Bh Eu 12 DiCroce CyberAttacks to SAP Systems WP

8/13/2019 Bh Eu 12 DiCroce CyberAttacks to SAP Systems WP

1/19

CYBER-ATTACKS &SAP SYSTEMS

Is our business-critical infrastructure exposed?

by Mariano [email protected]

Black Hat Europe 2012 Briefings

Abstract

Global Fortune 1000 companies, large governmental organizationsand defense entities have something in common: they rely on SAP

platforms to run their businesscritical processes and information! "nthis scenario, cybercriminals loo#ing to perform espionage, sabotage

or financial fraud attac#s #no$ that these systems are #eeping thebusiness cro$n %e$els!

&ut, ho$ difficult is for them to brea# into an SAP system today' Are$e properly protecting the business information or are $e e(posed'

Five years ago, $e $ere invited to hold the first public presentationon real$orld cyberthreats to SAP systems at &lac#)at *urope +00!Since then, $e have performed specialized Penetration -ests againstthe SAP platforms of several of the largest organizations of the $orld,

enabling us to get an educated ans$er to those .uestions!

-his $hitepaper analyzes ho$ the /SAP security concept has

evolved over the last years and $hether organizations are stayingahead of the real$orld threats affecting their SAP platforms!


2/19

Copyright 2012 Onapsis, Inc. - ll rights reser!e".

#o portion of this "ocu$ent $ay %e repro"uce" in &hole or in part &ithout the prior &ritten per$ission of

Onapsis, Inc.

Onapsis offers no specific guarantee regar"ing the accuracy or co$pleteness of the infor$ation presente",%ut the professional staff of Onapsis $akes e!ery reasona%le effort to present the $ost relia%le infor$ationa!aila%le to it an" to $eet or e'cee" any applica%le in"ustry stan"ar"s.

(his pu%lication contains references to the pro"ucts of )* +. )*, , 'pps, 'pp, )* #et/ea!er,uet, *artnerE"ge, Byesign, )* Business Byesign, an" other )* pro"ucts an" ser!ices $entione"herein are tra"e$arks or registere" tra"e$arks of )* + in +er$any an" in se!eral other countries allo!er the &orl".

Business O%ects an" the Business O%ects logo, BusinessO%ects, Crystal eports, Crystal ecisions, /e%Intelligence, celsius an" other Business O%ects pro"ucts an" ser!ices $entione" herein are tra"e$arks or

registere" tra"e$arks of Business O%ects in the 3nite" )tates an"or other countries.

)* + is neither the author nor the pu%lisher of this pu%lication an" is not responsi%le for its content, an")* +roup shall not %e lia%le for errors or o$issions &ith respect to the $aterials.


3/19

TABLE OF CONTENTS

1. Introduction........................................................................................................................42. A Dangerous Status-quo....................................................................................................5

2.1. What SAP security used to be i!e years ago..........................................................52.2. "he orgotten #ayer......................................................................................................52.$. A dierent %higher& ris' (roi#e.....................................................................................)2.4. A rising threat..............................................................................................................)

$. SAP Syste*s on the Internet.............................................................................................+$.1. Pub#ic inor*ation in search engines..........................................................................+$.2. ,eyond SAP Web a((#ications...................................................................................

4. "he Insider "hreat............................................................................................................15. /ro* the "renches0 "he urrent Security e!e# o SAP I*(#e*entations......................11). "he "3P-11 !u#nerabi#ities aecting the SAP Inrastructure...........................................12

).1. ,I "-10 6u#nerab#e Sot7are in 8se............................................................12).2. ,I "-20 Standard 8sers 7ith Deau#t Pass7ords........................................12).$. ,I "-$0 8nsecured SAP 9ate7ay...............................................................12).4. ,I "-40 8nsecured SAP:3rac#e authentication...........................................1$).5. ,I "-50 Insecure ;/ interaces.................................................................1$).). ,I "-)0 Insuicient Security Audit ogging.................................................1$).et7or' n!iron*ent....................................................14).11. ,I "-110 8nencry(ted o**unications......................................................15


4/19

Cyber-Attacks & SAP Systems&lac# )at *urope +01+ &riefings

1. INTRODUCTION9#oba# /ortune-1 co*(anies@ #arge go!ern*enta# entities and deenseagencies ha!e so*ething in co**on0 *ost o the* re#y on SAP syste*s to runtheir business-critica# (rocesses and inor*ation. ey (rocesses such as sa#es@in!oicing@ *anuacturing@ (rocure*ent@ hu*an resources *anage*ent andinancia# (#anning are *anaged and (rocessed by syste*s running SAPsot7are.

"his critica# nature is 7hat *a'es the* high#y attracti!e or cyber-cri*ina#s andcyber-terrorists0 i a *a#icious (arty is ab#e to co*(ro*ise an organiBationCsSAP (#ator*@ he 7ou#d be ab#e to engage in es(ionage@ sabotage and inancia#raud attac's 7ith se!ere i*(#ications to the business.

"his 7hite-(a(er ana#yBes ho7 the SAP security conce(t has e!o#!ed o!er the#ast years and 7hether organiBations are staying ahead o the rea#-7or#d threatsaecting their SAP (#ator*s.

212 3na(sis@ Inc. 4


5/19


2. A DANGEROUS STATUS-QUO

2.1. What !"# security$ used to be fi%e years a&o

/i!e years ago@ the SAP security disci(#ine #oo'ed as i it had reached its(ara*ount or *ost (art o the Inor*ation Security and Audit co**unities.

,ac' then@ this (ractice 7as regarded as a synony* o Segregation o Duties%SoD& contro#s. "his 'ind o contro#s are designed to ensure that theres(onsibi#ity o (eror*ing critica# business o(erations is s(#it across dierentindi!idua#s@ to *ini*iBe the chances o raudu#ent acti!ities against the

organiBation.In the SAP 7or#d@ these contro#s are i*(#e*ented by trans#ating dangerousbusiness:technica# o(erations into the res(ecti!e SAP authoriBation obEects that7ou#d enab#e their eFecution@ and ensuring that no user in the syste* isenEoying o inco*(atib#e authoriBations.

2.2. 'he for&otten layer

Whi#e the re!ie7 and enorce*ent o SoD contro#s are one o the (i##ars o theSAP syste*Cs security@ they are not the on#y ones.

SAP business a((#ications are eFecuted by high#y-co*(#eF techno#ogica#ra*e7or's@ usua##y reerred to as the >etWea!er or ,ASIS co*(onents%,usiness Inrastructure&. "he ,usiness Inrastructure in charge o critica#tas's such as authenticating users@ authoriBing their acti!ities@ interacing 7ithother syste*s@ encry(ting:decry(ting sensiti!e co**unications and (ersistentdata@ auditing security e!ents@ etc.

"he security o this #ayer has been traditiona##y disregarded during SAPi*(#e*entation (roEects@ as it 7as considered as an additiona# barrier toachie!ing the usua##y-cha##enging go-#i!e date@ 7ithout a c#ear return on

in!est*ent. As *entioned beore@ another i*(ortant reason 7as that there 7asa reigning false sense of security@ 7here organiBations be#ie!ed that securingthe syste*s 7as a## about enorcing SoD contro#s.

"he status-quo 7as bro'en in ,#ac'Gat 2


6/19


2.(. " different )hi&her* ris+ profile

"he *ain concern regarding the #ac' o security o the ,usiness Inrastructure isthat it introduces *uch higher ris's to the (#ator*.

"his section detai#s the dierence in the characteristics o attac's eF(#oiting7ea'nesses in the dierent #ayers0

F(#oitation o a SoD 7ea'ness

1. "he attac'er needs a !ali" user account in the target SAP syste*.

2. "he attac'er needs to ind out that he has *ore (ri!i#eges than he shou#d

ha!e@ identiying the additiona# sensiti!e authoriBations that he 7asgranted.

$. o**on auditing eatures *ay detect his acti!ities.

F(#oitation o a ,usiness Inrastructure 7ea'ness

1. "he attac'er doe !ot !eeda !ali" user account in the target SAPsyste*.

2. A "##e$"% tt#' ()%% %%o( *)+ to #*)e,e SAPALL oe/"),%e!t 0),)%ee.

$. o**on auditing eatures(o"%d !otdetect his acti!ities.

As it can be obser!ed@ attac's to the ,usiness Inrastructure ha!e se!era#ad!antages ro* an attac'erCs (oint o !ie70 they require #ess 'no7#edge o thetarget (#ator*@ ha!e greater i*(act and #ess chances o being detected.

2.,. " risin& threat

"he nu*ber o re(orted SAP security !u#nerabi#ities has been rising

dra*atica##y o!er the #ast years./i!e years ago@ the tota# nu*ber o re#eased SAP Security >otes 7as @ 7ith ayear#y a!erage o a((roFi*ate#y 2 ne7 issues re#eased through 24 H 2).

Since 2otes:(atches started toincrease in an un(recedented sca#e. "his resu#ted in a tota# nu*ber o 1 aso /ebruary@ 212@ 7ith a year#y a!erage o a((roFi*ate#y ) ne7 notes in21 and 211.

"he o##o7ing chart i##ustrates the e!o#ution in the nu*ber o SAP Security >otes

re#eased (er year0

212 3na(sis@ Inc. )


7/19


"he dra*atic increase in the nu*ber o SAP security (atches 7as dri!en *ain#ybecause o the o##o7ing actors0

An increased interest by the inor*ation security research co**unity in;P security !u#nerabi#ities.

"he increased accessibi#ity to SAP syste*s or the genera# (ub#ic.

SAPCs enhanced eorts into increasing the security o its sot7area((#ications.

In this scenario@ organiBations are no7 acing a big cha##enge0

"he need to understand 7hich o the re#eased SAP security (atches areaecting their s(eciic co*(onents in their #arge (#ator*.

"he diicu#ty in deter*ining 7hich o the SAP syste*s are *issing thosea((#icab#e security (atches.

"he diicu#ty in (rioritiBing the i*(#e*entation o the (atches@understanding the associated ris' o the eFisting !u#nerabi#ity.

"he eort in!o#!ed in i*(#e*enting the necessary (atches@ inc#uding(ro(er qua#ity-assurance to *ini*iBe disru(tion o eFisting business(rocesses.

212 3na(sis@ Inc.


8/19


. SAP SYSTEMS ON T3E INTERNETA decade ago it 7as not co**on to ind SAP syste*s on#ine. >o7adays@ dueto *odern business require*ents@ *any organiBations are eF(osing their SAP(#ator* to be accessed by custo*ers@ e*(#oyees and !endors.

"his situation ob!ious#y increases the ris' o cyber-attac's@ as the uni!erse o(ossib#e attac'ers is dra*atica##y eF(anded. "his section ana#yBes the currenteF(osure o SAP syste*s to the Internet.

(.1. #ublic information in search en&inesAs *any SAP syste*s are connected to the Internet and (ro!ide Webinteraces or re*ote access@ it is (ossib#e to obtain inor*ation ro* (ub#icsearch engines.

9oog#e

8sing 9oog#e dor's it is (ossib#e to search or co**on SAP Web a((#ications@such as SAP nter(rise Porta#s@ I"S ser!ices@ ,SP and Webdyn(ros@ 7hich canre!ea# the (resence o an SAP A((#ication Ser!er connected to the Internet.

"he o##o7ing screenshot i##ustrates a search or eF(osed nter(rise Porta#s0

"he dierent SAP 7eb co*(onents can be searched through dierent dor's@such as0

inur#0:irE:(orta# %nter(rise Porta#&

inur#0:sa(:bc:bs( %SAP Web A((#ication Ser!er&

inur#0:scri(ts:7gate %SAP I"S&

inur#0ino!ie7a(( %SAP ,usiness 3bEects&

SG3DA>

SG3DA> is a another useu# resource to ind SAP syste*s on#ine. As it indeFesthe returned Web ser!er banners@ this a((#ication can be used to eF(ose

212 3na(sis@ Inc. +


9/19


syste*s running SAP 7eb a((#ications Eust by searching or the string SAP.

(.2. eyond !"# Web applications

In *any cases@ organiBations 7ho are not eF(osing their SAP (#ator* throughWeb A((#ications to the Internet be#ie!e that there is no outside access to their(#ator*s. "his is usua##y 7rong.

As (art o the agree*ents entered 7ith SAP 7hen (urchasing the sot7are#icenses@ organiBations agree on a su((ort contract. "his su((ort 7or's *ain#yby ha!ing a connection ro* SAP oices to the organiBationCs SAP syste*.

"his re*ote su((ort connection is (eror*ed through a s(ecia# co*(onentca##ed SAProuter@ 7hich *ust be re*ote#y a!ai#ab#e or SAP. Whi#e this shou#dbe a#7ays done through a 6P> connection 7ith SAP ser!ers@ it has beendetected in *any cases that the SAProuter 7as direct#y eF(osed to the Internet.

In the short-ter*@ an statistica# ana#ysis o sensiti!e SAP ser!ices direct#y

eF(osed to the Internet@ such as the SAProuter@ 7i## be (ub#ished.

212 3na(sis@ Inc.


10/19


4. T3E INSIDER T3REATWhi#e enab#ing access ro* the Internet to the SAP (#ator* increases theassociated ris's@ by no *eans shou#d the interna# net7or' be considered as atrusted en!iron*ent.

arge organiBations ha!e thousands o e*(#oyees@ outsourced sta@contractors@ etc. 7ho are e!eryday connected to the interna# net7or' and *ustbe considered as (otentia# threat agents.

In the ones running SAP (#ator*s@ intruders are usua##y (resented 7ith aa!ourab#e en!iron*ent or attac'ing the SAP syste*s once they are connectedto the net7or' %either (hysica##y or through 6P> connections&.

"his situation is co**on#y caused by0

1. "he #ac' o (ro(er interna# net7or' seg*entation@ by not de(#oying theSAP ser!ers in a (rotected@ interna# D=.

2. !en i the (re!ious (oint is 7e## co!ered@ a ne7 (rob#e* arises0 so*e othe SAP co*(onents sti## require the /ire7a## to a##o7 access to technica#ser!ices@ such as the SAP 9ate7ay@ or the eFecution o certain business(rocesses. "his o(ens a ho#e in the /ire7a## 7hich is i*(ossib#e to c#ose.

$. A (ossib#e so#ution to the (re!ious (oint is the de(#oy*ent o an IPS:IDSsyste*@ 7hich is ab#e to ana#yBe the a##o7ed traic and detect attac'(atterns. Go7e!er@ none o the to(-tier IPS:IDS !endors ha!e theseca(abi#ities today@ 7hich resu#ts in a a#se sense o security.

"his scenario high#ights the need to ensure that the SAP syste*s are (ro(er#y(rotected@ as interna# attac'ers ha!e a a!ourab#e situation in regards toreaching the target ser!ers and intend to eF(#oit !u#nerabi#ities in the*.

212 3na(sis@ Inc. 1


11/19


5. FROM T3E TRENC3ES: T3E CURRENT SECURITYLE6EL OF SAP IMPLEMENTATIONS

Since 25@ 3na(sis eF(erts ha!e (eror*ed se!era# s(ecia#iBed Penetration"ests to the SAP i*(#e*entations o so*e o the #argest organiBations o the7or#d.

In *ost cases@ these (roEects 7ere (eror*ed 7ith the o##o7ing characteristics0

>et7or' access to the end-user net7or' %through 6P> or onsite& 7as(ro!ided.

3n#y a #ist o IP addresses o the target SAP syste*s 7as inor*ed.

>o user:(ass7ords credentia#s in any syste*s 7ere (ro!ided.

3!er these years@ these eF(erts ha!e e!a#uated the security o *ore than 55SAP A((#ication Ser!ers in tota#.

"he indings are sur(rising0

It 7ou#d ha!e been (ossib#e or an attac'er to achie!e u## contro# o theSAP (#ator* in *ore than 5 o the cases.

"he obtained (ri!i#eges %SAPJA or equi!a#ent& 7ou#d enab#e a*a#icious (arty to (eror* es(ionage@ sabotage and raud attac's to thebusiness inor*ation and (rocesses *anaged by the target syste*s.

3n#y 5 o the e!a#uated SAP syste*s had the (ro(er security audit#ogging eatures enab#ed.

>one o the e!a#uated SAP syste*s 7ere u##y u(dated 7ith the #atestSAP security (atches.

In *ost cases@ the attac' !ectors that #eaded to the initia# co*(ro*iseco*(rised the eF(#oitation o !u#nerabi#ities that ha!e been in the (ub#icdo*ain or *ore than 5 years.

=any o these !u#nerabi#ities and attac' !ectors are detai#ed in the o##o7ingsection.

212 3na(sis@ Inc. 11


12/19


7. T3E TOP-11 6ULNERABILITIES AFFECTING T3ESAP INFRASTRUCTURE

In 21@ ,I H "he ,usiness Security o**unity - 7as created. ,I.orgis a non-(roit organiBation ocused on security threats aecting ;P syste*sand business-critica# inrastructure.

A*ong se!era# other (roEects@ the ,I ":11 #ists the *ost co**on and*ost critica# security ris's aecting the ,usiness ;unti*e #ayer:inrastructure oSAP (#ator*s.

"he o##o7ing (oints detai# 7hich are the *ost co**on ris's and 7hich cou#dbe the i*(act o their successu# eF(#oitation.

.1. I/0 '0-13 456N07"60 !89'W"70 IN 5!0

;is'"he SAP (#ator* is running based on techno#ogica# ra*e7or's 7hose!ersions are aected by re(orted security !u#nerabi#ities and the res(ecti!eiFes ha!e not been a((#ied.

,usiness I*(actAttac'ers 7ou#d be ab#e to eF(#oit re(orted security !u#nerabi#ities and (eror*unauthoriBed acti!ities o!er the business inor*ation (rocessed by the aectedSAP syste*.

.2. I/0 '0-23 !'"N:"7: 5!07! WI'; :09"56'#"!!W87:!

;is'8sers created auto*atica##y during the SAP syste* insta##ation@ or otherstandard (rocedures@ are conigured 7ith deau#t@ (ub#ic#y 'no7n (ass7ords.

,usiness I*(actAttac'ers 7ou#d be ab#e to #ogin to the aected SAP syste* using a standardSAP user account. As these accounts are usua##y high#y (ri!i#eged@ the businessinor*ation 7ou#d be eF(osed es(ionage@ sabotage and raud attac's.

.(. I/0 '0-(3 5N!0570: !"#


13/19


,usiness I*(act

Attac'ers 7ou#d be ab#e to obtain u## contro# o the SAP syste*. /urther*ore@they 7ou#d be ab#e to interce(t and *ani(u#ate interaces used or trans*ittingsensiti!e business inor*ation.

.,. I/0 '0-,3 5N!0570: !"#>87"60"5';0N'I"'I8N

;is'"he SAP A,AP A((#ication Ser!er authenticates to the 3rac#e databasethrough the 3PSL *echanis*@ and the 3rac#eKs #istener has not been secured.

,usiness I*(actAttac'ers 7ou#d be ab#e to obtain u## contro# o the aected SAP syste*Ksdatabase@ enab#ing the* to create@ !isua#iBe@ *odiy and:or de#ete any businessinor*ation (rocessed by the syste*.

.. I/0 '0-3 IN!0570 79 IN'079"0!

;is'"he SAP en!iron*ent is using insecure ;/ connections ro* syste*s o #o7ersecurity-c#assiication #e!e# to syste*s 7ith higher security-c#assiication #e!e#s.

,usiness I*(actAttac'ers 7ou#d be ab#e to (eror* ;/ (i!oting attac's@ by irst co*(ro*isingan SAP syste* 7ith #o7 security-c#assiication and@ subsequent#y@ abusinginsecure interaces to co*(ro*ise SAP syste*s 7ith higher securityc#assiication #e!e#s.

.. I/0 '0-3 IN!599II0N' !057I'= "5:I'

68


14/19


.. I/0 '0-3 5N!0570: !"# M0!!"


15/19


,usiness I*(act

Attac'ers 7ou#d be ab#e to access sensiti!e SAP net7or' ser!ices and (ossib#yeF(#oit !u#nerabi#ities and unsae conigurations in the*@ #eading to theeFecution o unauthoriBed acti!ities o!er the aected SAP (#ator*.

.11. I/0 '0-113 5N0N7=#'0: 8MM5NI"'I8N!

;is'"he conidentia#ity and integrity o co**unications in the SAP #andsca(e is notenorced. "hese co**unications co*(rise SAP-to-SAP connections as 7e## asinteractions bet7een SAP ser!ers and eFterna# syste*s@ such as user7or'stations and third-(arty syste*s.

,usiness I*(actAttac'ers 7ou#d be ab#e to access sensiti!e technica# and business inor*ationbeing transerred to:ro* the SAP en!iron*ent.

212 3na(sis@ Inc. 15


16/19


8. DEFENDING T3E SAP PLATFORM: PROTECTINGOUR BUSINESS-CRITICAL INFRASTRUCTURE

.1. 'he hallen&es

"here are *ain#y three cha##enges that arise 7hen (#anning ho7 to (rotect thebusiness-critica# inrastructure su((orted by the organiBationCs SAP (#ator*0

K!o(%edeSAP has a 7ide !ariety o high#y co*(#eF techno#ogica# co*(onents@

each o the* eaturing their o7n@ in *any cases (ro(rietary@ securityarchitectures.Ha!ing a speciali4e" kno&le"ge of each specific )* co$ponent ishighly i$portant in or"er to ensure a proper lock-"o&n of the syste$s.

S#o0e=any organiBations used to assess and secure on#y a #i*ited (art o theSAP (#ator*0 ty(ica##y the entra# Instance and the (roducti!e c#ient%*andant& o the Production syste*.In or"er to pro!i"e a resilient infrastructure, the platfor$ $ust %eprotecte" holistically. (his co$prises e!ery client an" e!ery instance in

e!ery syste$ of e!ery lan"scape of the organi4ation. single hole caneopar"i4e the security of the entire platfor$.

Pe)od)#)t9"he security o SAP en!iron*ents is high#y dyna*ic. 3ne the one hand@SAP is continuous#y re#easing ne7 Security >otes 7hich are ai*ed to(rotect against the eF(#oitation o 'no7n !u#nerabi#ities. 3n the otherhand@ SAP ad*inistrators (eriodica##y interact 7ith the securityconiguration o the syste*s@ changing (ara*eters that *ay render thesyste*s !u#nerab#e.(he security of the )* infrastructure $ust %e e!aluate" perio"ically, at

least after each )* )ecurity *atch ay, to !erify &hether ne& risksha!e %een raise" an" e!aluate $itigation actions.

.2. !"# !ecurity - Who is responsible?

8n#i'e other syste*s or a((#ications such as DAP directories@ Web ser!ersand Do*ain contro##ers@ in so*e organiBations the security o SAP a((#icationsusua##y sti## a##s under the do*ain o "he ,usiness.

"hereore@ this situation resu#ts in a c#ear segregation o duties inconsistency@

7here the oicers in charge o securing the syste*s are the sa*e ones 7hoare res(onsib#e or !eriying 7hether they are secure or not.

212 3na(sis@ Inc. 1)


17/19


Whi#e it is acce(tab#e that the organiBationCs SAP tea*s are res(onsib#e ordoing their best eort into (rotecting the SAP (#ator*@ it is high#y i*(ortant thatthe Inor*ation Security =anager : IS3 de(art*ent !erifies 7hether thecurrent security #e!e# *atches the organiBationCs deined ris' a((etite.

"he o##o7ing questions are ai*ed at ser!ing as a starting (oint or urtherthin'ing o this situation in the readerCs organiBation0

Is the SAP (#ator* a b#ac'boF or the Inor*ation Security tea*?

Does the Inor*ation Security tea* trust but !eriy?

Who 7i## be u#ti*ate#y res(onsib#e i there is a security breach in the SAP

(#ator*? What i the SAP (#ator* is co*(ro*ised@ not by a high-(roi#e and

co*(#eF attac'@ but rather as the resu#t o the eF(#oitation o a!u#nerabi#ity that has been (ub#ic#y 'no7n or se!era# years?

212 3na(sis@ Inc. 1


18/19


. CONCLUSIONS,ased on the authorCs ie#d eF(erience@ it can be conc#uded that *any SAPi*(#e*entations are current#y not (ro(er#y (rotected and are eF(osed to high-i*(act attac's.

"he *ost critica# attac' !ectors co*(rise the eF(#oitation o technica#!u#nerabi#ities and *is-conigurations at the inrastructure #ayer o this (#ator*@as *any o the* do not e!en require a !a#id user account in the target syste*s.

3!er the #ast years@ SAP has i*(ro!ed its interna# security eorts and #aunched

se!era# initiati!es to raise a7areness on the i*(ortance o this subEect a*ongits custo*ers. "he cha##enge is no7 or custo*ers to catch-u( and (rotect theirsyste*s ho#istica##y@ reducing the #i'ehood o successu# attac's to theirbusiness.

It is eF(ected that the inor*ation (resented in this docu*ent he#(sorganiBations to better identiy their current security (osture@ understandeFisting ris's and e!a#uate *itigation acti!ities according#y.

212 3na(sis@ Inc. 1+


19/19


A;o"t O!0)3na(sis (ro!ides inno!ati!e security sot7are so#utions to (rotect ;P syste*sro* cyber-attac's. "hrough un*atched ;P security@ co*(#iance andcontinuous *onitoring (roducts@ 3na(sis secures the business-critica#inrastructure o its g#oba# custo*ers against es(ionage@ sabotage and inancia#raud threats.

3na(sis M1@ the co*(anyCs #agshi( (roduct@ is the industryCs irstco*(rehensi!e so#ution or the auto*ated security assess*ent o SAP(#ator*s. ,eing the irst and on#y SAP-certiied so#ution o its 'ind@ 3na(sis M1

a##o7s custo*ers to (eror* auto*ated 6u#nerabi#ity Assess*ents@ Security No*(#iance Audits and Penetration "ests o!er their entire SAP (#ator*.

3na(sis is bac'ed by the 3na(sis ;esearch abs@ a 7or#d-reno7ned tea* oSAP N ;P security eF(erts 7ho are continuous#y in!ited to #ecture at the#eading I" security conerences@ such as ;SA and ,#ac'Gat@ and eatured by*ainstrea* *edia such as >>@ ;euters@ ID9 and >e7 Oor' "i*es.

/or urther inor*ation about our so#utions@ (#ease contact us atinoona(sis.co*and !isit our 7ebsite at777.ona(sis.co*.

212 3na(sis@ Inc. 1
http://www.onapsis.com/x1mailto:[email protected]://www.onapsis.com/http://www.onapsis.com/mailto:[email protected]://www.onapsis.com/x1

Bh Eu 12 DiCroce CyberAttacks to SAP Systems WP

Documents