What was previously only known as Advanced Persistent Threats (APT) can be found today with average cyber criminals. The threat has been increasing continuously for years, the number of cyber attacks increases unstoppably. Many companies have therefore already defined IT crisis processes. But the one-time examination of the topic of SAP security is not sufficient. In order to provide SAP security in the long term, it is not enough to buy software. IT security is to be understood as a business process that is carefully modeled, controlling metrics, monitoring and continuously optimizing with tools. It is advisable to step by step.

1. Step: Recognize vulnerability

Companies should first determine where they are most vulnerable. With the Mitre Att & Ck Framework you will find out how you are most likely to be attacked. This Knowledge Base lists all known attack techniques on a daily basis and explains how to recognize them and defend possible attacks. It is also important to deal with the threat situation in your own industry. Hackers are often specialized in certain industries and attack techniques. Thanks to a Heatmap that shows which technology is used particularly often, companies can protect their most critical infrastructures, data and systems.

2nd step: know IT infrastructure (learning)

In addition, it is important to define measurable key figures (KPIS) in order to evaluate processes and measures with regard to the aim of the target and to achieve valid results. Some companies then notice that the topic of IT security has so far been incorrectly addressed. Some companies do not know which solutions and systems work their departments with. In order to model a resilient process, companies have to get an overview of their IT landscape. This is the only way to invest in the right staff, the right processes and the right software – with the aim of continuously recognizing weaknesses and any attacks and react adequately.

3rd step: put on security roadmap

To put on a security roadmap requires thorough analysis and planning. First of all, you have to deal with basic questions, such as: Where do we want to go with regard to the safety of our systems and data? Where are we currently? And finally, in which order do we work on which topics to achieve our security goals? The answer to these questions forms the
The basis for a well -founded and targeted security roadmap.

4th step: professionalize monitoring

Companies are well advised to use the support of an external security operation center (SoC). The experts of the corresponding Managed Security Service Providers (MSSP) monitor, for example, in a system for Security Information and Event Management (SiEM), all incoming Alerts and evaluate whether it is security incidents or false. Because your own highly competent security team that meets these requirements can usually only afford large corporations.

Why SAP Security needs a security operations center

In many places, the SOC is the organizational heart of IT Security-it fulfills a central role in securing SAP systems. But SAP security is a portfolio element that lacks most MSSPs. It is all the more important not to take the appropriate SoC lightly. The experts in the SOC integrate the required security tools into the IT infrastructure of a company and link the sensors of security solutions with the relevant SAP systems. The experts in the SOC are able to monitor the company-specific IT landscape-in ​​order to protect systems, end devices and data in the best possible way in addition to the SAP infrastructure.

In addition to the analysis, the core tasks of a SoC also include the needs -based response to Alerts. However, not every alarm means an attack: there is a considerable number of false positive. The task of the security experts in the SoC is to analyze which alerts it is real security incidents. In addition, the experts have to decide in the event of an attack whether pre-hoc measures defined in advance are useful or whether an individual reaction is required. Depending on the situation, different measures are required.

Conclusion

SAP Security is an ongoing process that requires a structured procedure and professional support. Cooperation with a competent SoC is invaluable when it comes to effectively protecting both the SAP infrastructure and the entire IT landscape of a company. That is why it is worth choosing a service provider who offers the expertise, experience and tailor -made solutions that are necessary to survive in today’s threat landscape.

White paper for SAP security

Read in a white paper from Arvato Systems: “SAP Security. From A for architecture to Z for Zero Trust ”. It is available for download.



Istaka Karya Membangun Negeri

Building SafetyCommercial ConstructionConstruction InnovationConstruction PlanningConstruction ProjectsConstruction TechnologyConstruction TipsCost ManagementDesign-BuildEco-Friendly ConstructionGeneral ContractingGreen Building MaterialsIndustrial ConstructionInfrastructure DevelopmentPrefabricationProject ManagementQuality ControlRenovation and RemodelingResidential ConstructionSustainable Building
By Leave a Comment on SAP security in practice

Leave a Reply

Your email address will not be published. Required fields are marked *