HANA’s real-time analytical power provides an excellent foundation to rapidly deal with security-related issues. At this year’s Sapphire, Hasso Plattner described the importance of HANA in fighting hackers.
….the increased number of potential attack vectors open to hackers means that companies can no longer rely on perimeter defences. The chairman said enterprise-level customers need to upgrade to intelligence models powered by advanced analytics tools, like HANA.
Plattner said: “What’s on show here is a new security-monitoring application that collects all significant hardware, network and software vendors’ security messages. It takes them from people like Microsoft, HP, IBM, CISCO and Oracle. It takes all of them into a large HANA database and does multi-system security breach analysis.
What I always found intriguing about this quote was that Hasso didn’t mention SAP systems as being involved in such HANA-based cyber-threat scenarios.
Two new job offers reveal that SAP is indeed examining the potential of HANA to deal with such issues.
The job offers
Position: Working Student: Smart analysis of SAP log data in a central HANA Database
Our department has the task to examine and prepare the development of a new product in the area of mass data analysis that deals with attacks to SAP systems. The relevant data sources to analyze are e.g. the very different logs of SAP systems, which are in general very large and grow fast within short time ranges. With SAP’s in Memory HANA Database it becomes now possible to examine and analyze such mass data in a very fast way. This new opportunity allows us to analyze the data according to SAP system hacks that occurred in the past, or that are even currently occurring. One of the challenges is to transfer the relevant data into a good SAP HANA Database readable format that allows for a highly performing access via HANA-DB optimized select statements.
Some corresponding questions are:
- How does the format of the most relevant data of the different sources look like? How can relevant information be found out of this data?
- Which features does the SAP HANA Database provide to read structured and unstructured (text) data in a fast way?
- How shall a SAP HANA Database table format (or formats) look like, into which the data out of the different sources need to be transferred?
- What are alternatives to optimize the SAP HANA Database table format(s) in order to find the relevant data in a highly efficient way?
- How could meta data models look like to allow some kind of modeling of the highly efficient select statements?
Position: Thesis Student: Analysis and Definition of Attack Patterns for SAP systems
[first part of job description is the same as the first offer]
…… One of the challenges is to determine/define valid general Attack Patterns to SAP Systems or to system landscapes with SAP systems and to transfer these patterns into technical analysis statements that are applied to the relevant mass data in a SAP HANA Database.
Some corresponding questions are:
- Which are valid attack patterns?
- Which data out of which sources is needed in order to find a potential attacks according to an attack pattern?
- How does the filtering and order of filtering of the data look like to most exactly find a potential attack?
- How can so called ‘false positives’ (i.e. findings of potential attacks that aren’t any) be ignored in a most reliable manner?
- I know that both positions may be viewed more as research-related (Working Student, Thesis Student, etc) rather than part of product teams but it looks like things are more serious than just research. The description contains a reference to a new product: “Our department has the task to examine and prepare the development of a new product new product in the area of mass data analysis that deals with attacks to SAP systems.”
- There are other efforts from SAP employees to read logs into HANA – for example, Importing Apache Webserver Logs to SAP HANA for Web Analytics & Reporting – but these efforts focus more on monitoring and traffic analysis rather that security concerns.
- As I read these job descriptions, I thought about the possible integration possibilities with HANA-enhanced GRC products as well as broader fraud management solutions.
- A recent graduate of the HANA Start-up program called “Alert Enterprise” has a HANA-based security system which “addresses the single most overlooked gap in enterprise security – the prevention, detection and fast resolution of linked IT and physical access violations across diverse enterprise systems, applications, databases and geographically distributed assets.” [SOURCE]. As I watched the JD-OD video that Dennis Howlett made last year about AlertEnterprise I realized that the broader potential value of such a SAP product would have for such security-related frameworks.