The global and independent platform for the SAP community.

SAP Security Solution

A ransomware attack on the IT infrastructure prompted the internationally active family business to purchase an explicit SAP security solution.
E3 Magazine
January 12, 2024
This text has been automatically translated from German to English.

SAP was introduced at the company in 1995. Today, the majority of the 2000 employees work in an SAP environment, mainly with the classic FI, CI, MM, SD and PP modules. An S/4 Hana transformation project is underway, but the company is currently still working with an SAP ECC system. 

100 years of expertise: The Westfalen Group is active in the fields of technical gases, cooling and heating, filling stations and mobility as well as respiratory home therapy. With its products and services, the company is increasingly offering solutions that help customers to become more sustainable. Hydrogen as an energy source is playing a particularly important role in more and more areas. Founded in Münster in 1923, the family-owned company is now represented by numerous subsidiaries and associated companies at over 20 production sites in Germany, the Netherlands, Belgium, France, Switzerland and Austria.

In 2021, the company was hit by a ransomware attack in which all IT systems in its own data center were encrypted. The SAP system was not affected as it had been running on the servers of an outsourcing service provider for some time. However, the attack was enough of a wake-up call: what would happen if SAP data was also encrypted in this way one day? 

You need SAP knowledge to distinguish whether it is a vulnerability or a false positive.

Andreas Eckey,
Information Security Officer, Westfalen Group

To rule this out with certainty, the company decided to work with Werth IT and use the WerthAuditor. The outsourcing service provider commissioned by the Westfalen Group had already taken standard security precautions, which were thus expanded to include the SAP security solution. "Thomas Werth's special expertise in SAP security was recommended to us by the IT security company that helped us rebuild after the ransomware attack," explains Andreas Eckey, Information Security Officer at the Westfalen Group.

The collaboration began with a penetration test on the SAP system.
A number of valuable measures were derived from this, which the Westfalen Group team immediately implemented. For example, there was a need to optimize some parameters in the system in order to eliminate possible weak points. They were changed immediately after the pen test. The IT department also hardened the existing password guidelines on the basis of the test results. 

However, the Westfalen Group's IT security did not want to stop at this one-off measure. New vulnerabilities also regularly emerged in the SAP environment that needed to be addressed. At the beginning of 2022, the decision was made to purchase and use the WerthAuditor independently. Since then, the company's SAP Basis IT team has been using it permanently.

Notes and recommendations

The Auditor is basically easy to use, even for non-expert security specialists. Nevertheless, there are tricks and subtleties that require regular communication with the manufacturer. Andreas Eckey: "The support from Werth IT is excellent. We receive proactive advice on updates and recommendations for certain system settings, so that the issues don't even become acute for us."

There are short monthly coordination calls on the results of the WerthAuditor. The new dashboard, which provides the Westfalen Group's IT department with a clear and simple overview of the weak points identified and the measures to be derived from them, helps with this. After all, the SAP system in the company is alive; new processes are constantly being established or existing ones changed.

Overview and fast response

The dashboard is a real help when it comes to transparency. "Of course, you also need SAP knowledge to differentiate between a real vulnerability and a false positive," says Andreas Eckey. "What the dashboard gives us in practice is a real-time overview of possible vulnerabilities. This applies to parameters, authorizations, etc., from the database to the core of the system. We can therefore react immediately." 

To this end, the Westfalen Group has established a process for importing SAP hot fixes into the system. Andreas Eckey emphasizes: "It makes things much easier if we don't have to manually gather information as we did before. We can assess more quickly what is really relevant and what we need to import hot fixes for. The WerthAuditor automatically identifies incidents and displays them in the dashboard, including the measures to be derived from them."

This enables SAP user companies such as the Westfalen Group to permanently strengthen their protective walls, which is extremely important, especially in times of increasing cyber threats. Andreas Eckey emphasizes: "What is in SAP is our crown jewel - nothing can be allowed to happen to it. With WerthAuditor, we have excellent prospects for the future of our SAP security."

Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024


Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular Ticket:

€ 590 excl. VAT


Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024


Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.