintenance …
Cybersecurity Insurance: Is it Worth the Cost?
According to the most recent annual Cost of Cyber Crime Study by the Ponemon Institute, the average cost of detecting and recovering from cyber crime for organizations in the United States is $5.4 million. Median costs have risen by almost 50 percent since the inaugural study in 2010. The finding masks the enormous variation of …
Five Reasons You Do Not Require Third Party Security Solutions for SAP Systems
You’ve read the data sheet. You’ve listened to the sales spin. You’ve even seen the demo. But before you fire off the PO, ask yourself one question: Is there an alternative? In recent years, there have emerged a wide number of third party security tools for SAP systems. Such tools perform vulnerability checks for SAP …
M-Trends, Verizon DBIR & Symantec ISTR: Detecting and responding to cyber attacks has never been more important
The release of three of the most important annual threat intelligence reports earlier this month confirmed that 2013 was an explosive year for cybersecurity. All three reports point to rising incidences of cyber attack, increasing sophistication of attack vectors and a growing diversity of threat actors and targets. The first of the reports is entitled …
Trustwave Survey Reveals that IT Professionals are Feeling the Pressure of Board Level Scrutiny over Cyber Security
The rise in the rate and sophistication of cyber attacks has predictably fuelled the pressure on security resources. However, the precise complexion and source of the pressure was largely unknown until the recent release of the Trustwave Security Pressures study. The study examines the threats most concerning to security professionals and the preferred responses. The …
A First Look at the U.S Data Security and Breach Notification Act
On January 30, members of the U.S Senate and House of Representatives introduced a new bill intended to enforce federal standards for securing personal information and notifying consumers in the event of a data breach. Sponsored by leaders of the Senate Commerce, Science and Transportation Committee, the Security and Breach Notification Act of 2014 would …
Measuring the Risks of Cyber Attack
Most studies that examine the impact of cyber attack tend to focus on a combination of direct and indirect costs. Directs costs include forensic investigations, financial penalties, legal fees, hardware and software upgrades, etc. The approach is typified by the annual Cost of Data Breach Study performed by the Ponemon Institute, now in its eighth …
Three Parallels between the POS Breach at Target Corp. and Vulnerabilities in ERP systems
The decision of the Office of the Comptroller at the U.S Department of Treasury to recognize cyber threats as one of the gravest risks faced by organisations today appears to be vindicated by the disclosure of an unprecedented data breach at Target Corporation shortly after the release of the Comptroller’s report. Specifics of the breach …
Monitoring Access to Sensitive Data using SAP RAL
The disclosure of up to 200,000 classified documents belonging to the NSA by Edward Snowden in 2013, together with the release of over 750,000 U.S Army cables, reports and other sensitive information by Bradley Manning in 2010, has drawn attention to the need to control and monitor access to confidential data in corporate systems. For …
New malware variant suggests cybercriminals are targeting SAP systems
Security researchers at last week’s RSA Europe Conference in Amsterdam revealed the discovery of a new variant of a widespread Trojan program that has been modified to search for SAP systems. This form of reconnaissance is regarded by security experts as the preliminary phase of a planned attack against SAP systems orchestrated by cybercriminals. The …
SAP HANA: The Challenges of In-Memory Computing
This article is an extract from the forthcoming white paper entitled Security in SAP HANA by Layer Seven Security. The paper is scheduled for release in November 2013. Please follow this link to download the publication. According to research performed by the International Data Corporation (IDC), the volume of digital information in the world is …
Layered Defenses in Oracle 12c: The New Benchmark for Database Security
Oracle databases support more than two thirds of SAP deployments in mid to large size enterprises. Oracle’s domination of the SAP database market is due to a widely regarded performance edge in areas such as compression, availability and scalability. Oracle databases are also optimized for SAP technology as a result of a long-standing partnership between …