THIRD PARTY VS SAP SOLUTION MANAGER FOR SAP CYBERSECURITY PROTECTION

Transcription

1 LAYER SEVEN SECURITY THIRD PARTY VS SAP SOLUTION MANAGER FOR SAP CYBERSECURITY PROTECTION COMPARISON CHART

2 Third Party vs. SAP Solution Manager Third Party Solutions Recommended System Inventory Vulnerability Management Compliance Reporting Threat Detection SAP Solution Manager maintains technical data for all systems in SAP landscapes. This includes installed application components, software versions, and host and database information SAP Solution Manager performs automated daily scans for hundreds of vulnerabilities in SAP systems. The results are stored in an internal Business Warehouse and read by Service Level Reports (SLR) and Security Dashboards Service Level Reports include gap assessments for compliance frameworks such as the NIST Cybersecurity Framework, PCI DSS and IT Control Objectives for SOX SAP Solution Manager monitors event data in SAP logs and generates alerts for suspected attacks and security breaches Remediation Best Practices Patch Management Security Dashboards Interface Monitoring Support for HANA and S/4HANA SAP Solution Manager includes Guided Procedures for investigating and resolving security alerts SAP Solution Manager includes a direct connection to SAP Support for discovering Security Notes The Dashboard Framework in SAP Solution Manager displays security KPIs in dynamic visualizations SAP Solution Manager monitors dangerous system interfaces including RFC, HTTP and Web Service connections using a graphical topology SAP Solution Manager monitors the security of HANA systems including security-relevant parameters, audit policies, standard users and critical SQL privileges

3 Support for SAP Cloud and Hybrid SIEM Integration Custom Code Management Change Impact Analysis Test Management GDPR Compliance Cloud and Hybrid systems are monitored by SAP Solution Manager using SolMan 2 Cloud (S2C) Vulnerability and alert data is automatically forwarded by SAP Solution Manager to security information event management (SIEM) systems Custom Code Lifecycle Management (CCLM) in SAP Solution Manager maps and analyzes custom programs and enables customers to reduce the attack surface by removing cloned and redundant code SAP Solution Manager integrates with Usage Procedure Logging (UPL) and Solution Documentation to identify the impact of security patches before they are implemented Test Management in SAP Solution Manager includes SAP best practices for preparing, executing and managing test plans for planned changes including corrections implemented through Security Notes GDPR requirements for privacy by design and breach notification can be met through systematic monitoring of access to personal data using SAP Solution Manager Maintenance and Support SAP Recommendations Software Licensing SAP Solution Manager is supported and maintained directly by SAP SAP Solution Manager is recommended by SAP for hardening and monitoring systems against cyber threats SAP Solution Manager 7.2 is available to SAP customers without any additional licensing and includes a free license for SAP HANA FREE TRIAL

4 5 Common Myths for Cybersecurity Monitoring with 1 Myth: SAP Solution Manager is complex to install and difficult to maintain SAP Solution Manager Fact: Security monitoring using SAP Solution Manager does not require the installation of any addons or components. The applications supporting security monitoring are automatically enabled during the standard Solution Manager setup process. Also, since security applications use existing connections with SAP systems, there is no need to install and configure additional agents in target systems. The applications are maintained directly by SAP and SAP Service Partners such as Layer Seven Security. 2 Myth: SAP Solution Manager creates dangerous RFC connections with SAP systems Fact: The RFC connections created by Solution Manager are no more or less dangerous than similar connections between other systems in SAP landscapes. Also, the risk is not removed if you decide not to perform security monitoring using SAP Solution Manager since the connections will remain in place. 3 Myth: SAP Solution Manager is a highvalue target for attackers Fact: All SAP systems are valuable targets for attackers. In fact, since Solution Manager does not typically store or process sensitive business data, it may be a less valuable target than systems such as ECC, CRM and SRM. Also, Solution Manager performs self-monitoring to detect security vulnerabilities including misconfigurations and missing patches, and potential security breaches captured in SAP logs. In dual landscapes, Solution Manager systems can monitor each other. 4 Myth: SAP Solution Manager is not certified 5 Myth: SAP Solution Manager does not provide coverage for zero-day vulnerabilities Fact: SAP Solution Manager is certified for information security management by organizations such as SERVIEW. Fact: Security researchers choose to deliver virtual patches for zero-day vulnerabilities through third party tools in order to induce SAP customers to subscribe to expensive licenses for such tools. This is a business decision and not due to any technical limitation in Solution Manager. Also, all zero-day vulnerabilities do not pose a critical risk to SAP systems.

5 LAYER SEVEN SECURITY Layer Seven Security empowers organizations to realize the potential of SAP systems. We serve customers worldwide to harden, patch and monitor systems against cyber threats using SAP Solution Manager. To schedule a demo for security monitoring using SAP Solution Manager, please contact info@layersevensecurity.com. CONTACT US 99 Hudson Street 5th Floor New York, NY