Automate and simplify
Vulnerability Management
for SAP© Applications and Custom Code


SecurityBridge Security and Compliance
 

 

The SAP Netweaver Platform© is an essential component for SAP implementations, used to process business critical data and operations. Yearly, or quarterly audits are performed to ensure that security and compliance is maintained. The purpose of an audit is to ensure that Statutory Regulations such as SOX, FDA, GDPR are being adhered to and that the company’s status with respect to compliance is of the highest standard. Any lapses in enforcing these regulations can lead to vulnerabilities that can be exploited by cyber criminals. Companies who are successfully breached risk significant penalties, even if their most recent audit does not show any major vulnerabilities. IT systems such as SAP are subject to frequent changes to their configurations. The creation or alteration of RFC connections, or a minor adjustment to the profile parameter can lead to incompliancy. The SecurityBridge Platform, automatically addresses this challenge. The Platform provides a Security & Compliance Monitor to automatically detect vulnerabilities and enforce the settings and configurations that are needed to meet compliance requirements. Protect your company’s most valuable data assets, by empowering the most advanced Vulnerability Management solution for SAP©.

Features

  • Central Security & Compliance monitoring
  • Segregation in Areas of Responsibilty
  • 360° View with realtime Events - The Who, What, When: changes
  • Preconfigured according to DSAG ( German SAP User Group) Security Recommendations
  • Fully customizable framework
  • Automated mitigation of vulnerabilites

 

Landscape Overview

The Security & Compliance monitor immediately identifies which systems need attention, and for what reason.

X

Landscape control

Any landscape that is connected will be displayed in this control areas.

 

Request Demo
X

System with Warning

Indicated by the yellow color of the system at a glance one can tell that this system has an increased risk.

Display the detailed results with a simple click on the system of concern.

 

Request Demo
X

System with Error

A red colored system indicates that one or many compliance tests failed. The system configuration and/or hardening standard is not insufficient.

Also here, all details are just one click away.

 

Request Demo
X

Everything Okay!

Green is proberbly the best color for the auditor and the system owner. All security requirements demanded by internal or external policies are kept by the system.

Display the results with a simple click on the system of concern.

 

Request Demo
X

Landscape sections

Each landscape has its own section showing the connected instances and their compliance status. Detailed test results are just one click away.

X

Navigation menu

All our Apps follow the same design principle. We pay special attention to developing simple and effective to use UIs. The menu can be collapsed to save window width and enable the application to display more relevant information on the screen.

 

Request Demo

 

"It has never been easier to gain a complete overview of all relevant security settings for an entire SAP landscape. Our solution works instantly, out of-the-box. All basic configurations will be shipped with the installation and can be tweaked according to the customer’s policies."
said Christoph Nagy, CEO at ABEX

 

Security & Compliance Tests

On a system level the SAP security posture can be easily and effortlessly monitored. The App shows you which areas you need to focus your attention on. It makes use of the aesthetically superb looking SAP Fiori Tiles, providing you with an immediate understanding as to the status of your SAP security posture.

 

S&C Test - Critical Authorization

S&C Test on
Critical authorization assignments

Based on company policies this test checks whether a critical authorization has been assigned.

  • A list of test results provides an easy to understand overview.
  • Details are available for each test result.
  • Automated remediation or guidance to address the issues.
Show me how

 

 

S&C Test - Security Audit Log Settings

 

S&C Test on
Security Audit Log Settings

Probably one of the most important log sources offered by SAP standard is the Security Audit Log (SAL). Unfortunately, the logging needs to be enabled by the users and attackers know how to deactivate the Audit Log. It is a significant and continuous effort for SAP customers to monitor the SAP Security Audit Log related profile parameters and the configuration and disk space usage. The SecurityBridge Monitor automates this process, removing a major task and headache for any security team.

Show me how

 

 

S&C Test - RFC Security

 

S&C Test on
RFC Security

SAP systems are interoperable and typically connected to other SAP and non-SAP systems to perform their business operations. Remote Function Calls (RFC) are used to execute function modules within the system. Cybercriminals have often used remote access attacks to extract or manipulate data, and as such a vulnerable configuration of RFC connections may pose a serious threat to your SAP environment.

We can automate this process and remove the vulnerabilities so you don’t have to:

Find out how

 

 

S&C Test - Message Server Security

 

S&C Test on
Message Server Security

As the central communication component in an SAP system network, the message server should be protected against inappropriate external access. System administrators should apply specific settings to increase security when the SAP message server is in operation.

Once the SAP MS has been hardened then the settings are continuously enforced.

Show me how

 

 

S&C Test - Custom Code Quality

 

S&C Test on
Custom Code Quality

The technical foundation of SAP NetWeaver can be used as an application server and platform for custom application developments. Develop, provision, and manage your mission-critical applications across a heterogeneous software environment. This code, however, needs to be checked for vulnerabilities that can be manipulated, and for which there is no commercial patching available. SecurityBridge will automatically scan your code for vulnerabilities and non-compliance, so that lapses can be hardened accordingly.

Start monitoring custom code security today and request a demo or a free test installation.

Find out how

 

 

S&C Test - Transport Control Security

 

S&C Test on
Transport Control Security

With the introduction of GDPR, the need for end-to-end encryption became mandatory criteria for any system auditors’ checklist. From RFC communication to SAP GUI Login, all data in transfer must be protected to prevent man-in-the-middle attacks or spoofing. SAP Administrators need to configure the instances accordingly, and SecurityBridge will identify and enable the appropriate settings to be enforced, ensuring compliance for a GDPR audit.

Show me how

 

I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript! I'm controlled by toggle. No JavaScript!

 

360 Degree View

The Security and Compliance check performed by SecurityBridge is complemented by security events that relate to the event itself, which may have impacted the check-status results. The SecurityBridge Threat Detection introduced sensors to SAP that listen for every security relevant action to provide actionable threat events. For example, if the system settings have been changed, it is essential to understand who in the organization has performed that change, and when. Most importantly it is vital to understand what the consequences of that change are on the SAP security posture. SecurityBridge provides a powerful yet simple, 360 view of change and consequence so that the security impact is obvious.

360 Degree View

 

Kontakt

Kontaktanfrage

Durch das Abschicken des Formulars bestätigen Sie, dass Sie unsere Datenschutzerklärung gelesen haben und diese akzeptieren.
 

Address

ABAP-Experts.com
NCMI GmbH
 Münchenerstr. 49, 85051 Ingolstadt, Deutschland
 Phone: +49 911 4902 1918