The global and independent platform for the SAP community.
IT Security Column, Mag 23-07

SAP and OT Security: Hacker Defense Tricks

Cyberattacks on SAP systems and operational technology (OT) can have devastating consequences for companies: from delays in operations to the shutdown of all processes. The following tricks help to ward off hackers.
Andreas Nolte, Arvato Systems GmbH
August 2, 2023
Content:
it security header
avatar
This text has been automatically translated from German to English.

Tip 1: Taking a holistic view of SAP and OT security. To effectively secure their own business, companies must understand SAP and OT security as a business process that involves all relevant departments. This is the only way to develop strategies and derive suitable practical measures from them - such as the use of the appropriate security technology. If cybersecurity is understood as a critical business process, its course must be carefully modeled, controlled with metrics, monitored with tools, and continuously optimized. 

Tip 2: Involve management, IT and production. Understanding OT and SAP security in a process-oriented way means that all relevant teams enter into a dialog. This applies above all to management, IT and production, including the blue collar workers. After all, they know exactly how a possible shutdown of machine A will affect production line B. Management, on the other hand, sometimes lacks a precise idea of how important SAP and OT security are for smooth business operations. The IT department can help to convey this understanding and promote dialog.

Tip 3: Monitoring systems across the board with new methods. SAP and OT security also require powerful security solutions and modern, cross-system detection instead of the previous network analysis. Two new methods have been established for processing sensory data from different sources. An Endpoint Detection and Response (EDR) tool can be used to record events, such as the opening of a file or an established network connection, on end devices such as PCs, notebooks, tablets and smartphones. Extended Detection and Response (XDR) also allows data to be automatically captured and linked across multiple attack vectors - whether emails, identities, servers, cloud workloads or networks.

Tip 4: Deploy reliable platform solutions. The solutions of the established hyperscalers have proven themselves as platforms. Microsoft, in particular, offers a comprehensive security product range with a large number of prefabricated components that can be easily put into operation and configured for individual company purposes as needed: from protecting users and securing various operating scenarios to special use cases such as OT and SAP security. What's more, such platforms are more efficient to integrate than standalone solutions.

Tip 5: Automated, intelligent defense. Managed detection and response services from a specialized Cyber Security Defense Center (CSDC) are recommended, at the heart of which is Microsoft Threat Monitoring for SAP. Data from complex SAP landscapes can be consolidated via a sensor so that it is available for further processing in the cloud-native SIEM system Microsoft Sentinel. When connected to various SAP log sources, the sensor captures all data flowing into Sentinel via an API. If the tool detects a threat, it generates corresponding alerts. Standardized rules form the basis for (partially) automated SOAR (Security Orchestration, Automation and Response) processes: When an alert is received, the recorded event data is analyzed and predefined measures are started.

Conclusion

In order not to give hackers a chance, companies must be better armed. This can only succeed if they internalize the practical relevance of their IT and OT, derive concrete protection goals from this and take measures such as implementing a modern, high-performance security solution. More information on this topic can be found in the white paper "Cyber Security - Shaping the digital transformation securely".

https://e3mag.com/partners/arvato-systems-gmbh/

avatar
Andreas Nolte, Arvato Systems GmbH

Andreas Nolte is Head of Cyber Security at Arvato Systems GmbH


All articles of the author

Write a comment

The Hackett Group has recognized Esker in the area of C2C Receivables

Rackspace Technology launches UK Sovereign Services

August-Wilhelm Scheer Institute and BAD Gesundheitsvorsorge und Sicherheitstechnik: The future of healthcare

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.