CONTROL SAP USER DOWNLOADS & BACKEND DATA STREAMS

HALOCORE

Business processes, today, rely heavily on SAP applications that handle product lifecycle, finance, customer relationship, human resource and many other processes. These applications store and transact vast amounts of business-critical information. SAP clients have long realized that their business revolves around information. However, most SAP users are unaware of a hidden danger - data leaks due to uncontrolled user downloads and data flows in the background. Thus, with digital transformation, solutions that monitor and block such leaks from SAP applications become a must.

A BLIND SPOT IN SAP PUTS YOUR IP AT RISK

On a regular basis, users export sensitive data from SAP applications to generate reports, spreadsheets, PDFs, and other documents. The information is then downloaded and stored on devices, such as USB thumb drives and local hard disks, or, increasingly, on mobile devices and in cloud storage solutions, such as Dropbox and Microsoft OneDrive. Such data often end up in places beyond your control, such as on the file share of an untrustworthy partner or the inbox of a competitor. Even on trusted employee devices, with the increase in sophistication of malware and Trojans, the risk of data loss has never been higher.

REGULATORY COMPLIANCE IS A MUST

Compliance with regulations, such as GDPR, NIAP, APEC CBPR, BASEL, SOX, FISMA, HIPAA and others, is increasingly becoming mandatory. Is your enterprise fully compliant?

While the IT security industry has been attempting to meet these requirements for many years through solutions, such as Data Loss Prevention (DLP), application firewalls or file storage encryption, there are still cracks in the armor. The problem with these approaches is that they are many steps away from the point where data leaves the secure perimeter of the application and its access control mechanisms.

DATA IS YOUR GREATEST ASSET HOW SECURE

IS IT?

Why do you need to protect data?

Growing value of data across entire spectrum of business and technology

Growing instances of insiders selling vital information via the Dark Web

High networking and M2M communication complexity

BLOCK DATA THAT MUST NOT LEAVE YOUR SAP

APPLICATION

PROTECT DATA THAT MUST

HALOCORE® is a unique technology that protects intellectual property and other sensitive information extracted from SAP systems. By integrating directly with SAP, HALOCORE® protects data with automated classification, blocks unauthorized reports, and helps generate fine-grained access policies. This innovative approach allows enterprises to maintain a high level of control and security over sensitive documents extracted from SAP throughout their lifetime, even if these have been shared via email, downloaded to a recipient’s PC, or printed as PDF.

CEO DEPARTMENT HEADSCTO CIO CISOLEGAL HEAD HR HEAD

WHAT COMPANIES WANT

Safeguard brand reputation

Meet all regulatory requirements as per business mandate

Protect data on investor relations, financial reports, SEC compliance, tenders, pricing information, etc. from falling into wrong hands

Identify insider threat based on patterns

Identify who accessed what

Protect against strategic losses and regulatory penalties

Change data infrastructure to a profit center

Monitor who accesses what, when and through what device

Identify mechanism to monitor machine-to-machine data transfer

Safeguard years of research from being lost

Protect sensitive software architecture and product patents from falling into wrong hands

Safeguard employee-sensitive information such as payroll, insurance and health-related data

BRAND & REGULATION R&D, INTELLECTUAL PROPERTY

HUMAN RESOURCES

DATA AUTHORIZATION & PROTECTION

AUTOMATED CONTROL AND PROTECTION OF SAP DATA EXPORTS AND STREAMS IN BUSINESS PROCESSES

SAP STANDARD

SECUDE HALOCORE®

Detection of unauthorized SAP data exports (Audit and Classification for SAP user downloads)

Detection of unauthorized SAP data streams (Audit and Classification for applications)

Prevention of unauthorized SAP data exports (Automated Classification and Blocking)

Protection for exported data files (Automated Classification and Blocking)

X

X

X

X

CFOPROCUREMENT HEAD

PROTECTION OF FINANCIAL INFORMATION

HALOCORE® SOLUTION

USER EXCHANGE

M2M DATA FLOW

HALOCORE® ANALYTICS API

HALOCORE® SIEM INTEGRATION

HALOCORE HA

LOC

OR

E

HA

LO

CO

RE

HA

L O

C O R E H A L O C O R E H A L O C O R E H

AL

OC

OR

E

HA

LO

CO

RE

HALOCORE

S/4 HANA

RFC

& ID

OC

HALOCORE® MONITOR audits all exports and downloads of critical SAP data regardless from which egress point the data flows. Using pseudonymizing, the HALOCORE® audit log meets by default Works Council requirements.

It is a key extension to the standard SAP Security Audit Log (SAL) and, furthermore, enriches the auditing data shown in SAP Enterprise Threat Detection (ETD)

and SAP Digital Boardroom, especially as it audits all exports using an automated classification engine. Closing these GRC compliance gaps even during ‘Firefighter’ activities, HALOCORE® MONITOR provides real-time experience showing which sensitive data is at risk of leaving your SAP system and sending e-mail notifications in case ofdata leakage.

HALOCORE® PROTECT extends SAP access control shield for your intellectual property and other sensitive information beyond SAP boundaries. HALOCORE® intercepts data being downloaded and applies fully customizable classification labels to the document metadata.

Using Microsoft Information Protection (MIP) each document exported from SAP is efficiently encrypted on the server level

before it arrives on any device. Using the automated HALOCORE® classification engine, granular authorizations and user rights are assigned to sensitive data, allowing easy and secure exchange of documents between employees, partners or suppliers.

Microsoft Information protection (MIP) protected documents are fully secure and don’t need an additional layer of complex and user annoying DLP solutions.

HALOCORE® Data Stream Intelligence (DSI) provides monitoring and classification of different types of data streams (RFC, IDOC, Webservice) between SAP systems and the connected satellite systems.

It extends HALOCORE® MONITOR’s capabilities to scan ‘machine-to-machine’ communications and SAP background data flows. Enterprises gain insights into ‘invisible’ SAP application activities and, thus, significantly reduce their IT security risk.

HALOCORE® BLOCK effectively prevents your business-critical data and documents from leaving the protected SAP application and, thus, protects against accidental or intentional data leaks.

Directly integrated into SAP, it works based on the HALOCORE® audit log at the source of all recorded data flows. Users without a corresponding SAP-authorized profile cannot download any file. Furthermore, a granular, bespoke policy can be implemented using automated data classification, which tailors the control over SAP exports to the specific needs of your organization.

CONTROL SAP USER DOWNLOADS

CONTROL SAP BACKENDDATA STREAMS

BLOCK DATA THAT MUST NOT LEAVE SAP

PROTECT DATA THAT IS NEEDED OUTSIDE SAP

It appears that SAP cybersecurity is falling through the cracks between the SAP security teams and InfoSec teams, who need to step up to bridge the gap and make it a priority.

DR. LARRY PONEMON, FOUNDER-CHAIRMAN, PONEMON INSTITUTE

Complete transparency over SAP exports and fire

fighter activities

MONITOR

Gain insights into invisible SAP application

data streams

DSI

Loss prevention is futile unless it is tied into a detection and

response capabilityGARTNER

BLOCK

The only Microsoft Information Protection (MIP) partner that provides deep classification

and complete integration with SAP enterprise software for all

Azure RMS subscriptions

PROTECT

FOR PROTECT ONLY

WHERE DOES HALOCORE FIT IN YOUR SAP LANDSCAPE?

SAP Function Modules

HALOCORE®SERVICE

FOR HALOCORE®PROTECT ONLY

CLASSIFICATION AND PROTECT

HALOCORE® ADD-ONIN CERTIFIED NAMESPACE FOR MONITOR AND BLOCK

Intercepting of download export funtion call and blocking in case of missing user privilege

Transfer of data and specific attributes

File with classification

labels (metadata)

optional encrypted

Resumption of download /export function call

Transfer

Encryption-Key

Request

Integration in SAP and linkage to Microsoft Information Protection (MIP / RMS) for document encryption

HALOCORE® with Microsoft MIP/RMSThis scenario fits well with companies that look for end-to-end protection of sensitive SAP data exports and have additional Windows or Active Directory resources available.

LDAP

FILE API

CLASSIFIED &PROTECTED

SOAP

DEPLOYMENT OPTIONS

Azure

®

®

HALOCORE® stand-alone This scenario works well for companies looking for SAP-specific auditing, DLP, and classification functionality.

SOAP

CLASSIFIED

®

®

SECUDE is an established global security solutions provider offering innovative IT data protection for SAP users.

Founded as a joint venture between SAP and Fraunhofer Institute in 1996, SECUDE maintained a close SAP technology partnership and became a reliable resource for security solutions for the SAP market with ‘Single Sign-On’

for SAP, which was acquired by SAP in 2011. With focus on making business process for data protection efficient and automated with little or no user interference, SECUDE’s goal is to provide ease of use while minimizing cost of rollout and operations.

Leveraging its 20-plus years of experience in SAP security and business process know-how in

protecting enterprise IP and data, SECUDE launched HALOCORE® as a holistic approach to protect SAP data exports.

SECUDE’s solutions are trusted by many Fortune 500 and DAX listed companies. With branches in Europe, North America and Asia, SECUDE supports customers with the implementation of IT security strategies through a global network.

SWITZERLAND (Headquarters) SECUDE International AG

Werftestrasse 4 A 6005 Lucerne

EMail: info@secude.com Phone: +41 61 366 30 00

INDIASECUDE Solutions India Pvt Ltd

No. T2 / 6, Dr. VSI Estate, Thiruvanmiyur Chennai – 600 041E-Mail: info@secude.com Phone: +91 44 4297 5600

USASECUDE IT Security, LLC

380 Sundown Drive Dawsonville, GA 30534

E-Mail: info@secude.com Phone: +1 (706) 215-3854

1Provides end-to-end protection of sensitive SAP data exports throughout their lifecycle

3Minimizes the risk of breaches, data theft and accidental loss

2Controls who has access to sensitive documents downloaded from SAP and what action they can perform with them

4Boosts secure collaboration within the organization and with partners and suppliers

5Enables compliance, while addressing the challenges of an increasingly complex regulatory landscape E.g. GDPR (EU) 2016/679

We are in a very serious domain – National Security. Naturally, we

take extreme precaution to protect our data inside and outside our

premises. With SECUDE’s HALOCORE, we are now doubly reassured

that price-sensitive information relating to our POs is secure and

remains so despite multifarious threats

“ “

DIRECTOR (TECHNOLOGY & SYSTEMS), RCI, DEFENCE RESEARCH & DEVELOPMENT ORGANISATION, INDIA

THE HALOCORE

ADVANTAGE

FULL CONTROL OF YOUR SAP DOWNLOADS &

DATA STREAMS

EUROPE | NORTH AMERICA | ASIA

WWW.SECUDE.COM