Newsflash: +++ Hackers Stole Over 6.42 Million SHEIN Customers' Data +++ SAP Customer British Airways hacked: Hackers steal financial data in BA website attack +++ The same hacker group who breached Ticketmasters were behind the British Airways attack, using DIGITAL SKIMMING +++

Milky Blog

know what’s going on out there about SAP®

  • Blog
  • Read Our Rules

Why does detection of a data breach takes so long?

By Michael Kemmer  -  November 30, 2018

A question to all organizations, especially the ones running enterprise applications such as SAP®   the BBC recently reported a 'malicious' data breach at British Airways

Read More

SAP security @agileSI - we run a 99,86% chance that less than 0,019 hackers are in our systems ....

By Hendrik Jansen  -  November 22, 2018

The weakest link in SAP security (and cybersecurity).

Read More

SAP® security @agileSI - why cybersecurity awareness programms fail

By Hendrik Jansen  -  November 19, 2018

Some reasons why cyber-security awareness programmes fail - and SAP® security also

Read More

The CISO's role is changing for a few reasons

By Hendrik Jansen  -  November 12, 2018

Read More

SAP® Security nowadays ....

By Michael Kemmer  -  November 9, 2018

"Offensive Security" is a current buzzword. It refers to the new hacker attack vectors, the latest ideas from semi-legal or illegal hacker forums. New attack vectors proverbial brainstorm among themselves and use their attacks against SAP® system landscapes.   These attacks are off the beaten track. Not the classic systems, which are usually integrated into a SIEM strategy, are in focus, but the constantly increasing attack surfaces or its interfaces within the SAP® system landscape represent the new points of attack. These integrations and transfer points, the so-called "edges" are a necessary accompaniment to the advancing digitization in the age of Industry 4.0. „Edges“ can be the transitions from one level to the other or the jump from one single sign-on instance to the next, the change from cloud to premise and vice versa, from the DMZ to the inner layers and from the front-end systems to the database systems.   These levels and segments are complex and overwhelm the current SAP®security tools! As a security officer, how can you position yourself in the ever-increasing threat level in order to protect the SAP® system landscape against these new threats? From our point of view, a 360 ° approach regarding real-time monitoring is essential! This is usually realized by implementing a SIEM strategy. Typically, endpoints such as notebooks or mobile phones are integrated as well as networks, servers and databases, software applications and of course the traditional security solutions such as identity and access solutions. The mission critical application, the SAP® system, is not integrated or insufficiently automated in the SIEM strategy.   Why? Is an SAP® system really safe just because it received an auditor's certificate? In one of our previous blog posts (click here), we pointed out that the average time to find a breach is around 300 days. Heretically, one could almost say that there are two groups of SAP® system landscapes: those who have already become victims of an attack and those who have not noticed! So what is needed is a connection between the SAP® system and this SIEM strategy?   agileSI™ starts right here! agileSI™ is a bridging technology that combines SAP® and SIEM. With agileSI™, SAP® Security becomes a central component of IT security within SIEM.   agileSI™ is based on a three-level architecture model with a collection, administration and analysis level (SIEM). The analysis of the data is done with the agileSI™ Content Package for SIEM. It includes an enhanced Security Analytics Pack that provides categorization of events and a large set of predefined SAP®-specific event correlations for different security domains.   It also handles criticality assessment, visualization and notification, and provides alerting rules and reporting. The added value is an SAP®-specific Security Intelligence Package for SIEM. The product approach does not rely on another isolated solution, but follows the holistic strategy of establishing SIEM at a key point in the enterprise: in SOC, based on planned nextgeneration SIEM & Log Management solutions.   agileSI™ fully integrates SAP® compliance and security information into central SIEM monitoring. The solution continuously monitors security-relevant events as well as critical SAP® system parameters. The extracted data (from agileSI™ SAP® Security extractors) from the entire SAP® environment are correlated and visualized in easily interpretable dashboards. At the same time, these are prepared for registration and, depending on their priority, in the form of an agileSI™ alert to the SIEM or / and to a ticket system. agileSI™ extends the SIEM products with SAP® Security Intelligence, providing a new evolutionary step for SAP® security monitoring. We safely enable your business!  

Read More

3 trends we see - stay tuned for more

By Hendrik Jansen  -  November 5, 2018

Read More

What CFO's can do against CyberCrime

By Hendrik Jansen  -  October 29, 2018

“Twenty percent of CFOs know their firms have been hacked.

Read More

Cybersecurity risk and SAP Fiori apps.

By Hendrik Jansen  -  October 25, 2018

The cybersecurity risk with SAP Fiori? More and more businesses are embarking on what the industry calls "the digital transformation." Most companies are forced to think and look for better, faster, farther reaching digital business models, driving the digital efficiencies into the workforce, partners and supply-chains. Employees are more and more enabled to access SAP on the fly via smartphones, tablets, and apps. That begs the question of how you can protect your systems from content-based cyber-attacks through these new technologies like SAP Fiori? Change is a constant, but the rate of change is ever increasing. People start to work they live, especially the millennial generation have simply no other reference point. The lines between work-private are overlapping more and more. The morning Starbuck visit or train commute includes submitting PO's on smartphones, checking Twitter, approving some workflow request, look at the latest BI dashboard, and you are not even in the office yet. SAP Fiori has positioned itself in this new environment with a better (easier) user experience app powered by SAP HANA. Technically SAP Fiori is designed to allow all on-the-fly access to all kinds of SAP systems. This is very powerful and from a user perspective very effective and convenient. But clouds do have a silver lining. With these new technologies, the connectivity and interoperability increases, and that imposes a few challenges you must be aware of (plus of course how you can deal with them) SAP Fiori is designed to bring "the app" to the user, on his device, where the challenge is device security. Think about VPN's, endpoint protection, virus scanning, etc. Devices are more often lost and stolen then traditional computing equipment. Encrypted data storage on devices is not a luxury. The app (through Fiori) coming via public, unprotected wi-fi provides a risk to network security. Man in the middle attacks are getting more common. Apps (in general) have a tendency to share more data than is actually needed but permitted because you clicked OK. And these type of apps doesn't stop at logging their own app usage, clicks, visits, photo's, files, etc. The all of a sudden increased attack surface must be mitigated to prevent real negative financial, reputational and penal damages. There are multiple types of attacks that cybercriminals can use to penetrate SAP’s defenses. One of the ways is MIME-type filter evasion. SAP and MIME When a user uses an SAP Fiori app to upload a file to a backend SAP system, the extension of the data is reflecting the file itself. So a pdf extension indicates a PDF file. And a .docx extension indicates a Microsoft Word file. So far we understand, no problem. But what if that file extension is actually an executable? Hidden and masked malicious files start entering the backend SAP Systems through these changed files (extensions). Many (far too many) companies do not even THINK about such scenario's, or have the skills and manpower to even start thinking about such very critical yet real possibilities. We do, and the simple reason is: so you don't have to. You need to concentrate on enabling your business. Our job is to enable your business SAFELY. Picture ©: GettyImages-861122838-metamorworks

Read More

The CFO's relation to CyberSecurity

By Hendrik Jansen  -  October 23, 2018

Read More

Insurance companies - be aware

By Hendrik Jansen  -  October 17, 2018


Read More

Enroll and receive updates!

Popular posts

We take privacy seriously! This is what happens to your data:

  • Data from forms and website-tracking can be saved for analysis.
  • Data can be evaluated for optimizing the website. This enables us to better understand what our visitors are interested in. We primarily use Hubspot for this tracking. You can find more information on this in our privacy policy linked at the bottom.
  • We do not share your data with third parties. In the context of events in which you want to participate it might be necessary to submit your data to contractors.
  • You have the right to have your personal data corrected, deleted or transfered to you at any time.
  • You can withdraw your consent to any sort of communication with us at any time.

More details about what we do and don't do with your personal data can be found in our privacy policy, or you can directly contact me by e-mail!

Felix Möckel
Data Protection Officer