SAP applications are deployed by over 440,000 organizations across 180 countries. Although the benefits of adopting SAP enterprise software solutions are enormous, organizations struggle to safeguard their SAP infrastructure from cyberattacks. Often, numerous applications and networks are connected to SAP systems, which makes the ecosystem extremely complex to manage and creates a wide attack surface. Furthermore, applications need to be continually updated to remove software vulnerabilities. Unfortunately, administrators often hesitate to implement required patches to avoid interrupting the availability or integrity of SAP systems. This creates security gaps, including unpatched program errors that could lead attackers to execute malicious code, perform cross-site scripting attacks that redirect users to malicious sites, or SQL injection attacks that target dynamic database queries.
This highlights the need for a solution provider such as Layer Seven Security, which holds extensive experience in providing cybersecurity solutions for cloud and on-premise SAP applications, including S/4HANA and HANA platforms. Layer Seven Security is the SAP partner behind the award-winning Cybersecurity Extension for SAP Solution Manager. “Within SAP application landscapes, SAP Solution Manager includes tools to monitor and support enterprise SAP solutions. The extension uses the monitoring and diagnostics infrastructure of Solution Manager to automate security monitoring including vulnerability management, threat detection, and incident response,” says Ian Thomson, COO at Layer Seven Security. As such, SAP customers do not need to add additional platforms, hardware and the associated complexity to secure their SAP landscapes. The extension also reviews custom programs to assess the quality of internally developed or third-party delivered ABAP code. This supports code vulnerability detection including hardcoded users, missing or broken authorization checks, directory traversal, and code injection.
SAP systems were largely back-office systems that were only accessible from internal corporate networks, protected by perimeter firewalls. This has changed due to the need for interoperability and connected infrastructure. The pandemic has further complicated the situation by impelling businesses to enable their workforce to remotely access SAP systems.
“It is more important today than ever to proactively identify and remove security weaknesses that expose SAP systems to attack, as well as regularly patch SAP applications, and detect and respond to anomalies and incidents captured in SAP logs.” Thomson explains. “We provide clients with the technology that enables them to automate their vulnerability management, perform daily security scans to identify security weaknesses, give them recommendations to fix issues and harden their systems, and better identify and implement the necessary patches.”
We enable our clients to protect theirbusiness-critical SAP systemsfrom cyber attackthrough automated vulnerability management, patch management, threat detection and incident response
Layer Seven Security is a notch above the rest due to its holistic approach to SAP security. SAP systems consist of multiple layers including a program layer, an OS layer, a database layer, and finally, the application layer. The Cybersecurity Extension for SAP Solution Manager is the only solution that secures all layers within SAP systems. “Unlike generic vulnerability management tools, our solution enables businesses to comprehensively detect vulnerabilities in SAP applications and supporting infrastructure. Going the extra mile, our solution also automates compliance gap assessments for clients against compliance frameworks, including NIST, GDPR, and PCI DSS,” Thomson prides.
With such a robust offering, Layer Seven Security today supports an abundance of businesses to secure their SAP ecosystems and enable them to effectively manage threats to their business-critical applications. Indivior, a large pharmaceutical company based out of the US and UK was planning to migrate SAP infrastructure to the cloud. To support the migration and protect cloud-based SAP systems, Indivior deployed Layer Seven’s Cybersecurity Extension for SAP Solution Manager. “For more than three years, they are using our solution to perform automated scans for their systems, identify and remove vulnerabilities, and ensure that their SAP systems that are running on the cloud are kept secure,” Thomson states.
Layer Seven Security is a renowned innovator and committed to continuous product improvement. The company introduced several new capabilities in 2020, including anomaly detection based on machine learning, and support for OS monitoring. In 2021, the company will be rolling out support for cloud platforms including Success Factors. Long-term, Layer Seven Security plans to provide security managed services using IBM Cloud infrastructure.