"Offensive Security" is a current buzzword. It refers to the new hacker attack vectors, the latest ideas from semi-legal or illegal hacker forums. New attack vectors proverbial brainstorm among themselves and use their attacks against SAP® system landscapes.
These attacks are off the beaten track. Not the classic systems, which are usually integrated into a SIEM strategy, are in focus, but the constantly increasing attack surfaces or its interfaces within the SAP® system landscape represent the new points of attack. These integrations and transfer points, the so-called "edges" are a necessary accompaniment to the advancing digitization in the age of Industry 4.0. „Edges“ can be the transitions from one level to the other or the jump from one single sign-on instance to the next, the change from cloud to premise and vice versa, from the DMZ to the inner layers and from the front-end systems to the database systems.
These levels and segments are complex and overwhelm the current SAP®security tools! As a security officer, how can you position yourself in the ever-increasing threat level in order to protect the SAP® system landscape against these new threats?
From our point of view, a 360 ° approach regarding real-time monitoring is essential! This is usually realized by implementing a SIEM strategy. Typically, endpoints such as notebooks or mobile phones are integrated as well as networks, servers and databases, software applications and of course the traditional security solutions such as identity and access solutions. The mission critical application, the SAP® system, is not integrated or insufficiently automated in the SIEM strategy.
Why? Is an SAP® system really safe just because it received an auditor's certificate? In one of our previous blog posts (click here), we pointed out that the average time to find a breach is around 300 days. Heretically, one could almost say that there are two groups of SAP® system landscapes: those who have already become victims of an attack and those who have not noticed! So what is needed is a connection between the SAP® system and this SIEM strategy?
agileSI™ starts right here!
agileSI™ is a bridging technology that combines SAP® and SIEM. With agileSI™, SAP® Security becomes a central component of IT security within SIEM.
agileSI™ is based on a three-level architecture model with a collection, administration and analysis level (SIEM). The analysis of the data is done with the agileSI™ Content Package for SIEM. It includes an enhanced Security Analytics Pack that provides categorization of events and a large set of predefined SAP®-specific event correlations for different security domains.
It also handles criticality assessment, visualization and notification, and provides alerting rules and reporting. The added value is an SAP®-specific Security Intelligence Package for SIEM.
The product approach does not rely on another isolated solution, but follows the holistic strategy of establishing SIEM at a key point in the enterprise: in SOC, based on planned nextgeneration SIEM & Log Management solutions.
agileSI™ fully integrates SAP® compliance and security information into central SIEM monitoring. The solution continuously monitors security-relevant events as well as critical SAP® system parameters. The extracted data (from agileSI™ SAP® Security extractors) from the entire SAP® environment are correlated and visualized in easily interpretable dashboards. At the same time, these are prepared for registration and, depending on their priority, in the form of an agileSI™ alert to the SIEM or / and to a ticket system.
agileSI™ extends the SIEM products with SAP® Security Intelligence, providing a new evolutionary step for SAP® security monitoring.
We safely enable your business!