How can managed services improve your SAP security and compliance? [Webinar]

How can managed
services improve
your SAP Security
and compliance?
Let’s take a look on some
specific customer cases.

The everyday life
of an SAP system:
Attacks on all levels.

Facts and figures on security incidents.
Source:CostsofDataBreach2019
Roundabout
314 days
are needed for companies
to detect and contain an attack.
7month
and containment another
70days
Identification
usually takes
67% of the costs
are incurred in year 1
For a security incident
and in year 2 and 3 another
33%
3.5 Mio €
is the average cost of a data breach.
25,575 datasets.
lost
With an expected average of
- 7 -

SAP Security & Compliance – comprehensive and continuous.
 SAP technology is becoming increasingly complex - also due to S/4HANA.
 The topic of SAP security is constantly evolving, as well as the knowledge of the attackers.
 Protection against cyber attacks is time- and resource-intensive.
 Protection against (supposedly) unlikely cyber attacks is therefore put behind.
 In-house, there are rarely vacant resources or only limited experience in this special field.
 Highly specialized knowledge is hardly available, and building up such know-how takes a long time.
 Monitoring and SIEM tools are often useless without the necessary context knowledge.
Continuous and comprehensive SAP protection can be expensive and complex.!
 SAST Managed Services provide a fast and reliable supplement for missing resources.
The challenge
- 8 -

Placebo for your IT security: alarm tiredness !
- 9 -
“Permanent security alerts often lead the IT department to switch
to an ignorance mode, due to high rate on false alarms.
Thus, only about 5 percent of the alerts can really be thoroughly
investigated.“
Computerwoche

Our approach: From the pure event to the whole story.
- 10 -
Collect Log Data
Critical/relevant
events
Intelligent log filters
Complex events
Critical Stories
Identify log sources
Consolidate data across systems
Filter irrelevant events
+3500 filters in SAST Security Radar
Individually adjustable and expandable filters
Predefined prioritization of criticality
Event combinations, from critical and
noncritical events
Consideration of business processes
Individual risk assessment
 Focus on individual, targeted scenarios!
Log
Entries
Potential
Threats

Our Security Monitoring as a Service:
- 11 -
REAL-TIME MONITORING SOC TEAM

Hardening your SAP systems and ongoing health check.
Continuous monitoring of critical system configurations.
Constant threat analyses.
Preventing critical transactions and reports, system changes, etc.
Logging unwanted downloads from the systems.
Our Managed Services for you:
PLATFORMSECURITY


IDENTITY&USER
ACCESSMANAGEMENT
Ongoing support in authorization management.
User application and change workflows.
Preventing conflicts from segregation of duties (SoD).
Supporting role design and partial automation of management with the help of
template roles for all branches, completely SoD-free.







- 12 -

Case 1:
Security Monitoring
and Operation Center.

Initial situation
 An external analysis uncovered vulnerabilities in the SAP system configuration and also
in the authorization management.
 The primary issue was, that the truly critical security incidents were not transparent.
 Due to the complexity of the SAP system landscape, the project could not be managed with its own
resources. There was also a lack of internal security expertise.
Example: Redesigning the risk management at Linde Group.
Project goals
1. Visible and quick success.
2. Professional and efficient setup of a complete coverage already during the project phase.
3. The daily business should be able to continue in parallel.
- 14 -

Project implementation
 Built all around protection for the 15 largest SAP landscapes worldwide with over 20,000 SAP users.
 System hardening covering interface reassessments and gateway hardening.
 Optimization of all critical SAP basis authorizations roles.
 Establish continuous monitoring of critical configurations, threats and vulnerabilities.
Example: Redesigning the risk management at Linde Group.
- 15 -
Advantages for Linde
Interim strengthening of internal team resources.
Built up long-term expertise in the specialized SAP security area.
Notified in case of highly critical event in real time and their reduction up to 80%.




- Klaus Brenk -
“With regard to the analysis and evaluation, our team
will benefit in the long term of the cooperation.
And thanks to the optimal process automation,
the number of necessary inspections has been
significantly reduced.”

Case 2:
Managed Service
Authority & Security

Initial situation
 Major German bank.
 Monitoring up to 62 systems.
 No cyclic monitoring of the system configuration and critical authorizations.
 No regular reporting to monitor compliance within processes and configurations.
Example: Managed Service Authority and Security
- 18 -
Project requirements
1. Permanent real-time monitoring of critical SAP systems.
2. Evaluation and assessment of security events.
3. Consistent and demand-oriented adaptation of filter settings and rules.
4. Feedback of the evaluations to SAP operations and security organization.
5. Optimization and hardening recommendations for the SAP operation.
6. Recommended actions for changes to the SAP system or the applications
(e.g. different parameter settings, users with critical authorizations and source code changes).
7. Update of the inspection policy based on recommendations e.g. from SAP, BSI or DSAG.

Example: Managed Service Authority and Security
Advantages for the customer:
Delivery of the security and status reports agreed according to the scope of services.
Professional preparation of recommendations for security team.
Information about necessary adjustments and their implementation in the tool based on
technical and legal requirements.
High transparency about users and administrators.
Detection of mass data downloads.
Abuse of administrative privileges.
Hidden SAP_ALL assignment / self assignment of authorizations.
- 19 -








Case 3:
User and Authorization
Administration
(also available as a temporary service)

Initial situation
 The aim of this project was to standardize authorization assignment and management
in all existing SAP systems in order to continuously increase SAP security and compliance.
 The necessary resources were not available on the customer side.
 The SAST SUITE was purchased in order to optimize analysis and administration processes.
SAP User and Authorization Administration
- 21 -
Project requirements
1. Introduction of an authorization concept for quality-assured role administration.
2. Support of the user and authorization administration.
3. Assistance with troubleshooting in case of insufficient access rights.
4. Checking the roles to be created for conflicts with the company's own set of rules.
5. Permanent authorization monitoring and reporting.

Story 1: Privilege escalation by use of reference users.
- 22 -
What happened?
 The customer has prohibited the use of User DDIC, SAP* etc. and administrative access rights have been
severely restricted.
 User administrator <USERADMIN> has the right to assign roles, profiles and reference users. The assignment
of roles and profiles was subject to a weekly review.
 To make changes to the system configuration, the <USERADMIN> assigned user DDIC as a reference user
and gave him SAP_ALL rights. This means that the user was not detected by the implemented change controls.
After changing the system configuration, the reference user DDIC was removed.
SAST Security Radar had detected the following critical events:

Story 1: Privilege escalation by use of reference users.
- 23 -
Analysis
After consultation with the user administrator, it was obvious that this "trick" was often used to
change system settings in order to circumvent the change management process.
!
Lessons learned
 As a countermeasure, the system settings were changed in order to prevent the assignment
of privileged reference users in future.
 The settings are monitored daily using SAST System Security Validation.


Story 2: Critical change of system configuration.
- 24 -
What happened?
Consultants had extensive rights and changed system profile values without permission.
How was the incident discovered?
SAST Security Radar reports event SYSTEM_PROFILE_CHANGED of users that were not defined
in the system administrator's whitelist.
Analysis
The consultant wanted to test web pages and therefore adjusted the ICM ports and SSL
configuration according to SAP notes.
!
Lessons learned
Withdrawal of rights from the advisory role. Strict instruction that system changes
are only executed by SAP basis team.


Story 3: Critical change of customizing table.
- 25 -
What happened?
Internal users have changed customizing tables in the FI area in the production system.
How was the incident discovered?
SAST Security Radar reported events SYSLOG_A1_9 field content changed and CRITICAL_TABLE_CHANGED
in the production system.
Analysis
Because the change of FI settings through authorization and customer settings was forbidden, the
tables have been changed directly. To do this the role of a "trouble shooting user" got used in order
to skip authorization checks in the debugger. This method has been used in the past by several user.
!
Lessons learned
Removal of debug/replace rights from all roles and personal instructions by the Security Manager.
There have never been similar incidents again, as all users know that they are now under surveillance.


Security is
simply a good
feeling!

Amount
FTE
SAP dialog user: 2,500
SAP systems: 3
Amount
FTE
SAP dialog user: 10,000
SAP systems: 10
Staff: Procurement and training 20.000 € 20.000 €
Staff: 1st Level Monitoring 0,3 30.000 € 1,0 100.000 €
Staff: 2st Level Monitoring 0,3 30.000 € 1,0 100.000 €
Staff: Team Management / Service Contact 0,1 10.000 € 0,3 30.000 €
Staff: Software / Rule Maintenance 0,1 10.000 € 0,1 10.000 €
Software: SIEM SAP 7.500 € 7.500 €
Software: Maintenance 7.500 € 7.500 €
Annual costs „Do it yourself“ 115.000 € 275.000 €
Annual costs „SAST Managed Services“ (all-in) 45.000 € 80.000 €
SAP Security & Compliance: make or buy?
An exemplary cost comparison*
- 27 -
* FTE costs p.a.: ~ 100.000 €
Software costs SIEM SAP p.a., depreciation on 5 years : ~ 37.500 €
Maintenance costs p.a.: ~ 7.500 € (Maintenance 20%)
Basic version (real-time monitoring without further SAST modules)
Cost reduction of up to 70% !

SAP Security & Compliance: make or buy?
Take Home Messages
HIGHEST POSSIBLE SECURITY. We use experienced security consultants and SAP-
certified tools for many years.
STRENTHENING YOUR RESOURCES. Our experts will relieve you in the shortest
possible time and deliver the first results within a few days.
REAL-TIME MONITORING. We notify you immediately upon identification of
vulnerabilities or attacks.
ALWAYS UP-TO-DATE. Our security settings and attack databases are constantly
being updated.
COST REDUCTION. Reduction of your operating and personnel costs. No separate
license agreements for the use of our security tools.
NO CRYPTIC INCIDENT NOTIFICATIONS. We provide contextual information
and clear recommendations.
+
+
+
+
+
+
- 28 -

Your SAP is
on pole position
for us.
SAST Managed Services:
plug & play security
for your SAP systems.

You want to achieve better SAP security and compliance – even with a small IT budget.
You want to comply with the GDPR and constantly monitor your personnel data.
You want to increase the security of your SAP systems, while allowing your team
to remain focused on its core tasks.
You not only want to register highly critical events and transactions, but also react promptly.
You already have a tool in use, but neither time nor personnel are available for the evaluation.
You want to test the advantages of a managed service solution.
The SAST Managed Service “Starter Package“
is the right choice for you if…
- 30 -







 Checking the essential system parameters and settings of your SAP systems.
 Check your roles for critical authorizations.
 Daily check for critical events and monthly report of the security status of your systems.
 Categorization of all events and rapid notification of unusual incidents.
 Pre-defined and proven SAST rule set with regular updates.
 Installation of the SAST SUITE and setup for your SAP systems within shortest time.
Advantages of the SAST Managed Service “Starter Package“:
 Daily monitoring instead of annual audit!
- 31 -

DO YOU HAVE ANY QUESTIONS?
WE ANSWER. FOR SURE.
© Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright.
All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior
written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions.
The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information.
TIM KRÄNZKE
Director International Sales & Alliances
Fon: +49 40 88173-2735
Email: tim.kraenzke@akquinet.com
Web: sast-solutions.com

How can managed services improve your SAP security and compliance? [Webinar]

More Related Content

What's hot (20)

Similar to How can managed services improve your SAP security and compliance? [Webinar] (20)

Recently uploaded (20)

How can managed services improve your SAP security and compliance? [Webinar]

Editor's Notes