SAP Security Newsletter - Nov 24

Blog Highlight

Integration of Application Security into an Information Security Program

?This article is a collaboration between?Nipun Mahajan,?Senior Cybersecurity Analyst at?Lonza,?and?Bill Oliver,?SecurityBridge’s US Managing Director.

Overview of Application Security

Application security protects applications from vulnerabilities and threats throughout their lifecycle using secure coding practices, vulnerability assessments, and penetration testing to mitigate software-specific risks.

How Does Application Security Fit in Information Security Domains?

• Security Architecture and Engineering: Ensures that applications are designed and developed with secure coding practices
• Software Development Security: Embeds security at every phase of the software development lifecycle (SDLC)
• Security Assessment and Testing: Regularly conducts assessments and tests to identify, assess, and remediate application vulnerabilities
• Identity and Access Management (IAM): Enforces access controls and authentication mechanisms within applications

Challenges that hinder effective integration:?

• CISO Unawareness: Lack of awareness about the importance of application security within the broader framework.?
• Non-collaboration: Lack of teamwork between application security teams and other information security domains
• Resource Shortages: Resources and expertise gap between application security and broader information security requirements.?

Key Actions to Take

• Raise Awareness: Educate CISOs and senior management about the significance of application security in mitigating organizational risks
• Promote Collaboration: Foster collaboration and communication between application security teams and other domains
• Skill Development: Invest in comprehensive training and development programs

?? Read the full blog

Press Coverage

The Five Key Processes For Staying Secure With SAP

1. Threat response process for SAP?

• Use the monitoring templates available in your Threat Detection solution during the kick-start phase
• Fine-tune the monitoring rules and listeners for a more tailored solution for detecting SAP threats
• Implement an automated framework integrated with your security monitoring and incident management (as part of ITSM) to respond to threats with predefined actions

2.? SIEM for SAP

• Avoid sending raw SAP audit logs directly to your existing enterprise SIEM or SOC team
• Establish a SIEM for SAP that acts on top of the SAP Threat Detection system and forwards only relevant events enriched with decision-enabling and meaningful messages to the SOC team

3. Security Forensics for SAP

• Adopt forensic analysis capabilities that provide the entire data set with all the event details for identifying anomalies and threat chains
• Ensure that your forensic tool for SAP can balance event filtering and detailed logging (HyperLogging) without impacting the performance and response time of the SAP system

4. Security Gateway within SAP Application Lifecycle Management (ALM)

• A security gateway should at least be implemented at the SAP transport level, so that only secure code is imported into your test system and later into production
• Security code checks should already be part of the ABAP development process to support SAP developers in creating secure code and streamlining the entire application change process

5. Privileged Access Management (PAM) for SAP

• Following the least privilege principle, SAP administrators should use elevated user rights only on demand through a simple authorization request and automated approval process
• Ensure detailed logging for each PAM session so that critical activities performed within this controlled process can be easily distinguished from other activities

?? Read the full article

What's New at SecurityBridge

KPMG in India Announces Alliance with SecurityBridge GmbH to Strengthen SAP Security

?? Read more

SecurityBridge Launches Automated Virtual Patching to Safeguard SAP Systems

?? Read more

Upcoming Events & Webinars

UKISUG Connect 2024

Date: 1-3 December 2024?

Location: The ICC, 8 Centenary Square, Birmingham

Join us at UKISUG Connect for an unmissable SAP Cybersecurity Workshop designed to help you breach, learn, and defend your SAP systems. This workshop is crucial for anyone looking to strengthen their SAP security posture.

?? Register here

Past Event

SecurityBridge 2024 All-Employee Meetup: A Week of Collaboration, Bonding, and Inspiration in Crete

This September, SecurityBridge hosted an unforgettable All-Employee Meetup in the picturesque town of Rethymno, Crete. Following last year's gathering in Ingolstadt and a series of virtual meetings and global conferences, our team joyfully reunited in person for a week of vibrant connections and dynamic idea exchanges. Dive into the highlights of our invaluable gathering!

?? Read full highlights

?? Be part of our journey!

Inside?SecurityBridge

The Value of SecurityBridge Partnerships in Enhancing SAP Security

Discover key insights, highlights, and unique aspects of our collaborations, directly from some of our esteemed partners.

?? Watch the video

?? Partner with us

Expand your Knowledge

Discover insights and expert articles on our website. Learn how our cutting-edge SAP security solutions can address your challenges.

?? Discover More