In this sixth article in our data privacy and security series, Frank KunzFrank Kunzdiscusses the benefits of SAP’s latest offering, enterprise threat detection. Read the whole blog series on IT Security here.
Do you have a blind spot in your IT landscape?
In the age of the Internet of Things, ubiquitous mobile devices, cloud computing, and interconnected systems, business networks are more open – and more exposed – to the outside world than ever before. Gone are the days of a single isolated on-premise network with a limited set of users. Today’s rapidly expanding number of connected devices, identities, and deployment options means exponentially more opportunities for cybercriminals. Companies must increase scrutiny to ensure security of the data – including credit and debit card information, personal details, usernames, phone numbers, passwords, and addresses – constantly traversing our networks.
Many IT organizations have significant blind spots when it comes to visibility into certain areas of their landscape – and it is those spaces that cybercriminals haunt. IT must constantly evaluate unexpected activity, determine the significance of any attacks, determine who’s involved, and assess damage done. Quick response is critical, but to respond effectively, you must first analyze, understand, and get actionable information.
Making sense of hundreds of log files
One area of particular concern for many organizations is the ability to monitor log files – the comprehensive data files that list all actions occurring within a network, system, or application. For example, a system log file lists every request made to the system, so you can get a good idea of where visitors came from, how often they return, and what they are accessing or viewing. The problem is, with hundreds of log files just for SAP systems, switches, firewalls, and other network devices, it can become increasingly difficult to aggregate data and detect patterns that could indicate security breaches. You need a way to bring together massive amounts of log data, then identify patterns that could represent an attack or an anomaly requiring investigation.
SAP Enterprise Threat Detection
SAP Enterprise Threat Detection automatically detects suspicious activities across concurrent log files and analyzes security events in real time. Built on SAP HANA and using SAP Event Stream Processor, it stores security events in a central HANA database, enriches them with contextual information, compares current situations to attack detection patterns, evaluates users’ past and current behaviors to detect anomalies and generates alerts – all in real time.
In addition to ongoing security monitoring, SAP Enterprise Threat Detection can be used for ad hoc analysis including suspicious activity alerts, forensic investigations, and compliance reviews. Countermeasures could also be introduced in the future – for example an autoreaction, such as calling a special IP address that will slow down or redirect attackers, allowing you to observe actions while safeguarding SAP systems. All this makes you more likely to protect customer data – and keep your business out of the headlines.
Learn more now
What’s the best way to define and identify typical data threats or security breaches? What patterns are unique to your company’s network and application usage? SAP Security Advisory Services can assess your vulnerabilities and help you fine-tune attack definitions. We can work together to evaluate your data security lifecycle, how best to use SAP Enterprise Threat Detection, and the patterns that trigger response. To learn more about how SAP consulting can help you implement a threat detection solution, visit us online.
If you want to learn more, please visit the SAP Service & Support area at SAPPHIRE NOW 2015 in Orlando.