SAP Enterprise Threat Detection

Insight

Winterhawk recently asked SAP’s Hussen Raza, GRC, Digital Core & Solution Sales for the UK, for his views on SAP Enterprise Threat Detection (ETD). We posed the question:

“How is Enterprise Threat Detection helping organisations monitor against unauthorised system access and data access in their SAP landscape?”

Hussen’s reply:

“SAP systems generate a lot of log file data – it would be impossible to monitor every single scenario for insiders or hackers performing unauthorised system and data accesses, changes or actions. This is even more difficult to detect when threats emerge from compromised servers or internal user accounts, putting put an organisation’s revenue, intellectual property and customer base at risk. Enterprise Threat Detection uses advanced intelligence to monitor terabytes of anomalous and unusual log file data, user behaviour, system access and server-to-server communication, serving to protect the entire SAP system landscape from cybersecurity threats.”

Why SAP Enterprise Threat Detection?

Because it gives you unmatched insight into suspicious activities in your business application landscape and enables you to identify breaches as they occur.

Protect your connected business systems with reliable cybersecurity monitoring

Identify, analyse, and neutralize real cyberattacks as they are happening and before serious damage occurs. The SAP Enterprise Threat Detection application enables real-time security intelligence (RTSI) to help effectively manage your systems’ vulnerability to external and internal cybersecurity threats and help ensure data loss prevention (DLP).

Insight into suspicious activities

Detect and analyse threats in real time by tapping into the power of the SAP HANA platform to gather and analyse a vast quantity of log data from both SAP and non-SAP software. Then, correlate it to get a complete picture of landscape activities.

Real-time action to neutralize danger and prevent critical damage

Find SAP software-specific threats related to known attacks by using attack detection patterns. Perform forensic threat detection, conduct attack investigations, discover previously unknown attacks or attack variants, and customise the integration of non-SAP systems and infrastructure components through a public API.

Application security

Use SAP Enterprise Threat Detection to protect your SAP software, including SAP Business Suite, SAP S/4HANA, SAP HANA, SAP ERP, SAP Customer Relationship Management (SAP CRM), SAP ERP Human Capital Management (SAP ERP HCM), SAP Supplier Relationship Management (SAP SRM), and SAP Business Warehouse (SAP BW).

Log data management

Consolidation and processing of large amounts of events with the SAP HANA platform to gain SIEM insight at unprecedented speed.

SAP Enterprise Threat Detection exposes internal and external attacks at high speed with a wide breadth of capabilities, including:

• Real-time cybersecurity monitoring
• Detection of internal and external attacks based on application log information in combination with context data
• Gathering of events from a landscape of SAP and non-SAP systems, including attempts that threaten source-code security
• Evaluation of attack detection patterns provided by SAP and developed by customers or partners
• Event analysis that derives profiles of normal behaviour and searches for deviations within these profiles
• Alert warnings that inform you of suspected attacks and enable subsequent analysis and incident management
• Normalisation and pseudonymisation capabilities
• Alerts in case of possible exploitation of unpatched systems
• Integration with the databased and system landscape
• Best practices for detecting cyberattacks on SAP systems