sap security chat tips to improve sap erp security
TRANSCRIPT
![Page 1: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/1.jpg)
© Panaya | An Infosys Company1
SAP Security ChatInfosys and Panaya
![Page 2: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/2.jpg)
© Panaya | An Infosys Company2
Today’s Speakers
Gordon MuehlVice
Presidentat Infosys
Rasmi Swain, PrincipalRisk Management &
GRC; Information Security at Infosys
Guy VagoSAP Project
Manager at Panaya
Rafi KretchmerVice President
at Panaya
![Page 3: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/3.jpg)
© Panaya | An Infosys Company3
The State of SAP SecurityBusiness practices for SAP securityBest practice to simplify security auditsThe Panaya solution
Demo
![Page 4: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/4.jpg)
© Panaya | An Infosys Company
PANAYAPOLL1/ 4
PANAYA
![Page 5: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/5.jpg)
© Panaya | An Infosys Company
The Importance of Safety95% of SAP Systems are exposed to vulnerabilities
60% feared an attack on their SAP applications would be catastrophic
$4.5 Millionis the average estimated cost of SAP systems taken offline**
24% of worldwide ERP software market share belongs to SAP, double their largest competitor***
*Based on Onapsis Research 5/2015** Ponemon Institute Research 2/16*** Forbes 5/2014
SAP - the ERP Market Leader
5
![Page 6: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/6.jpg)
© Panaya | An Infosys Company6
The Underestimated Security Threat*
*Based on Ponemon Institute Research 2/16
ERP ranked in the top 5 SAP applications most vulnerable to attack
75% believe SAP platforms have at least one and possibly more malware infections
70% of enterprises skip security and compliance audits of their ABAP code
47% expect an increase in attacks against SAP infrastructure over the next 2 years.
Only 34% say their companies have visibility into the security of SAP Applications
![Page 7: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/7.jpg)
© Panaya | An Infosys Company7
*Based on Ponemon Institute Research 2/16
63% say C-level execs underestimate the risk associated with insecure SAP applications
21% of senior leadership were aware or shared the concern of an attack on their SAP application
Senior Leadership andthe Security Risk
![Page 8: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/8.jpg)
© Panaya | An Infosys Company8
Security is a hasslebut it needs to be done
![Page 9: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/9.jpg)
© Panaya | An Infosys Company9
What you need to secure your landscapeYou need to ensure 6 areas
Access controlApplication securityInfrastructure GRCData Security On-going monitoring
![Page 10: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/10.jpg)
PANAYA© Panaya | An Infosys Company
PANAYAPOLL2/ 4
PANAYA
![Page 11: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/11.jpg)
© Panaya | An Infosys Company
Information Security at Infosys
![Page 12: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/12.jpg)
© Panaya | An Infosys Company12
(iCRM) - Security Solutions and Services
![Page 13: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/13.jpg)
© Panaya | An Infosys Company
SAP Landscape Complexity
![Page 14: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/14.jpg)
© Panaya | An Infosys Company14
SAP Environment -SAP R/3 and SAP Business Suite - On-cloud
![Page 15: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/15.jpg)
© Panaya | An Infosys Company
SAP Security Risks & Vulnerabilities
![Page 16: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/16.jpg)
© Panaya | An Infosys Company16
Top 10 SAP Vulnerabilities
Authentication Bypass via Verb tampering1. Authentication Bypass via the Invoker servletBuffer overflow in ABAP KernelCode execution via TH_GREPMMC read SESSIONIDRemote ports can Encryption in SAPGUIBAPI XSS/SMBRELAYXML Blowup DOSGUI Scripting DOS
Top 10 vulnerabilitiesSource : ERPScan
Default passwords for DB accessLack of DB patch managementUnnecessary Enabled DB featuresLack of password lockout/complexity checksUnencrypted sensitive data transport / dataLack or misconfigured network access controlExtensive user and group privilegesLack or misconfigured auditInsecure trust relations Open additional interfaces
Top 10 vulnerabilitiesSource : http://www.cvedetails.com/vendor/797/SAP.html
![Page 17: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/17.jpg)
© Panaya | An Infosys Company
Infosys iCRM & PANAYA-SAP Security Offering
![Page 18: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/18.jpg)
© Panaya | An Infosys Company18
NetworkServer OS
Basis ControlsIT Controls
Business Process ReviewConfiguration ReviewIT Application Controls
Role & Authorization ReviewAccess ReviewSoD Review Authorizatio
n/SoD Controls
Process Controls
Infrastructure Controls
Technical Controls
Types of Controls in SAP Inherent or Default controls
Default Controls – Sales order cannot be created without a valid customer
Configurable controlsImplemented through IMG Settings.Example- Tolerance for three way match or PO Approval Hierarchy
Procedural ControlsIT dependent Controls: Review of Exception reportsSecurity ChecksReview Configuration SettingsProcedural ControlsException Reports
SAP Layers of Security & Types of Controls
![Page 19: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/19.jpg)
© Panaya | An Infosys Company19
Infosys-Panaya- SAP Landscape Security offering
Governance Security Review and Monitoring
Review of Audit Logs Change & Transport Management
Access Control and Roles
management
Users & Authorizations Authentication and Single Sign on
Roles Management
SAP Infrastructure
Security
Operating Systems and Database Security
Network Security ( SAP Router),
Data Security
Source Code and Custom Code
Security
Secure Maintenance of ABAP Code & Custom code
Security
VA and PT Front End Security ( FIORI, SAP Enterprise
Portal, SAP-Gui )
SAP New Technologies
SAP HANA appliance & HANA Security
SAP Mobile Middleware
( MDM, MAM, )
SAP Cloud Security
Application Security
Infrastructure Security
Identity & Access Management
Data Security
Governance, Risk and Compliance
Panaya Cloud Quality Project
Infosys Security Offering
Panaya Offering
![Page 20: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/20.jpg)
© Panaya | An Infosys Company
PANAYAPOLL3/ 4
PANAYA
![Page 21: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/21.jpg)
© Panaya | An Infosys Company21
Panaya CloudQualityTM Suite
![Page 22: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/22.jpg)
© Panaya | An Infosys Company
Increase ERP agility with zero riskPanaya CloudQuality™ Suite
SCOPE
TEST
ANALYZEAny ERP Change
COLLABORATIONFunctional
Security
Performance
What to fix
What to test
Manage Automate Document & Report
22
![Page 23: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/23.jpg)
© Panaya | An Infosys Company23
Train developers to write secure code
Automate
Integrate security in ongoing ERP maintenance
Simplify Security audits
Make it simple with Panaya
![Page 24: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/24.jpg)
© Panaya | An Infosys Company24
Ongoing seamless security
Security is integrated into ongoing change management
Secure go-live!
![Page 25: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/25.jpg)
© Panaya | An Infosys Company25
![Page 26: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/26.jpg)
© Panaya | An Infosys Company
PANAYAPOLL4/ 4
PANAYA
![Page 27: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/27.jpg)
© Panaya | An Infosys Company27
Established 2006, Acquired by Infosys - 2014
Quality Automation SaaS Solution for ERP
Powered by:
ERP Domain expertise
Crowd based customer insights
Proven with over 2000+ Customers
50 HANA Migrations
Over 9,000 projects(5,000 business process implementations)
2000+ Stay-current projects (upgrade, patches)
Over 5,000,000 test scripts
![Page 28: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/28.jpg)
© Panaya | An Infosys Company28
Information Security at Infosys
![Page 29: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/29.jpg)
© Panaya | An Infosys Company
Get your own complimentary assessment from
upload to Panaya Code Box
ERP Health-check & simulation of your upgrade project
< 20 min. < 48 hrs.*
Upload GetRun a simple ABAP report and
* Estimate time based on business days
![Page 30: SAP Security Chat Tips to Improve SAP ERP Security](https://reader031.vdocuments.net/reader031/viewer/2022012311/587015fb1a28ab7f428b577d/html5/thumbnails/30.jpg)
© Panaya | An Infosys Company