Protecting SAP Applications with Deloitte and ArcSight in 2012

Summary:

This document focuses on enhancing SAP security using the ArcSight SIEM solution to protect against cyber threats and potential theft of intellectual property (IP). It highlights the importance of integrating advanced SIEM solutions into SAP environments for better detection of vulnerabilities and prevention of security breaches, especially related to insider threats and IP theft. Key features include use cases designed by Deloitte for various risk categories, authentication measures to prevent unauthorized access, real-time alerts based on suspicious activities, and a comprehensive view combining isolated events across IT layers. The implementation aims to improve business process efficiency and prevent inventory shrinkage due to fraudulent activities involving exposed employees with conflicting access rights.

Details:

The presentation, titled "ArcSight for SAP," discusses the importance of protecting SAP applications from security risks and introduces the ArcSight SIEM solution to enhance IT security and risk management capabilities. Key points include: 1. **SAP Security Trends and Risks**: SAP is increasingly used in online, mobile environments with complex systems, making it a target for cyber espionage and other threats. Traditional security measures are often inadequate, highlighting the need for improved security practices. 2. **Introduction to ArcSight**: ArcSight is a SIEM solution that collects information from multiple systems, normalizes these into a common format, correlates events using rules, and provides consolidated cyber threat intelligence through dashboards, query viewers, and reports. 3. **ArcSight for SAP Strategy**: This strategy focuses on increasing risk intelligence by correlating isolated security events across the IT landscape. The current state involves fragmented, limited periodic active monitoring with ArcSight specifically targeting SAP applications to enhance multi-layer protection. 4. **Use Cases**: Deloitte has designed over 100 use cases for rapid deployment in various risk categories such as asset sabotage/destruction and financial reporting misstatement. These include protecting core data processing assets, detecting risk anomalies, monitoring access to sensitive information, and preventing the loss of intellectual property (IP) through connectors that monitor on-screen access to SAP fields containing sensitive information. 5. **Benefits**: Implementing ArcSight for SAP can help reduce losses due to cyber espionage and insider threats by identifying risks associated with IP theft and monitoring where and who is consuming sensitive data, thereby reducing financial loss caused by such acts. Overall, the presentation emphasizes the importance of integrating advanced SIEM solutions like ArcSight into SAP environments to better detect vulnerabilities and protect against potential security breaches and intellectual property theft. This document outlines the integration of SAP GRC (Governance, Risk and Compliance) with ArcSight for SAP to enhance inventory shrinkage prevention within companies. The process involves several key steps: 1. **Authentication from Contractor**: Ensures only authorized personnel can access sensitive data through the SAP application. 2. **Account Disabled in Active Directory but Never Disabled in SAP Application**: Identifies a discrepancy that could lead to unauthorized access, triggering alerts for potential breaches. 3. **ArcSight Agents and Alerts**: Utilizes ArcSight agents to track suspicious activities within the SAP network, setting off real-time alerts when high-risk data is accessed. 4. **Risk Profile Context**: Profiles users with conflicting access rights based on risk analysis from SAP GRC, helping to prevent unauthorized use of confidential data. 5. **Trigger High Risk Alerts**: Utilizes application event correlation to detect and alert management about fraudulent activities related to fictitious customer records. 6. **Holistic View**: Combines isolated events across various IT layers and areas within SAP to provide a comprehensive view of fraud activity, enabling proactive risk management. The solution helps improve business process efficiency by detecting risks in real-time and enhancing the ability to prevent inventory shrinkage due to fraudulent activities related to sales orders generated by exposed employees with conflicting access rights. The integration of SAP GRC capabilities with ArcSight for SAP provides a holistic view of user activities, risk opportunities, and potential fraud, ensuring a proactive approach to managing critical business processes. This disclaimer informs that the presented content should be considered as a guide and that individuals are advised to consult with a qualified professional for advice. The mentioned entities (Deloitte, its affiliates, and related companies) do not take responsibility for any losses incurred by users relying on this information. They emphasize copyright protections and provide legal notices regarding usage rights of the materials presented within the context.