The outgrowing SAP attack surface - Part 3 of 3
Take a look at the cover image and reflect for a moment on what you are feeling. As a reminder - at the end of our journey, we want to look at the overwhelming SAP attack surface without getting a bad feeling or even high blood pressure.?
In this last part of the series I will focus on the necessary components of the recipe for success. If implemented correctly, you will find that even in the case of unexpected disclosure of serious SAP vulnerabilities, chaos will no longer break out and you will immediately know what to do. Perhaps you will even be able to fix the vulnerability before a patch has been released with a virtual patch or an effective countermeasure.?
What is needed??
The ultimate goal is to avoid chaotic situations arising caused by the release of previously unknown security vulnerabilities existing in the critical enterprise applications an organization uses. Organizations need to have a plan which consists of multiple dimensions to foster the cyber security posture. And the positive side effect of this is that you will be able to actively manage the attack surface. This means you will get to know it in detail and at the same time be able to evaluate the risk.?
Please mind that any of these below mentioned areas needs to adhere to continuous innovation methodologies. In other words, this needs to be a dynamic, living standard that gets continuously revisited and optimized.?
Monitoring
Security monitoring is very important, because it allows to detect anomalies. If you accept the existence of zero-days in your technology stack, you will find that monitoring is helpful in detecting the effects of misuse. Transparent monitoring of malicious actions enables timely threat detection and increases the ability to respond with precision to prevent significant damage to the business.?
Security Hardening?
Caused by the complexity of SAP applications, many organizations lack the understanding of their individual attacker’s surface. This is needed to implement efficient security hardening, that targets to increase the security posture of the SAP environment. Combined with regular assessment organizations can the achieve a steady optimization of their cyber resilience.??
With every change applied (e.g. the creation of new RFC Destination (SM59)) the security impact needs to be questioned. Security hardening for SAP applications spans across the following areas:
领英推荐
This areas also needs to be continuously improved to reflect the rapidly changing attack landscape.?
Regular assessments?
Regular or better continuous assessments that alert upon deviation from the security hardening guidelines will be needed to retain the desired level of protection. In today's world, it is necessary that IT landscapes are constantly changing. Therefore, it is no longer sufficient to check the system security only once a quarter, for example. Every deviation from the established standard should be detected, in real-time. Furthermore, a process must be established to ensure that the deviation can be corrected quickly.?
Solution?
Now that you have learned that you cannot put your fortune into the hands of the producer of any enterprise application, and that serious vulnerabilities could become public at any time, you should try to reflect this learning with the appropriate actions depending on your organizations current situation. Of course, it is not enough to always know the vulnerabilities or exploitation technics that are "on everyone's lips" at the moment. Better focus on creating a situation that will keep you calm in a moment where others panic.
The SecurityBridge Platform helps SAP customers to establish this process in an easy and resource-saving way.?
Chief Customer, Field Technical/PS leadership and Customer Success Leader Adviser, CyberSecurity, AI Governance, Cloud, Dev/Ops
2 年Great piece - every SAP enterprise should take the time to do so