Bring true, flexible SAP® monitoring to SIEM with agileSI™
Business under fireMore than 40 million new variations of malware were identified in 2016 – per quarter! Just the number of Ransomwares – software that encrypts data and blackmails the owner to pay for the decryption key – has almost doubled since 2015 to more than 8 million different strains. (Source: McAfee Threat Report 2016)
Organizations run their most critical business processes on SAP®, while employees, external consultants, providers, suppliers and others get access and accounts trusted with permissions, rights and privileges within SAP® landscapes to perform specific tasks and ensure business operations.
SAP® access combined with other tools provided to users, can also be used to perpetrate fraud, harvest intellectual property, or sabotage operations. The scenario becomes even more frightening when we take into account the different potentially vulnerable endpoint devices to access SAP®.
SAP® is a prime target for cyber attacks.
SAP® – The "blind spot" in Cyber Security
Modern security systems directly monitor what is going on in the network to identify attacks based on behavior instead of signatures. To utilize the enormous number of security relevant events in an IT-landscape, Security Information & Event Management systems (SIEM) are applied. Modern SIEM solutions can automatically analyze and correlate more than 25.000 events per second (EPS).A SIEM is kind of the backbone of modern security architectures. It draws information from network monitoring, firewalls, intrusion detection systems (IDS), malware scanners, identity management solutions and many more sources.
Unfortunately, SAP® and other business applications do not integrate well with SIEM systems. Most SIEM solutions can barely read the Security Audit Log (SAL). The SAL in itself is not an exhaustive source of relevant information. For example it is possible to detect a change in user rights, but it is impossible to track what exactly has been changed.
This gap is bridged by agileSI™. Using smart extractors it serves as a configurable interface solution to make relevant information from SAP® available for the correlation and response-processes of the SIEM.