The global and independent platform for the SAP community.
The opinion of the SAP community, IT Security Column, MAG 18-04

IT security - on the trail of hackers

Cyber security has continued to grow in importance in recent years. The reason for this is the current threat situation. It is estimated that there are 45 million cyber attacks worldwide per year, or 85 attacks per minute.
Thomas Tiede, IBS
April 5, 2018
Content:
It Security
avatar
This text has been automatically translated from German to English.

Hacking still has something awe-inspiring about it for many people. You have a technically extremely skilled nerd sitting in a dark basement, surrounded by many monitors on which several command line windows are open.

And in practice? The situation there is that a great deal of technical know-how is of course required to penetrate systems from the outside, and the same applies to "hacking" SAP systems. However, most of this is not insider knowledge; it is freely available on the Internet.

Take a few minutes and google "SAP hacking" or "SAP password cracking". You will be surprised about the results and after a few minutes you will know, for example, how passwords can be cracked and which software you can download as freeware for this purpose.

The possibilities for hacking an SAP system are manifold, as are the possible goals pursued with it. This can be data theft, monetary manipulation or the negative influence of business processes.

To monitor security-critical processes in SAP systems and concrete attacks in real time, SAP has developed Enterprise Threat Detection (ETD). The software is optimized for monitoring SAP products including the Hana database.

However, third-party products can also be connected. The SAP ETD is designed as SIEM software (Security Information and Event Management), but can also be used for continuous monitoring as part of the administrative day-to-day business or to forward the alerts to another SIEM software.

The basic principle of SAP ETD is to collect logs from the various systems, analyze them automatically according to predefined criteria, and issue alerts when findings are made.

The logs are transferred from the original system to the SAP ETD in real time, which means that any manipulations to the logs (e.g. deleting them) no longer affect traceability.

A large number of standard analyses, so-called patterns, are already supplied for evaluation. These are automatically analyzed by the SAP ETD when new logs are transferred.

Here, not only individual log entries are evaluated, but complex search patterns that can also be evaluated across multiple logs and systems.

For example, it is possible to monitor whether a new user is created and a logon is performed with him from the same workstation or whether data has been manipulated via debugging. In case of a hit, an alarm can be generated and a message can be triggered to the responsible persons.

This increases system security many times over. Although most companies have strict security concepts, real-time monitoring hardly ever takes place.

Critical operations such as the reading of password hashes or the use of developer rights in production systems are only identified in the course of downstream checks (if at all).

Due to the increasing number of attacks on IT systems, the use of SIEM software is almost mandatory. Until now, the focus has been on operating systems and firewalls in particular.

However, since the truly mission-critical data is stored and processed in the ERP systems, these must be integrated into the monitoring.

When using SAP ERP/S/4 Hana, the SAP ETD is a very efficient way to do this. Thanks to the standard patterns contained in the SAP ETD, the system can be put into production with manageable effort.

For many companies, the option of SAP ETD as a managed service will be of interest, as in this case the system does not have to be operated by the company itself.

avatar
Thomas Tiede, IBS

Thomas Tiede is managing director of IBS Schreiber.


All articles of the author

Write a comment

Success factor holistic process approach

SAP is at an all-time high and pushing into the cloud

Audit risks: Oracle Java usage

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.