SAP Security Monitoring – Few People Know About It. What Is It? (Post 1/3 In Series)
Hello! I’m Megan Hargrove, and I work as a SAP Security/Cyber Security Analyst for a Fortune Top 100 company, tasked with the responsibility of overseeing the security of 120+ SAP systems. SAP Security is a topic I feel is severely neglected, so my goal with this post (as well as future posts) is to share some of the knowledge and experience I have acquired with you. Let’s discuss:
SAP security monitoring – how ironic that something so imperative to your organization’s safety and stability is so unfounded and rarely thought of until it is all you (as well as your CISO!) can think of because a vulnerability within your SAP environment has been exploited.
SAP security monitoring encompasses the practice of actively analyzing all movements (both vertical and lateral) within your production and non-production systems in efforts of identifying both external and internal threats. Consider the transactions your user’s employ, the execution of dangerous RFC callbacks, the system parameters your Basis team does (or does not) set, the overzealous roles assigned, the attempted operating system commands executed on SAP gateways using Type-E connections, the multiple bank account changes within a short period of time, etc… these are all common activities analyzed within SAP security monitoring.
As opposed to waiting for a vulnerability within your SAP landscape to be exploited, wreaking havoc on your organization, SAP security monitoring identifies these critical issues in real-time so that seasoned SAP security analysts can consume the events and immediately begin the process of mitigation or remediation.
Only a few professionals today know about SAP security monitoring – but I assure you that the attackers are well aware of what you are… and are not monitoring.
Please stay tuned for posts 2/3 and 3/3 of this series where I will discuss the importance of monitoring your SAP systems, as well as some specific examples of what exactly you should be looking for when monitoring your SAP systems security.