Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

Tweet

ERPScan Security Monitoring
Suite for SAP

Identify, Analyze, Remediate security issues
including vulnerabilities, misconfigurations,
and SOD violations

Why do you need to monitor SAP Security?

Interest in SAP security is growing exponentially and the numerous attacks play a significant role in driving this interest. Take, for example, recent breaches revealed in SAP system of a government contractor USIS.

Most leading analyst firms such as Gartner and IDC agree that traditional solutions can’t help when it comes to securing ERP systems that so often become targets for attacks.

“In-depth assessments of databases and applications such as ERP systems (for example SAP or Oracle), specially, are not widely supported in traditional VA solutions, which focus on devices. - Gartner’s Market Guide for Vulnerability Assessment 2014.

SAP systems and business-critical applications store the most critical corporate data that can at some point be used for espionage, sabotage or fraud purposes.

Unfortunately, because of extreme complexity and the high level of customization these applications are vulnerable to many attacks.

Manual in-depth assessment of an SAP landscape is a very time-consuming process as, for example, there may be more than 10 000 user access control vulnerabilities and configuration issues just in one system.

Numerous general security solutions, from security scanners to SIEM, scarcely protect SAP.

SAP security is a combination of 3 different areas: Vulnerability Management, Source Code Security and Segregation of Duties. Unique expertise is required to manage all of these areas together. Most solutions focused on SAP cover only a narrow set of issues.

How can we help?

This award-winning software is the only certified by SAP SE solution on the market that enables effective Identification, Analysis and Remediation of security issues and helps to protect system against cyber-attacks and internal fraud.

It embraces the three tiers of SAP security: Vulnerability Management, Source Code Security for custom ABAP and JAVA programs, and Segregation of Duties.

ERPScan is specifically designed for enterprise systems to continuously monitor changes that happen in multiple SAP systems. It makes identifying threats an easy process, helps management with smart dashboards, is capable of high-level trend analysis, security data correlation, and more importantly, enables efficient remediation of identified issues.

It allows generating reports in multiple formats and easily integrates with IT GRC, ITSM and SIEM solutions. The tool supports all SAP platforms (ABAP, JAVA, HANA, BOBJ, Mobile) and modules (ERP, CRM, SRM, BI, HCM, industry solutions). The largest organizations from diverse industries like Oil and Gas, Banking, Retail, and even nuclear power installations as well as consulting companies have successfully deployed and used ERPScan. If you are CISO in a large company, whose job is to keep abreast of the current security posture of all the critical systems, or you’re an SAP security expert who is responsible for continuous security monitoring for dozens of servers, ERPScan is a life-saver for you.

What’s your gain from ERPScan Security Monitoring Suite?

With a 360-degree approach to analysis of all SAP Security aspects you can avoid the necessity to perform time-consuming manual analysis.

Upon completion you will be issued a report containing:

  • Mitigate the impact of fraudulent actions by insiders or third party developers and prevent cybercriminal activity
  • Comply with regulations and guidelines such as SOX, NERC CIP, PCI-DSS, ISACA, DSAG, SAP Security guides and accomplish that within hours instead of a month;
  • Save up to 80 % time and resources by automatically identifying 10 000+ misconfigurations and vulnerabilities across all types of SAP Platforms (ABAP, JAVA, HANA, BOBJ, Mobile) and Industry solutions;
  • Keep your audit ready at all times with regular automatic checks following the Big Four auditing recommendations by ERPScan;
  • Reduce efforts with Advanced Risk Correlation and Trend Analysis;
  • Visualize potential attacks on SAP systems and associated risks on global scale;
  • Simplify remediation by automatically generating corrections and virtual patches and integrate them with IDS, SIEM and ITSM systems.

Why ERPScan?

  • Complete. Identify, Analyze and Fix security issues including vulnerabilities, misconfigurations, and SOD violations.
  • Unique. The only award-winning solution to address the SAP and Oracle security protection in 360°.
  • Enterprise. Continuous management of vast landscapes.
  • Detailed. Largest database of 10 000+ security checks.
  • Industry-specific. Specific checks for industry solutions such as Oil and Gas, Retail, Banking, etc.
  • Cloud and SAAS support. Can be implemented as a virtual appliance, in cloud or as SAAS.
  • Nonintrusive. Doesn’t require any agents or modification of SAP or Oracle platforms

Testimonials:

"Via a mutual collaboration with ERPScan, we are helping our and ERPScan’s clients to obtain insight into the security posture of their SAP landscape, and harden their environment.."

PJ Brtnik, Deloitte.

"The ERPScan Security Monitoring Suite implements a unique product design by externally and passively monitoring SAP systems as well as entire landscapes, covering all relevant security aspects (including Segregation of Duties but going far beyond that) of SAP systems from a single security monitoring platform)."

Matthias Reinwarth KuppingerCole

"As Attackers compromise the ever-expanding sections of organizations networks, retain long-term access, and venture deeper into corporate IT Resources, the attacks on ERP Systems are anticipated to Increase."

Anton Chuvakin, Research VP, Gartner

Interested? Request demo now

A partner account manager can help. Contact us today.

Do you want to get latest news by e-mail?
 Yes No

Want to buy?

After filling out the below information, you will be given a letter with instruction.

Do you want to get latest news by e-mail?
 Yes No