Foreword

During cyberattacks, malicious actors bypass multiple security devices in order to achieve their goal: the application layer. Thus, critical data for daily business activities are often reached through applications and professional softwares like ERPs.

The various technologies used in ERP environments generate an increasing complexity for the management of patches and vulnerabilities, which makes protecting data more and more painstaking. This situation consequently degrades the cost / benefice ratio. Indeed, companies need to cover a large attack surface in order to protect themselves from hackers that can concentrate on just one precise vector to penetrate systems.

In order to minimize this attack surface, the security of systems & applications landscapes need to follow essential best practices:

  • Have a strategic approach regarding the deployment of patches and updates,

  • Centralize the processing of identity data originating from multiple sources,

  • Protect and secure data access and communication between different applications in the Information System,

  • Implement a centralized system for the monitoring of telemetry data to detect threats.

« By 2020, 100% of large enterprises will be asked to report to their board of directors on cybersecurity and technology risk at least annually, up from 40% today »

Gartner 2018

With a good knowledge of SAP systems, ArtimIS can support you in the management of these topics, in particular by applying best practices adapted to your context. Our SAP cybersecurity offering therefore addresses these four major topics.

Patch Management

In an organization’s IT environment, no application is not protected from risks posed by inadequate software patch management. Editors (Microsoft, SAP…) provide security updates because new vulnerabilities are regularly discovered. Once patches are published by editors, these vulnerabilities become public and their use by malicious actors is possible on unpatched systems.

Several studies performed over the last three years have revealed that there is a strong trend towards the malicious use of public vulnerabilities in ERP applications (e.g. SAP). This sensitive subject is fundamental for the cybersecurity of the company because it directly affects sensitive data and operational activities can be strongly impacted.

«  Eighty-nine percent of IT security professionals expect the number of cyberattacks against ERP systems to increase – 30% of them expect a significant increase»

Cybersecurity Trends 2017 Spotlight Report, Crowd Research Partners

The increasing complexity of applications and the constant evolution of ERPs generate several problems that companies must respond to:

  • The variety of technologies used in ERPs makes the management of updates complex,

  • The volume of patches to be deployed is significant resulting in time-consuming deployment and testing activities,

  • The potential performance problems and risks of unavailability linked to bad deployment makes management delicate.

Faced with the problems mentioned above, many companies ignore patches in order to maintain high operational availability: this choice can have serious consequences, as several recent cases have shown.

To mitigate risks of cyber attacks, every organization needs a complete, reliable and cost-effective patch management process to ensure the stability and security of the ERP environment. SAP and other editors provide software solutions to simplify this management. With a good knowledge of SAP systems, ArtimIS can assist you in this area, in particular by implementing a patch management strategy that includes the following steps:

  • Plan the time of the process,

  • Establish an up-to-date inventory of all production systems,

  • Standardize systems to accelerate remediation processes,

  • List and analyse the security controls present in the environment,

  • Scan for vulnerabilities and classify risks with vulnerability management tools,

  • Test & Deploy.

Federation of Identities

The evolution of companies and their application landscape generates a multiplication of user accounts. This data is therefore treated, stored and maintained in different solutions, resulting in multiple entry points for the same user. In order to secure access to these different elements, it is important to federate this identity system.

Such a multiplication of accounts generates risks such as:

  • Incomplete and incompatible user data updates, which complicates workflows and increases errors,

  • The multiplication of rights and user IDs to be managed, resulting in unauthorized access to applications,

  • Manual processing, which increases risks of errors and makes tasks time-consuming,

  • Incomplete audit tracks, making compliance management more difficult.

It is essential to centrally track a user’s lifecycle from provisioning to deletion. This will allow users to access multiple applications with single sign-on authentication while ensuring their identity and legitimacy. Identity federation technical solutions provide uniform centralized reporting across all user accounts.

ArtimIS proposes its expertise in the federation of your identities and in the different phases of their lifecycle by implementing the appropriate solutions. The benefits of this approach are the following:

  • Synchronize the directories of the different applications,

  • Setting up automatic provisioning,

  • Implementing a single sign-on solution.

  • Link to SAP IdM

A good federation of identities is necessary for access management in the context of GRC.
see our detailed UAM offer HERE

Data access & protection

Today, security in SAP environments is no longer confined to the notion of SoD and access governance. Access to data is a major issue in information system security. Rules essential to their protection must be respected:

  • SAP data is often manipulated by third-party applications, which access it via various communication protocols (used especially by connectors for Remote Function Calls…). A good management of these connections is necessary.

  • In the same way, technical solutions used to make SAP platforms talk to each other (such as WebApp) can be used for malicious purposes to access data stored by SAP.

  • In addition, SAP S/4 Hana provides excellent performance gains, but the management of database access has been completely overhauled. It is essential not to limit authorization management to business accesses processed via the authorization objects in the ABAP code, but to integrate access to the Hana database into this issue.

  • Finally, the confidentiality of sensitive data can also be improved by dedicated SAP solutions, such as UI Masking & UI Logging, which hide sensitive values from all users. With different implementation methods, these solutions can be integrated into the SAP Enterprise Threat Detection monitoring system (-> link to SAP UI Masking UI Logging) (-> link to SAP ETD).

ArtmIS offers its services to support and implement these security mechanisms in order to guarantee a better protection of your data.

Supervision & Monitoring

A study conducted by IBM in 2019 reveals that a hacker who succeeds in penetrating a company’s IS can stay there for an average of 206 days without being detected. The attacker will thus have time to achieve any desired objective, whether it is to steal, modify data or make it inaccessible or unusable.

Intrusion detection is complex, especially in ERP environments such as SAP for the following reasons:

  • The numerous applications used in ERPs mean that a wide variety of technologies are used, thus extending the attack surface.

  • Each type of application generates a different type of log that will be recorded in a dedicated database.

  • The sources of threats are diverse, it is difficult to know whether a transaction should be classified as suspicious; which event should generate a security alert and whether it was made by a legitimate user.

  • Conventional monitoring systems (typically SIEMs – Security Information and Event Management) are generally not capable of natively analyzing the detailed logs generated by ERP applications.

Studies show that the earlier a company detects an intrusion into its systems, the less financial loss. The value of early intrusion detection in an ERP system is therefore undeniable.

ArtimIS can help you implement the SAP Enterprise Threat Detection solution to protect your data:

  • ETD as an alert system for basic detection against suspicious activities,

  • Integration of ETD with an existing SIEM such as IBM QRadar which allows to extend the monitoring perimeter by covering business applications

WHY ARTIMIS?

The seniority of our consultants and our broad experience enable us to bring a pragmatic and agile approach in our project management when it comes to compliance projects.

Benoit Pachot, Partner at ArtimIS