Challenges in a fast changing IT environment
Today, we face the fact that IT environments are changing and evolving fast, using the latest technologies and moving the IT strategy towards an hybrid landscape.
For the security departments it means a lot to learn and adapt fast, what the new environment brings with it. Especially having an understanding and handling the security for the entire landscape can be challenging, especially when the needed resources and skills are missing. Here the experts come into play.
SAP Managed Security Services Portfolio
To address the demands of our customers, the SAP managed security services portfolio was designed as holistically offerings for all kind of SAP security related activities, beginning with classical Roles & Authorizations, SAP systems risk assessments, system patching, interface security, encryption & decryption and many more services.
As part of the mature service portfolio the services around SAP Enterprise Threat Detection build up the latest service elements.
With the entire set of the portfolio, we support our customers globally with their day-to-day jobs and make sure, that they become and stay secure and compliant. Especially when it comes to ongoing security monitoring of the SAP systems.
SAP Managed Security Services for SAP Enterprise Threat Detection
Customers may have SIEM (Security Incident and Event Management) solutions in place, which monitor the environment on infrastructure level. The monitoring is done inhouse or being outsourced to so called Security Operations Center (SOC). But the need is for the combination of infrastructure and application monitoring, to get the holistic insight about any kind of security incident.
But when it comes to applications level monitoring, you need to know insights about the applications security measures, what kind of logs and traces would be available, what kind of alerts are being delivered and how to react on those.
Here, SAP managed security services for SAP Enterprise Threat Detection plays a major role:
With the SAP’s own subject matter experts the SAP managed security services team takes over responsibility from the first day.
To give a rough example, keeping in mind that each and every customer hast an individual setup and individual processes, following major activities are relevant:
- Onboarding services:
- Risk assessments to identify risk level of core ERP systems
- First draft of Standard Operation Processes (SOP)
- Definition of most relevant alert patterns
- Connection of desired ERP applications to SAP Enterprise Threat Detection, if necessary start log collection within the application
- Definition of reports
- Alert processing services:
- Monitoring of real time alerts (Level 1)
- Prioritizing alerts into categories very high, high, medium, low according to SOPs (Level 1)
- Eliminate false positive alerts (Level 1)
- Hand over to expert group for high risk or complex alerts (Level 2)
- Investigation and processing Level 2 alerts which cannot processed by SOPs, including recommendations for countermeasures
- Cross-check alerts and patterns on demand (Level 2)
- Monitoring and finding reports:
- Reports created as agreed on weekly, monthly or yearly basis
- Format and content to be agreed on
- Support of regular audits
With delivering these activities, SAP managed security services take ownership for the desired monitoring and protection of core ERP systems.
As an additional service customers can benefit from the ability to connect SAP Enterprise Threat Detection into other SIEM solutions and vise versa. So the monitoring aspect becomes more holistic. The completed picture of the combined logs and alerts are key for any kind of forensic investigation and brings system protection to a higher level.
Of course, service times and Service Level Agreements are basing on individual needs.
From 24/7 down to 8/5 service times and from detailed and large SLAs to basic and lean SLAs, customers have a choice to decide what fits best.
For a detailed conversation and offerings, please get in touch with us directly.