Palo Alto, CA – May1, 2017 – EAS-SEC, a non-profit organization focused on enterprise application security, with the support of ERPScan, a leading provider of business application security products and services, released the first-ever comprehensive SAP Cybersecurity Framework, which combines predictive, preventive, detective and response measures.
Nowadays, we are witnessing the growing number of attacks against ERP systems with several notorious incidents covered by the media. Moreover, security experts predict that the number of such attacks will increase in next 12 months. This fact calls for change in approach to the security, a cutting-edge one should balance traditional defensive (namely, access controls and Segregation of Duties) mechanisms and proactive measures. Besides, SAP security should be seamlessly joined into the whole enterprise security process.
The Framework consists of 20 categories, each describes specific protection processes, like asset management, incident management, or threat intelligence. All of them are in line with industry recognized frameworks and approaches from NIST, SANS, ISO, CIS, but reflects the specifics of ERP systems.
SAP Cybersecurity Framework is a logical extension of our previous work of promoting measures towards a secure SAP implementation. While the first document The SAP NetWeaver ABAP Platform Vulnerability Assessment Guide (released in 2014) is a set of technical controls to securely configure an SAP system, the new one is more high-level and outlines the most important steps in terms of where-to-start issues at the organization level, involving areas ranging from Vulnerability Management to Governance and cooperation between departments. The document was carried out jointly with CISOs of big enterprises and consultants with deep experience in ERP security.
– added Alexander Polyakov, President of EAS-SEC.
SAP Cybersecurity Framework implements Gartner’s approach to adaptive security architecture in the area of ERP security. Namely, it defines 4 categories for SAP protection processes: predictive, preventive, detective and responsive. For each area, SAP Cybersecurity Framework provides you with a three-step graded roadmap towards the realization, where:
- The first step is a required minimum.
- The second one provides you with a sufficient level of security.
- The latter includes all the advanced measures to adjust your security posture to the most advanced security technologies.
Security managers have to solve the problem of disintegrated actions and build the strategic options and environment to ensure the security of business applications. Another challenge is that SAP security should be integrated into the whole enterprise security process to ensure comprehensive protection. The main objective of EAS-SEC SAP Cybersecurity Framework is to solve this issue.
– commented Michael Rakutko, Head of Professional Services at ERPScan.
Download the EAS-SEC SAP Security Framework to set up a solid ERP cybersecurity foundation within your organization.
ERPScan is the most respected and credible Business Application Cybersecurity provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, Retail, and other organizations to secure their mission-critical processes. Named an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 40+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their solutions.
ERPScan’s primary mission is to close the gap between technical and business security and provide solutions for CISOs to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyberattacks and internal fraud. Our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to monitor and manage security of vast SAP and Oracle landscapes on a global scale.
We function in two hubs, located in Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries.