Product Datasheet
Perform IT Security & Compliance Audits, Vulnerability
Assessments and Penetration Tests over your business-critical
platform. Through Onapsis X1 you can reduce audit costs , enforce
compliance requirements and decrease fnancial fraud risks by
monitoring that your ERP platform is really secure.
The ERP platform, the heart of your businessBusiness
applications such as SAP , Oracle E-Business Suite , Siebel and JD
Edwards run the most critical business processes of your company.
These systems manage vital information for your everyday
operations, making them an attractive target for cyber-criminals
and fraudsters. If breached, your company can be susceptible to
espionage, sabotage and fraud attacks that would result in severe
economic losses. In the ERP world, the vast majority of security
efforts and resources are focused in the deployment of Segregation
of Duties (SoD) controls. While SoD security measures are
necessary, they are not enough. The number of security
vulnerabilities in the technological components of these systems
are growing radically, increasing the risk of successful
information security breaches. Onapsis X1 is pioneering the frst
solution that allows you to perform in-depth security assessments
over your entire ERP platform. Through its patent-pending
technology, Onapsis X1 scans your ERP systems looking for security
vulnerabilities, misconfgurations and compliance violations. The
resulting reports that Onapsis X1 delivers enable customers to
improve the security level of the overall business infrastructure
and enforce compliance requirements easily.
of your
the heart
Protect
Business.
Protect
your ERP
platform.
Decrease business risks keeping your ERP platform secureUsing
Onapsis X1, you can continuously and holistically assess the
security of your ERP systems, evaluating every component of every
instance of your entire platform. With its simple and practical
user interface, up-to-date set of discovery, exploration, audit,
vulnerability assessment and risk illustration modules and the
support from the globally renowned Onapsis Research Labs team,
Onapsis X1 is your best ally to protect your ERP platform.
Product Datasheet
BizRisk Illustration technologyThrough an exclusive set of well
proven commercial-grade exploits, Onapsis X1 allows you to simulate
the steps performed by a real attacker over your ERP system,
enabling you to better understand which is the business impact of
the existing technical risks. With the BizRisk Illustration
technology, you can identify, validate and prioritize the
remediation of the detected vulnerabilities in a stable, secure and
easy way. You can illustrate the existing risks to key business
stakeholders using a common language: showing what these threats
actually mean for the business.TM
TM
Comprehensive reporting system
BecauseSegregation
of Duties
After you complete the assessment process, Onapsis X1 produces
clear and actionable reports to follow up all the identifed issues.
The reports can be generated to include only summarized/executive
results or in a detailed technical layout to assist your IT staff
in the remediation process. In this way, you can follow the entire
process, from threat identifcation to remediation and
post-validation of applied corrections, effectively minimizing
risks and making your critical business-critical infrastructure
reliable against real-world attacks.
enough.
is not
How Onapsis X1 works
Onapsis X1 automatically discovers the targets to assess in your
network and begins building the foundations for a comprehensive
security analysis.
Onapsis X1 detects existing weaknesses by performing a
comprehensive security audit or black-box vulnerability assessment
over the identified targets.
A comprehensive set of actionable reports describing detected
risks and compliance violations is generated, providing you
detailed guidance on how to mitigate them in the most efficient
way.
Onapsis X1 demonstrates the real business impact of an
identified risk in your ERP platform. Several of the detected
vulnerabilities can be easily and safely illustrated through
point-and-click actions, showing key business stakeholders what is
at stake.
Product Datasheet
Additional features & benefts:Effective risk mitigation The
vulnerabilities that Onapsis X1 detects imply real threats to your
ERP systems. These weaknesses expose your business to fnancial
frauds, information leakage and non-authorized data manipulation.
Onapsis X1 allows you to gain a deeper understanding of these
vulnerabilities. With this knowledge, and the detailed remediation
procedures included in Onapsis X1's reports, you will be able to
effectively reduce risk affecting your ERP infrastructure and,
therefore, protect your organization's most valuable information.
Reduction of security audit costs As the most comprehensive tool
developed for audit and security evaluations of ERP platforms,
Onapsis X1 is designed to provide trusted results with an unmatched
level of detail. This allows you to improve your response time,
maximizing your return on investment by streamlining the
remediation efforts required to identify, validate and eliminate
existing security vulnerabilities. Reduce audit costs up to 70%!
Policy-aware security assessments and audits You can also execute
policy-based security scannings and audits. Onapsis X1 includes a
set of built-in templates that you can use to compare the level of
compliance of your ERP platform against the best practices and
regulatory compliance initiatives, such as PCI DSS. Additionally,
you can create and save your own policies to match your internal
security standards and validate your platform against them, all
through a few clicks! Support for multiple ERP and
Business-Critical Applications Onapsis X1 provides a scalable
framework which integrates different Knowledge Packs, each one
focused on a different ERP or business-critical application. These
components provide a set of specialized modules that comprise a
specifc discovery, assessment or exploiting task. Onapsis X1's
architecture is designed to cover the most widely used ERP systems
in the world. TM TM Currently, Onapsis X1 Knowledge Pack is
available for use with SAP NetWeaver and R/3 solutions. You can
obtain more information about the Onapsis X1 Knowledge Packs on our
product website. Stable and up-to-date set of modules Information
Technology & Security changes fast. What is secure now, can be
subject to a critical threat in the blink of an eye. Onapsis X1
provides an ongoing support contract that allows users to download
periodically updated vulnerability defnitions and exploits for each
Knowledge Pack acquired. Holistic Protection Beyond Productive
Systems Development, Testing and Quality Assurance environments
must be evaluated with the same thoroughness as Productive systems
in order to prevent staged attacks. Onapsis X1 allows you to deeply
evaluate every environment of your ERP implementation with the same
effort. Through proprietary discovery and consolidation techniques,
X1 detects all the ERP components in your network automatically and
executes selected modules wisely to provide consistent and
nonredundant results. About OnapsisOnapsis is the leading provider
of solutions for the ERP systems and business-critical
applications. These systems are the business essentials,
responsible of processing the most valuable information and handle
the core business processes of companies world-wide. Through
different innovative products and services, Onapsis helps its
global customers to effectively increase the security level of
their critical systems infrastructure, protecting their
information, enforcing compliance and decreasing fnancial fraud
risks.
About the Onapsis Research Labs As a special team of
world-renowned experts, the Onapsis Research LabsTM continuously
works on several research projects related to the current and
future security aspects of ERP systems and business-critical
applications. All the new knowledge gathered by this team is
integrated into Onapsis X1 on a regular basis. The Onapsis Research
Labs constantly contributes to the professional information
security community through specialized technical publications, such
as SAP Security In-Depth, security advisories and shared security
software developments for public use. Also, our renowned experts
are frequently invited to hold presentations at the most important
information security conferences in the world.
Onapsis Partnership Program Our partnership program is aimed at
consulting and audit firms specialized in information security, who
are seeking to add value to their current security services
portfolio. Members of the partnership program gain the following
benefits: Access to a centralized point of information about ERP
software security. Low investment cost to develop ERP security
services or add value to existing ones. Per engagement Onapsis X1
license acquisition model.
If you are interested in being an Onapsis partner, please email
us at: [email protected]
Visit Onapsis X1 Website! Keep informed about latest updates,
white-papers publications, and webcasts. Stay tuned with Onapsis X1
at www.onapsis.com/x1
737 Jos A. Salmn Feijo, Ground Floor 12, Buenos Aires, C1274AGI,
ArgentinaCopyright 2010 Onapsis S.R.L. All rights reserved. Onapsis
X1 and BizRisk Illustration are trademarks of Onapsis S.R.L. All
other company and product names are trademarks of their respective
companies.
Main +54 11 5272 2363www.onapsis.com