Onapsis Presents Two Talks at SAP GRC 2015

Share Article

SOD and cybersecurity top strategies for protecting SAP application layer


Despite growing awareness of large-scale cyber attacks, SAP cybersecurity is simply falling through the cracks at most companies.

Onapsis, the global experts in business-critical application security and SAP cybersecurity solutions, today announced Chief Technology Officer Juan Pablo Perez-Etchegoyen will deliver two presentations at SAP GRC 2015 located in Nice, France, June 16-18, 2015. As concern grows about the frequency and criticality of SAP vulnerabilities and the threat to critical business infrastructure, organizations are seeking strategies and solutions to further harden their systems against attacks. Perez-Etchegoyen’s talks will provide attendees with actionable ways to improve security in their SAP systems.

SAP is run by over 250,000 businesses worldwide, including 87 percent of Global 2000 companies and 98 percent of the 100 most valued brands. Despite housing an organization’s most valuable and sensitive information, SAP systems are not protected from cyber threats by traditional security approaches.

“Despite growing awareness of large-scale cyber attacks, SAP cybersecurity is simply falling through the cracks at most companies. With nearly 400 security patches released by SAP in 2014 alone, organizations are challenged to keep systems up to date with routine procedures, let alone applying higher level strategies to protect against more complex attacks,” said Perez-Etchegoyen. “Understanding the most likely types of attack vectors is essential to applying the right strategies and tactics to mitigate risk.”

Perez-Etchegoyen will present the following sessions at SAP GRC 2015:

“Auditing the security of an SAP HANA implementation”
Wednesday, 17 June, 2015
16:45 - 18:00
Risso 7B

This session will help attendees to understand some of the most common security threats that can affect SAP HANA implementations, including live demonstrations of potential attacks on insecure platforms. Attendees will:

  • Learn how to perform security audits and vulnerability assessments of SAP HANA environments, identifying critical security gaps and remediation information
  • Walk through an SAP HANA security audit cheat sheet which details several controls on how to ensure a platform is running securely and compliant
  • Gain a clear understanding of the potential business impact of a security breach on an insecure SAP HANA system

Attendees will also take home a list with the top 10 security controls necessary to monitor whether an SAP HANA platform is deployed securely.

“Preventing cyber-attacks: New controls to detect hackers, espionage, sabotage, and fraud”
Thursday, 18 June, 2015
14:45 - 16:00
Gallieni 2

Attendees to this session will explore new ways to mitigate common risks and vulnerabilities in the system landscape, and help prevent unauthorized access to business-critical information. Participants will learn how to:

  • Protect the SAP application layer responsible for critical tasks like authentication, authorization, encryption, interfacing, and audit logging
  • Prevent unsafe configurations of technical parameters (ABAP and Java) and detect insecure interfaces between SAP components
  • Identify missing SAP security patches and scalable solutions that have SAP-certified integration and will protect business systems from financial fraud, sabotage, and espionage attacks

Participants will come away with insight into why segregation of duties (SoD), while important, may not be enough to protect SAP systems from risk.

For more information about Onapsis events please see http://www.onapsis.com/news-and-events/events

About Onapsis
Onapsis provides the most comprehensive solutions for securing business-critical applications. As the leading experts in SAP cyber-security, Onapsis’ enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps targeting their enterprise applications.
Headquartered in Boston, MA., Onapsis serves over 160 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis’ context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating SAP applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP systems. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA and SAP Mobile deployments.

For more information, please visit http://www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Leslie Kesselring
Kesselring Communications
+1 503-358-1012
Email >
Follow >