SAP Cyber-Security, Top of Mind in the BlackHat community
The BlackHat USA conference, held in Las Vegas, is one of the biggest technical IT security conferences in the world, making it one of the most relevant events for the IT security community during the year. In addition to having people discuss and learn about the many new attacks and novel security techniques its THE place where people can get a deep understanding of security best practices via trainings and security research presentations.
The “Pwnie Awards” which are held every year during Black Hat, are a way that organizations and people get recognition as to the importance and impact of the critical vulnerabilities they have discovered.
Last Wednesday, the Pwnie Awards recognized an SAP Vulnerability as the most important server-side vulnerability of the year affecting a compression algorithm that is widely used across many SAP products (check SAP Security Notes 2124806, 2121661, 2127995 and 2125316), discovered by researcher Martin Gallo.
It’s the first year that this award is related to an SAP security vulnerability. This is yet another proof point as to the increased importance of SAP cybersecurity to the cybersecurity community, but also the importance for SAP customers to secure their SAP implementations by applying patches, properly configuring the systems and properly monitoring them for security risks.
We have been helping SAP, working with the Product Security Response and HANA Security Teams, by reporting security vulnerabilities that are later fixed and patched by customers through their patch management initiatives and processes. If your company and SAP implementations are falling behind patches and security configurations, you should know that every month SAP releases new patches, addressing vulnerabilities that could expose these applications
SAP Security is more than Segregation of Duties and authorizations, so take a holistic approach to SAP cybersecurity by including it in your agenda and make it a priority across your organization to avoid risking unauthorized access to your most critical information and business processes.