SAP Security Solution
SAP was introduced at the company in 1995. Today, the majority of the 2000 employees work in an SAP environment, mainly with the classic FI, CI, MM, SD and PP modules. An S/4 Hana transformation project is underway, but the company is currently still working with an SAP ECC system.
100 years of expertise: The Westfalen Group is active in the fields of technical gases, cooling and heating, filling stations and mobility as well as respiratory home therapy. With its products and services, the company is increasingly offering solutions that help customers to become more sustainable. Hydrogen as an energy source is playing a particularly important role in more and more areas. Founded in Münster in 1923, the family-owned company is now represented by numerous subsidiaries and associated companies at over 20 production sites in Germany, the Netherlands, Belgium, France, Switzerland and Austria.
In 2021, the company was hit by a ransomware attack in which all IT systems in its own data center were encrypted. The SAP system was not affected as it had been running on the servers of an outsourcing service provider for some time. However, the attack was enough of a wake-up call: what would happen if SAP data was also encrypted in this way one day?
“You need SAP knowledge to distinguish whether it is a vulnerability or a false positive.“
Andreas Eckey,
Information Security Officer, Westfalen Group
To rule this out with certainty, the company decided to work with Werth IT and use the WerthAuditor. The outsourcing service provider commissioned by the Westfalen Group had already taken standard security precautions, which were thus expanded to include the SAP security solution. "Thomas Werth's special expertise in SAP security was recommended to us by the IT security company that helped us rebuild after the ransomware attack," explains Andreas Eckey, Information Security Officer at the Westfalen Group.
The collaboration began with a penetration test on the SAP system.
A number of valuable measures were derived from this, which the Westfalen Group team immediately implemented. For example, there was a need to optimize some parameters in the system in order to eliminate possible weak points. They were changed immediately after the pen test. The IT department also hardened the existing password guidelines on the basis of the test results.
However, the Westfalen Group's IT security did not want to stop at this one-off measure. New vulnerabilities also regularly emerged in the SAP environment that needed to be addressed. At the beginning of 2022, the decision was made to purchase and use the WerthAuditor independently. Since then, the company's SAP Basis IT team has been using it permanently.
Notes and recommendations
The Auditor is basically easy to use, even for non-expert security specialists. Nevertheless, there are tricks and subtleties that require regular communication with the manufacturer. Andreas Eckey: "The support from Werth IT is excellent. We receive proactive advice on updates and recommendations for certain system settings, so that the issues don't even become acute for us."
There are short monthly coordination calls on the results of the WerthAuditor. The new dashboard, which provides the Westfalen Group's IT department with a clear and simple overview of the weak points identified and the measures to be derived from them, helps with this. After all, the SAP system in the company is alive; new processes are constantly being established or existing ones changed.
Overview and fast response
The dashboard is a real help when it comes to transparency. "Of course, you also need SAP knowledge to differentiate between a real vulnerability and a false positive," says Andreas Eckey. "What the dashboard gives us in practice is a real-time overview of possible vulnerabilities. This applies to parameters, authorizations, etc., from the database to the core of the system. We can therefore react immediately."
To this end, the Westfalen Group has established a process for importing SAP hot fixes into the system. Andreas Eckey emphasizes: "It makes things much easier if we don't have to manually gather information as we did before. We can assess more quickly what is really relevant and what we need to import hot fixes for. The WerthAuditor automatically identifies incidents and displays them in the dashboard, including the measures to be derived from them."
This enables SAP user companies such as the Westfalen Group to permanently strengthen their protective walls, which is extremely important, especially in times of increasing cyber threats. Andreas Eckey emphasizes: "What is in SAP is our crown jewel - nothing can be allowed to happen to it. With WerthAuditor, we have excellent prospects for the future of our SAP security."
