SAP Security: A Tale of Cyberthievery

Summary:

This document is about the increasing problem of data breaches in enterprises, especially through SAP systems. It talks about a specific breach involving USIS's Department of Homeland Security (DHS) employees' confidential data accessed via SAP. As a result, DHS employees were notified and USIS's contract with DHS was canceled. The document also mentions the average cost of a data breach has increased to $3.79 million since 2013. To address this issue, the document introduces the Enterprise Threat Monitor (ETM), part of the ESNC Security Suite. ETM provides real-time evaluation of SAP security threats through continuous monitoring, automatic detection of suspicious activities, and correlation of correlated events to HP ArcSight Enterprise. It helps build a safety net around SAP systems by providing activity overviews, identifying incidents such as unauthorized access or changes in business data, adjusting to the enterprise's standard business behavior to reduce false positives, and providing high-quality results. The document also features Ertunga Arsal, a security researcher with expertise in auditing SAP systems for vulnerabilities and has been credited by SAP for over 100 security issues. He presents at international conferences like Blackhat, CCC annual congress, and D. The information aims to highlight the importance of protecting SAP systems from breaches and demonstrates how ETM can be an effective tool against such threats within enterprises. The document also covers a series of security conferences including Hashdays, Deepsec, Sec-T, and possibly others, organized by the founder of ESNC (European SAP Security Community). It encourages participants to fill out a survey upon leaving the session B6260 led by speaker Ertunga Arsal to provide feedback for improving future event content. Finally, the document provides copyright information, links to the ESNC website, contact details, and information about their services such as SAP security solutions and the Enterprise Threat Monitor (ETM). It advertises a 14-day free trial for ETM and specifies that no part of it can be distributed without written permission from ESNC.

Details:

This document discusses the increasing problem of data breaches in enterprises, particularly through SAP systems. It highlights a breach involving USIS's Department of Homeland Security (DHS) employees' confidential data accessed via SAP, resulting in DHS employees being notified and USIS's contract with DHS canceled. The IBM study reports that the average cost of a data breach is $3.79 million, increasing by 23% since 2013. Notable examples include eBay, JP Morgan Chase, British Airways, and UPS which suffered major breaches. SAP systems are central to enterprise operations as they store and process sensitive data; however, they are vulnerable to attacks through remote OS command execution in SAP BASIS Communication Services and third-party components like OpenText/IX OS ECM, where code injection can occur. The document introduces the Enterprise Threat Monitor (ETM), a part of the ESNC Security Suite designed for real-time evaluation of SAP security threats. It includes continuous monitoring, automatic detection of suspicious activities, and correlation of correlated events to HP ArcSight Enterprise. The ETM helps in building a safety net around SAP systems by providing activity overviews, identifying incidents such as unauthorized access or changes in business data. It adjusts to the enterprise's standard business behavior to reduce false positives and provides high-quality results. The document also mentions Ertunga Arsal, a security researcher with expertise in auditing SAP systems for vulnerabilities and has been credited by SAP for over 100 security issues. He is present at international conferences like Blackhat, CCC annual congress, and D. The information provided aims to highlight the importance of protecting SAP systems from breaches and demonstrates how ETM can be an effective tool against such threats within enterprises. The text outlines a series of security conferences including Hashdays, Deepsec, Sec-T, and possibly others. It mentions the founder of ESNC (European SAP Security Community), which organizes these events. The content encourages participants to fill out a survey upon leaving the session B6260, led by speaker Ertunga Arsal, and provides feedback that helps improve future event content. The document includes copyright information for ESNC, links to their website, contact details, and information about their services such as SAP security solutions and the Enterprise Threat Monitor (ETM). It advertises a 14-day free trial for ETM, mentions trademark status of products like SAP, ABAP, SAPGUI, Oracle, Java, and other names and logos. The document also specifies that no part of it can be distributed without written permission from ESNC.