There is sometimes the question, what the difference is between SAP Fraud Management and SAP Enterprise Threat Detection. I would like to explain the 2 complementary solutions in this short blog.
SAP Fraud Management solution focuses on business process related frauds and SAP Enterprise Threat Detection is about IT threats which imperil companies and society. Both solutions have the goal to protect a company or organization, but have two different approaches since the origin of fraud and threats are different.
- Detect frauds and threats when they happened (and not a week later in a report nobody is interested in)
- Protect companies and organizations (against threats or frauds)
- Harnessing the power of in-memory computing (of course with SAP HANA)
- Support of SAP and non-SAP data (open interfaces)
- SAP pre-delivered content (so not only a framework)
Summary and examples
So the big difference is the perspectives on security. SAP Enterprise Threat Detection has a technical approach to detect attacks against the business. In case of external attacks, cyber criminals are using existing/unknown software vulnerabilities or spying techniques to get technical access to a system. In most cases the goal is to download sensitive business information. In some cases the goal is also to disrupt the business (example: national interests) or harm the reputations (example: political interests). So the system detects at the end abnormal behaviors of users?
Why is someone accessing my systems who left my company based on the HCM system?
How I detect that someone tries to access my SAP system landscapes with standard users or the most common passwords combination (brute force)?
Why is someone manipulating data within a SAP debug session in a productive system?
Why is someone changing user data in transaction su01 and working not in the related organisation?
Why is someone trying to use different transations then normal and using a device not known?
SAP Fraud Management detects frauds on a process level. Nobody is trying to hack the system. They misuse existing permissions or lacks within the process.
Protect against potential fraud through ad-hoc procurement procedures and supported by clearly communicated policies and ad-hoc internal controls.