data-centric solution with zero trust for sap and cad | secude - … · 2020. 10. 1. · standard...
Post on 16-Mar-2021
1 Views
Preview:
TRANSCRIPT
CONTROL SAP USER DOWNLOADS & BACKEND DATA STREAMS
HALOCORE
Business processes, today, rely heavily on SAP applications that handle product lifecycle, finance, customer relationship, human resource and many other processes. These applications store and transact vast amounts of business-critical information. SAP clients have long realized that their business revolves around information. However, most SAP users are unaware of a hidden danger - data leaks due to uncontrolled user downloads and data flows in the background. Thus, with digital transformation, solutions that monitor and block such leaks from SAP applications become a must.
A BLIND SPOT IN SAP PUTS YOUR IP AT RISK
On a regular basis, users export sensitive data from SAP applications to generate reports, spreadsheets, PDFs, and other documents. The information is then downloaded and stored on devices, such as USB thumb drives and local hard disks, or, increasingly, on mobile devices and in cloud storage solutions, such as Dropbox and Microsoft OneDrive. Such data often end up in places beyond your control, such as on the file share of an untrustworthy partner or the inbox of a competitor. Even on trusted employee devices, with the increase in sophistication of malware and Trojans, the risk of data loss has never been higher.
REGULATORY COMPLIANCE IS A MUST
Compliance with regulations, such as GDPR, NIAP, APEC CBPR, BASEL, SOX, FISMA, HIPAA and others, is increasingly becoming mandatory. Is your enterprise fully compliant?
While the IT security industry has been attempting to meet these requirements for many years through solutions, such as Data Loss Prevention (DLP), application firewalls or file storage encryption, there are still cracks in the armor. The problem with these approaches is that they are many steps away from the point where data leaves the secure perimeter of the application and its access control mechanisms.
DATA IS YOUR GREATEST ASSET HOW SECURE
IS IT?
Why do you need to protect data?
Growing value of data across entire spectrum of business and technology
Growing instances of insiders selling vital information via the Dark Web
High networking and M2M communication complexity
BLOCK DATA THAT MUST NOT LEAVE YOUR SAP
APPLICATION
PROTECT DATA THAT MUST
HALOCORE® is a unique technology that protects intellectual property and other sensitive information extracted from SAP systems. By integrating directly with SAP, HALOCORE® protects data with automated classification, blocks unauthorized reports, and helps generate fine-grained access policies. This innovative approach allows enterprises to maintain a high level of control and security over sensitive documents extracted from SAP throughout their lifetime, even if these have been shared via email, downloaded to a recipient’s PC, or printed as PDF.
CEO DEPARTMENT HEADSCTO CIO CISOLEGAL HEAD HR HEAD
WHAT COMPANIES WANT
Safeguard brand reputation
Meet all regulatory requirements as per business mandate
Protect data on investor relations, financial reports, SEC compliance, tenders, pricing information, etc. from falling into wrong hands
Identify insider threat based on patterns
Identify who accessed what
Protect against strategic losses and regulatory penalties
Change data infrastructure to a profit center
Monitor who accesses what, when and through what device
Identify mechanism to monitor machine-to-machine data transfer
Safeguard years of research from being lost
Protect sensitive software architecture and product patents from falling into wrong hands
Safeguard employee-sensitive information such as payroll, insurance and health-related data
BRAND & REGULATION R&D, INTELLECTUAL PROPERTY
HUMAN RESOURCES
DATA AUTHORIZATION & PROTECTION
AUTOMATED CONTROL AND PROTECTION OF SAP DATA EXPORTS AND STREAMS IN BUSINESS PROCESSES
SAP STANDARD
SECUDE HALOCORE®
Detection of unauthorized SAP data exports (Audit and Classification for SAP user downloads)
Detection of unauthorized SAP data streams (Audit and Classification for applications)
Prevention of unauthorized SAP data exports (Automated Classification and Blocking)
Protection for exported data files (Automated Classification and Blocking)
X
X
X
X
CFOPROCUREMENT HEAD
PROTECTION OF FINANCIAL INFORMATION
HALOCORE® SOLUTION
USER EXCHANGE
M2M DATA FLOW
HALOCORE® ANALYTICS API
HALOCORE® SIEM INTEGRATION
HALOCORE HA
LOC
OR
E
HA
LO
CO
RE
HA
L O
C O R E H A L O C O R E H A L O C O R E H
AL
OC
OR
E
HA
LO
CO
RE
HALOCORE
S/4 HANA
RFC
& ID
OC
HALOCORE® MONITOR audits all exports and downloads of critical SAP data regardless from which egress point the data flows. Using pseudonymizing, the HALOCORE® audit log meets by default Works Council requirements.
It is a key extension to the standard SAP Security Audit Log (SAL) and, furthermore, enriches the auditing data shown in SAP Enterprise Threat Detection (ETD)
and SAP Digital Boardroom, especially as it audits all exports using an automated classification engine. Closing these GRC compliance gaps even during ‘Firefighter’ activities, HALOCORE® MONITOR provides real-time experience showing which sensitive data is at risk of leaving your SAP system and sending e-mail notifications in case ofdata leakage.
HALOCORE® PROTECT extends SAP access control shield for your intellectual property and other sensitive information beyond SAP boundaries. HALOCORE® intercepts data being downloaded and applies fully customizable classification labels to the document metadata.
Using Microsoft Information Protection (MIP) each document exported from SAP is efficiently encrypted on the server level
before it arrives on any device. Using the automated HALOCORE® classification engine, granular authorizations and user rights are assigned to sensitive data, allowing easy and secure exchange of documents between employees, partners or suppliers.
Microsoft Information protection (MIP) protected documents are fully secure and don’t need an additional layer of complex and user annoying DLP solutions.
HALOCORE® Data Stream Intelligence (DSI) provides monitoring and classification of different types of data streams (RFC, IDOC, Webservice) between SAP systems and the connected satellite systems.
It extends HALOCORE® MONITOR’s capabilities to scan ‘machine-to-machine’ communications and SAP background data flows. Enterprises gain insights into ‘invisible’ SAP application activities and, thus, significantly reduce their IT security risk.
HALOCORE® BLOCK effectively prevents your business-critical data and documents from leaving the protected SAP application and, thus, protects against accidental or intentional data leaks.
Directly integrated into SAP, it works based on the HALOCORE® audit log at the source of all recorded data flows. Users without a corresponding SAP-authorized profile cannot download any file. Furthermore, a granular, bespoke policy can be implemented using automated data classification, which tailors the control over SAP exports to the specific needs of your organization.
CONTROL SAP USER DOWNLOADS
CONTROL SAP BACKENDDATA STREAMS
BLOCK DATA THAT MUST NOT LEAVE SAP
PROTECT DATA THAT IS NEEDED OUTSIDE SAP
It appears that SAP cybersecurity is falling through the cracks between the SAP security teams and InfoSec teams, who need to step up to bridge the gap and make it a priority.
DR. LARRY PONEMON, FOUNDER-CHAIRMAN, PONEMON INSTITUTE
Complete transparency over SAP exports and fire
fighter activities
MONITOR
Gain insights into invisible SAP application
data streams
DSI
Loss prevention is futile unless it is tied into a detection and
response capabilityGARTNER
BLOCK
The only Microsoft Information Protection (MIP) partner that provides deep classification
and complete integration with SAP enterprise software for all
Azure RMS subscriptions
PROTECT
FOR PROTECT ONLY
WHERE DOES HALOCORE FIT IN YOUR SAP LANDSCAPE?
SAP Function Modules
HALOCORE®SERVICE
FOR HALOCORE®PROTECT ONLY
CLASSIFICATION AND PROTECT
HALOCORE® ADD-ONIN CERTIFIED NAMESPACE FOR MONITOR AND BLOCK
Intercepting of download export funtion call and blocking in case of missing user privilege
Transfer of data and specific attributes
File with classification
labels (metadata)
optional encrypted
Resumption of download /export function call
Transfer
Encryption-Key
Request
Integration in SAP and linkage to Microsoft Information Protection (MIP / RMS) for document encryption
HALOCORE® with Microsoft MIP/RMSThis scenario fits well with companies that look for end-to-end protection of sensitive SAP data exports and have additional Windows or Active Directory resources available.
LDAP
FILE API
CLASSIFIED &PROTECTED
SOAP
DEPLOYMENT OPTIONS
Azure
®
®
HALOCORE® stand-alone This scenario works well for companies looking for SAP-specific auditing, DLP, and classification functionality.
SOAP
CLASSIFIED
®
®
SECUDE is an established global security solutions provider offering innovative IT data protection for SAP users.
Founded as a joint venture between SAP and Fraunhofer Institute in 1996, SECUDE maintained a close SAP technology partnership and became a reliable resource for security solutions for the SAP market with ‘Single Sign-On’
for SAP, which was acquired by SAP in 2011. With focus on making business process for data protection efficient and automated with little or no user interference, SECUDE’s goal is to provide ease of use while minimizing cost of rollout and operations.
Leveraging its 20-plus years of experience in SAP security and business process know-how in
protecting enterprise IP and data, SECUDE launched HALOCORE® as a holistic approach to protect SAP data exports.
SECUDE’s solutions are trusted by many Fortune 500 and DAX listed companies. With branches in Europe, North America and Asia, SECUDE supports customers with the implementation of IT security strategies through a global network.
SWITZERLAND (Headquarters) SECUDE International AG
Werftestrasse 4 A 6005 Lucerne
EMail: info@secude.com Phone: +41 61 366 30 00
INDIASECUDE Solutions India Pvt Ltd
No. T2 / 6, Dr. VSI Estate, Thiruvanmiyur Chennai – 600 041E-Mail: info@secude.com Phone: +91 44 4297 5600
USASECUDE IT Security, LLC
380 Sundown Drive Dawsonville, GA 30534
E-Mail: info@secude.com Phone: +1 (706) 215-3854
1Provides end-to-end protection of sensitive SAP data exports throughout their lifecycle
3Minimizes the risk of breaches, data theft and accidental loss
2Controls who has access to sensitive documents downloaded from SAP and what action they can perform with them
4Boosts secure collaboration within the organization and with partners and suppliers
5Enables compliance, while addressing the challenges of an increasingly complex regulatory landscape E.g. GDPR (EU) 2016/679
We are in a very serious domain – National Security. Naturally, we
take extreme precaution to protect our data inside and outside our
premises. With SECUDE’s HALOCORE, we are now doubly reassured
that price-sensitive information relating to our POs is secure and
remains so despite multifarious threats
“ “
DIRECTOR (TECHNOLOGY & SYSTEMS), RCI, DEFENCE RESEARCH & DEVELOPMENT ORGANISATION, INDIA
THE HALOCORE
ADVANTAGE
FULL CONTROL OF YOUR SAP DOWNLOADS &
DATA STREAMS
EUROPE | NORTH AMERICA | ASIA
WWW.SECUDE.COM
top related