Webinar on Oracle EBS Security.
Roman Bezhan, Business Applications Security
What?Posted on October 19, 2016 | Filed under Events
The recent Oracle MICROS data breach (PoS solution installed in over 330,000 sites across 180 countries) demonstrated once again that hackers find business applications an attractive target. We have got news for you. First, researchers and vendors are also interested in enterprise software security and release various guidelines related to this topic on the regular basis. However, it's too early to rejoice. It will take forever just to look through all these documents. In order to stay protected, you’ll need to understand how these threats can impact your organization.
Business Applications Security ResearcherPosted on September 29, 2016 | Filed under Events
On the upcoming webinar, Alexander Polyakov will guide you through the latest trends in SAP security in the discussion devoted to our new SAP Cyber Threat Report 2016, which has made a lot of buzz in the press lately.
Read more »Posted on August 12, 2016 | Filed under Events
You've certainly heard the latest news about the US-CERT alert over the attacks against SAP systems, and at a recent Gartner conference, ERP was highlighted as an important part of Cybersecurity strategy for an organization. Have you already decided that this is an urgent task on your To-Do List, but still don’t know where and how to start? This webinar will tell you about the first step in a process of securing key business applications from cyberattacks and fraud, namely Penetration testing. You will learn unique features of this service in relation to business applications based on SAP platform.
Read more »Posted on June 28, 2016 | Filed under Events
Nowadays, any large organization relies greatly on business applications. Systems like SAP store and process all companies’ critical data, which makes them an attractive target for cyberattacks. Interest in SAP security is growing exponentially and real attacks on SAP systems play a significant role in driving this interest.
Read more »Posted on May 25, 2016 | Filed under Events
Every month SAP releases about two dozens of so-called SAP Security Notes addressing one or more vulnerabilities in its solutions. The vendor rates the patches by priority; the most critical ones receive "Hot news" or "High priority" rating while others are considered not so dangerous. As companies have to deal with hundreds and even thousands of SAP notes, they try to prioritize them by CVSS base score or other similar metrics not paying attention to other factors such as other vulnerabilities which could increase risks.
Read more »Posted on May 20, 2016 | Filed under Events
April-11-2016 talk at CYpBER 2016, Cyprus “Cybersecurity for Oil and Gas Industry – How hackers can steal oil” by Alexander Polyakov
Cyber crimes cost energy and natural resources firms an average of $13.2 million each a year for lost business and damaged equipment, Ponemon’s survey states. Experts agree that threats to Oil and Gas companies become increasingly complex and sophisticated targeting both IT and OT infrastructures, that requires constant improvements to cyber security. Nowadays companies involved in the industry more than ever need to strengthen their cyber security.
Read more »Posted on April 11, 2016 | Filed under Events
March-16-2016 Talk at Troopers, Heidelberg “Thanks SAP for the vulnerabilities. Exploiting the unexploitable” by Dmitry Chastuhin
Every month SAP patches about two dozens of vulnerabilities in its solutions. Some of them are critical and receive so-called "Hot news" or "High priority" rating. However, others are considered not so dangerous. Since patching process on a real SAP landscape is time-consuming and costly, the idea to fix only security issues with high CVSS base score seems rather tempting, but, apparently, completely insecure.
Read more »Posted on March 16, 2016 | Filed under Events
March-04-2016 Talk at RSA, San Francisco “Cybersecurity for Oil and Gas Industries: How Hackers Can Steal Oil” by Alexander PolyakovPosted on March 4, 2016 | Filed under Events
November-19-2015 Talk at CISO Platform Annual Summit, Mumbai “Lessons learnt from recent Cyber-attacks on SAP systems” by Alexander Polyakov
For a long time almost no real attacks on SAP and Oracle ERP systems came to public light, so only a small group of professionals was warned about the threats associated with business applications. It gave CISOs a false sense of security.
Read more »Posted on November 19, 2015 | Filed under Events