SAP Enterprise Threat Detection Overview & Roadmap. Martin Plummer, SAP SE November 2016

Similar documents
SAP Smart Business Service

SAP Road Map for Governance, Risk, and Compliance Solutions

SAP experience Day SAP BW/4HANA. 21 marzo 2018

SAP Solution Manager Focused Insights Setup for ST-OST SP4. AGS Solution Manager SAP Labs France

Connected Handel: Wie Vernetzung Wertschöpfungsketten

Week 3 Unit 3: Adapting Your Custom Code

SAP Product Road Map SAP Identity Management

Week 1 Unit 1: Basics. January, 2015

Webinar SAP Application Interface Framework. Michal Krawczyk - SAP Mentor Int4

S4F05. Asset Accounting in SAP S/4HANA: Customizing and Conversion COURSE OUTLINE. Course Version: 05 Course Duration: 2 Day(s)

SAP Cloud for Analytics. Somya Kapoor January 2016

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

ADM100. System Administration I for SAP S/4HANA and SAP Business Suite COURSE OUTLINE. Course Version: 19 Course Duration:

Landscape Deployment Recommendations for SAP Customer Activity Repository (CAR) and SAP CAR Application Bundle (CARAB)

SAP Education: Reporting Access User Guide

Visualize Business Process Performance for a Clear Picture of Where to Improve

SAP Offline Order Process

Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements

SAP Digital Product Innovation Innovations in 2017

Collaborate and Maximize Your Success with SAP Enterprise Support Value Maps

Digital Supply Chain of ONE

Week 1 Unit 1: Introducing SAP Screen Personas

How Do You Bring the Same Level of Excellence to Employees That You Bring to Customers?

SAP Digital Boardroom

Master Data Governance, Enterprise Edition. Gerhard Kwak, Product Management - Master Data Governance November 2013

SAP Best Practices for SuccessFactors Employee Central: Software and Delivery Requirements

ADM100 AS ABAP Administration I

Will S/4HANA and ARIBA change our procurement landscape?

SAP ERP to SAP S/4HANA 1709 Delta Scope Solution Capability: Time Sheet

Concur Solution Overview and Integration with SAP S/4HANA

C4C14 SAP Service Cloud

Overhead Cost Accounting Actual. SAP Best Practices

Automated VAT Adjustment for Payments with PPD - Workaround

C4C50. SAP Hybris Cloud for Customer Integration with On-premise SAP Solutions COURSE OUTLINE. Course Version: 20 Course Duration: 4 Day(s)

Intercompany Integration Solution for SAP Business One Discover How the Intercompany Solution Enables Financial Data Consolidation & Provides

Week 1 Unit 5: Application Example: Natural Language Processing

opensap Find Your Path to SAP S/4HANA Try it Yourself

C4C12 SAP Sales Cloud

C4C12 SAP Sales Cloud

5 Steps for Using AI to Avoid Bias in Decision Making

S4H01 SAP Business Suite to SAP S/4HANA Delta

Integrated business planning with SAP Business Planning and Consolidation

S4F01 Financial Accounting in SAP S/4HANA for SAP ERP FI Professionals

I am connected! Now what?

Legal Disclaimer SAP SE or an SAP affiliate company. All rights reserved. Public

SAPTEC. SAP NetWeaver Application Server - Fundamentals COURSE OUTLINE. Course Version: 16 Course Duration: 3 Day(s)

GTS200. Configuring SAP Global Trade Services COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

ACT100 SAP Activate Methodology

THR94. SAP SuccessFactors Employee Central Time Off COURSE OUTLINE. Course Version: 64 Course Duration: 3 Day(s)

run() MOB 101 SAP and Apple: Revolutionize the Mobile Work Experience

S4F02. Management Accounting in SAP S/4HANA COURSE OUTLINE. Course Version: 05 Course Duration: 3 Day(s)

Driving Customer Value leveraging SAP s strategy for the Internet of Things Internet of Things Technology Forum Frankfurt

SAP Hybris Marketing Cloud Real-Time Customer Profiling

Intercompany Integration Solution for SAP Business One Centralized Payment

FAQs Opportunity Management SAP Hybris Cloud for Customer PUBLIC

SAP Jam Collaboration Revolutionize work. Simplify your business.

Smarter, Faster, Simpler IoT and the Digitization of Ports Value Chains

SuccessFactors Employee Central Side-by-Side Deployment with SAP ERP. White Paper

SAP S/4HANA Update for User Groups

Addressing Predictive Maintenance with SAP Predictive Analytics

UX100 SAP Fiori - Foundation

TS4C01. SAP S/4HANA Cloud On-boarding Fundamentals COURSE OUTLINE. Course Version: 04 Course Duration: 3 Day(s)

SAP Machine Learning for Hadoop. Customer

Maintenance Planner Webinars for SAP User Groups

SM72D. SAP Solution Manager 7.2 Delta Training COURSE OUTLINE. Course Version: 17 Course Duration: 3 Day(s)

SAP Fieldglass Datasheet SAP FIELDGLASS INTEGRATION OVERVIEW AND DIFFERENTIATORS

K4U Knowledge for Success Internet of Things Webinar Series

E2E600. Implementation Projects with SAP Solution Manager 7.2 COURSE OUTLINE. Course Version: 18 Course Duration: 5 Day(s)

S4H00 SAP S/4HANA Overview

ACT100 SAP Activate Methodology

S4F01 Financial Accounting in SAP S/4HANA for SAP ERP FI Professionals

SAP Hybris Marketing Cloud Implementation Steps for 1711

SAP Business One 9.0 Integration for SAP NetWeaver Overview Presentation

S4H01. Introduction to SAP S/4HANA COURSE OUTLINE. Course Version: 03 Course Duration: 2 Day(s)

SAP Lumira. #SAPForum 2016 SAP SE OR AN SAP AFFILIATE COMPANY. ALL RIGHTS RESERVED. #SAPForum. Horacio Mendoza. Advanced Analytics Presales Specialist

FS250. Bank Analyzer Overview in Banking Services from SAP 9.0 COURSE OUTLINE. Course Version: 15 Course Duration: 1 Day(s)

PLM560. SAP Product Lifecycle Costing COURSE OUTLINE. Course Version: 02 Course Duration: 2 Day(s)

SAP ERP to SAP S/4HANA 1709 Delta Scope Solution Capability: Warranty Management

ITM203 Build Your Dashboards in SAP Solution Manager with Focused Insights. Public

SAP Enterprise Support Advisory Council SAP S/4HANA Cloud Work Stream

SAP Quality Issue Management Rapid Deployment Solution: Software and Delivery Requirements

SAP SuccessFactors Succession and Development

CLD900. SAP Cloud Platform, Integration Service, Overview COURSE OUTLINE. Course Version: 16 Course Duration: 3 Day(s)

S4F01. Financial Accounting in SAP S/ 4HANA COURSE OUTLINE. Course Version: 03 Course Duration: 2 Day(s)

SAP Financial Close and Disclosure Management rapid-deployment solution: Software and Delivery Requirements

SAP HANA Enterprise Cloud Power of Real Time Computing with Simplicity of the Cloud

ITM208 Business Process Operation in SAP Solution Manager 7.2. Public

S4H00 S/4HANA Overview

RCS UI Logging Sample Screen Shots from SAP GUI (on SAP Test system)

SAP01. SAP Overview COURSE OUTLINE. Course Version: 17 Course Duration: 3 Day(s)

PLM210. Master Data Configuration in SAP Project System COURSE OUTLINE. Course Version: 16 Course Duration: 2 Day(s)

S4C01. SAP S/4HANA Cloud On-boarding Fundamentals COURSE OUTLINE. Course Version: 05 Course Duration: 3 Day(s)

C4C12 SAP Hybris Sales Cloud

Global Trade Management

Document Center and Document Management in S/4HANA Frank Spiegel, SAP October 2016

SAP Simple Finance Your Key for a Technology Driven Transformation. Susana Fernandes, Office of the CFO Solutions

S4MA1. SAP S/4HANA Manufacturing - Functions & Innovations COURSE OUTLINE. Course Version: 09 Course Duration:

SAP Solution Manager Value Report Information Collection Guide

Internet of Things and Industry 4.0 facilitating the future of Manufacturing

S4SD1. SAP S/4HANA Sales - Functions & Innovations COURSE OUTLINE. Course Version: 05 Course Duration: 1 Day(s)

Transcription:

SAP Enterprise Threat Detection Overview & Roadmap Martin Plummer, SAP SE November 2016

Disclaimer The information in this document is confidential and proprietary to SAP and may not be disclosed without the permission of SAP. This document is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation and SAP's strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this document is not a commitment, promise or legal obligation to deliver any material, code or functionality. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP intentionally or grossly negligent. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 2

Introduction

Trends Business landscape interconnected systems Cyber crime sophisticated attacks Security strategy risk based security measures 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 4

Increase The threat landscape is changing And your security measures? Denial of service Standard malicious mails Standard malware Solutions are available on infrastructure layer but with limited insight to the business systems Cost of insider attacks Business applications as a target Identity theft Targeted attacks against employees Cost of espionage Standard encryption reducing the effectiveness of network-based security solutions The weak point of most enterprises 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 5

Risk-based security investments Do you protect your data or only the underlying infrastructure? What data is critical to you? Production process Specifications Customer data Product lifecycle Processes Employee data Marketing activities Vendor information Logistic Financial data Leads Contract data Where is that data mainly stored? Mails Device SAP systems Cloud drives Files Security measures on the infrastructure level are mandatory. But for most companies an SAP system is a black box with respect to security. That black box often contains the most critical data. SAP system Infrastructure 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 6

Security for business systems The missing piece Detection Security from a SAP department perspective Strong authentication Identity Management Secure configuration Patch management Secure development SAP Landscape 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 7

Detect attacks against your business systems What kind of attacks are you able to identify in your SAP business landscape in real time? Description Brute force attack (SAP RFC, web services, ) Identity theft (SAP user) Misuse of administrative rights within SAP Misuse of development rights within SAP SAP User anomaly detection System anomaly detection Data breach in a SAP system What kind of transparency do you have into your system landscape in real time? Description Threat situation last 24 hours? SAP system patch status? Forensic tools to examine a suspicion? Who read confidential information in the SAP system? Historically security data of your SAP system landscape? Technical events versus sematic events? Real time correlation of large amounts of security data? 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 8

Customer scenarios 3rd party employee working with firefighter rights is creating a backdoor user Risks: System can be accessed by unauthorized user Employee is downloading unusal amounts of technical drawings Risks: Exfiltration of intellectual property Admins login to a high-security system from a potentially unsafe network Risks: Administratior credentials get compromised SAP servers communicate with known malware hosts Risks: Further spread of malware within the IT network, exfiltration of sensitive data (Banking) (Manufacturing) (Public Sector) (SAP IT) 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 9

The application level needs to be addressed Application Database Operating System Network 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 10

Product Overview

Protect your business Effectively identify and analyze threats Efficiently analyze and correlate logs Perform forensic investigations and discover new patterns Automatically evaluate attack detection patterns Integrate custom log providers Find threats focused on SAP software Leverage the power of the real-time data platform 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 12

SAP Enterprise Threat Detection Main use cases Real-time security monitoring Gather events from the landscape Evaluate attack detection patterns React on critical alerts Gain an overview of the threat situation Ad hoc analysis Analyze existing suspicions Perform forensic investigation Support compliance processes 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 13

SAP Enterprise Threat Detection - Architecture HANA SAP landscape (any database) log ABAP log log SAP Enterprise Threat Detection Threat situation, forensic lab, patterns, log learning, Non-SAP log data SAP HANA Smart Data Streaming SAP HANA log Distributed system log data Normalize, pseudonymize, enrich log data Persistence, analyze, generate alerts 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 14

Integration with SIEM and other external processes Alert publishing Pushing via Email Pushing as JSON Pulling as JSON Alerts, notifications, events as input Log learning Custom adapters on ESP ETD JSON SIEM Specialized Detectors 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 15

Log management (archiving) For long-term storage and retrieval Write events to files Original (for auditing) Normalized (same as sent to HANA) Read normalized events from files Retrieve old events for forensic analysis Original Data ESP (Event Stream Processor) Normalized Data HANA Normalized Data Archive Original Data 3 Original Normalized Data 3 Normalized Data 2 Original Data 1 Data 2 Normalized Data 1 ESP HANA Normalized Data 1 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 16

Example scenario Assignment of SAP_ALL and following actions The authorization of a user account is increased. Someone now uses the enhanced user account to debug a financial report to divert money to his account. Assign SAP_ALL Log on Debug and divert money Automated attack detection patterns would alert the security operations center at several stages and determine: Users Terminals Key events Values that were altered 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 17

Working with SAP Enterprise Threat Detection Monitoring and Forensic Lab Alerts Initial analysis Further analysis, deriving new patterns 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 18

Example of analyzing events in the forensic lab An existing workspace has filter paths showing critical authorization assignment and logons There are 2 events where a logon has taken place with an account that has received a critical authorization A path is added to look into what the corresponding users have been up to Filters are added to the path and finally the raw data is examined 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 19

Graphical and statistical analysis Looking at the bigger picture Anomaly and outlier detection compare observed feature values against historic baseline. Threat situation shows network of patterns, involved systems, users and terminals. Resulting diagram allows identification of hotspots of potentially malicious activities. 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 20

Anomaly Detection Lab Detect deviations from normal behavior Over the course of 12 weeks, systems A, B, and C only communicate with system D Suddenly, system A communicates with System B Is this suspicious? System B System A Normal System D System C System A Abnormal System B System D System C 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 21

Pseudonymization GZVRR-8076 XYZ/000 GZVRR-8076 XYZ/000 2016 SAP SE or an SAP affiliate company. All rights reserved. 22

Security Status Monitor Systems 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 23

Security Status Monitor Security Notes Patterns Coverage in SP04 is of recent ABAP Security Notes dating back to September 2015 in three categories (total 53 notes): Missing Authorization Removed RFC flag Disabled Code Execution You can incorporate indicators from these into your own patterns in the forensic lab 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 24

ETD @ SAP IT

SAP Enterprise Threat Detection inside SAP IT Foundational Services: SAP GRC - Risk Management SAP GRC - Process Controls SAP Fraud Management UIL / UIM 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 26

SAP Enterprise Threat Detection A Big-data Solution to a Serious Security Challenge Company SAP SE Headquarters Walldorf, Germany Industry High Tech Products and Services Enterprise software and services Employees 74,000 Revenue 16.82 billion Web Site www.sap.com Implementation Partners - BUSINESS TRANSFORMATION The company s top objectives Add the layer of application level security monitoring to the existing security measures at SAP Bring knowledge about attack patterns into an executable form, so attacks can be detected automatically and accurately Enable Security Operations to timely identify and act on attacks and malicious behavior in SAP Systems The resolution Implementation of dedicated SAP Enterprise Threat Detection (ETD) landscape with sufficient sizing to cope with the vast amount of log data available Tailoring of attack patterns to the specifics of the business systems being monitored Continuous expansion of pattern repository Close collaboration with product development teams to implement required features and integrate them into the standard product The key benefits Readily and efficiently identify security lapses in SAP s business systems Detection of threats and attacks as they happen On the fly security analytics capabilities SAP Enterprise Threat Detection enables us to identify real attacks to our business systems as they are happening and analyze the threats quickly enough to neutralize them before serious damage occurs. Maximilian Adrian, Vice President Business Application Security, SAP SE TOP BENEFITS ACHIEVED >80 Available attack patterns ~250 Mio Events per Day 0,7% to 1,5% CPU load on monitored systems 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 27

Roadmap

SAP Enterprise Threat Detection Product road map overview - key themes and capabilities Today Planned Innovations Future Direction Collect event and context information SAP platforms NetWeaver ABAP/Java and HANA User, system and subnet metadata Syslog protocol and log learning User pseudonyms Analyze and visualize events Attack detection based on rules Anomaly detection based on user and system behavior Visualization of event and context data Support for two-tier landscapes Content delivered via service packs Monitor and act on incidents Monitoring dashboards Threat situation System security status Alerts and investigations Integration with SIEM and ticketing systems Operations Log archiving On Premise and in HANA Enterprise Cloud (Release 1.0 SP04) Collect event and context information Additional ABAP/Java logs SAP Solution Manager security services SAP GRC products 3 rd party products via CEF Analyze and visualize events Regular content delivery SAP security notes and compliance checks Supervised machine learning for anomaly detection Enhanced functions for pattern definition Monitor and act on incidents Integration with further SIEM systems Integration with SAP Solution Manager Alerting Visualization of threat situation Operations Hot/warm data management SaaS Collect event and context information SAP Cloud applications SAP ERP HCM, SAP SuccessFactors EC Threat intelligence providers Analyze and visualize events Detection of new threats Advanced analysis & visualization Monitor and act on incidents Automated reaction Flexible reporting / dashboards This is the current state of planning and may be changed by SAP at any time. 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 29

Summary

Summary SAP Enterprise Threat Detection Security monitoring for your SAP business systems Holistic security approach together with your existing infrastructure based investments Understand the impact of an attack on your business systems Support your compliance/audit goals Protect your company and shareholder interests 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 31

2016 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE s or its affiliated companies strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forwardlooking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. 2016 SAP SE or an SAP affiliate company. All rights reserved. Customer 32

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback