Vulnerability management is a discipline that has recently experienced increased interest by customers. Quite common for most of the lower layers of the IT stack, a number of software companies have evolved over the past few years that provide solutions for vulnerability management also for web applications or for consolidated vulnerability management across multiple layers of IT.
The increased customer interest in my opinion is caused by three drivers:
Higher pressure to show mature security management processes to be compliant with various regulations
Growing interest of companies in using standard IT management processes across all layers of the IT stack – if vulnerability management is a best practice for networks, then why not do it for other layers as well?
More conscious mix of in-house IT expertise (for core activities) and outsourced expertise (via services or standard software solutions)
The increased customer demand and the strategic importance of this discipline for secure and smooth operations of IT solutions (and thus business processes) is reflected by the series of recent acquisitions in this market.
Interestingly enough, there has been hardly any help for companies that want to implement automated vulnerability management processes for the various components of the SAP NetWeaver platform. Risk management at SAP business process layer is covered increasingly well, e.g. by business process control and role analysis solutions of the SAP GRC portfolio or by other solutions. But there is a gap when it comes to applying these best practices to the SAP NetWeaver platform, even though there is a strong interest in solutions for automatically assessing, evaluating and managing vulnerabilities. Not only do such solutions save costs by automating routine tasks, they also increase quality by implementing repeatable processes. And they help companies show mature IT security management process, which helps quite a bit in IT audits.
There are now a few software vendors who have started to provide vulnerability management solutions also for the SAP NetWeaver platform. It’s worthwhile to think about how you want to address this area in your compnay in future.