ESNC Security Suite: SAP Vulnerability Assessment, Whitebox/Blackbox SAP Security Scanner and Real-time SAP Security Monitoring in a Single Package

Secure Your SAP systems and ABAP Code

Secure SAP Hana, SAP ABAP, SAP Java, SAP Router and many other SAP technologies which are powering your business.

Have Complete Visibility of Your SAP Security Posture

With our enterprise dashboards, see the current status of your SAP security based on information of all your SAP systems, whenever you need it.

Detect Attacks and Fraud in your Business Critical SAP Systems

Receive an sms or email when a malicious user downloads critical business data such as HR salary information or your customer list or tries to login with standard SAP admin users such as DDIC or SAP*.

Prevention, Detection and Response with a Single Solution

Commonly, solutions in SAP security focus on prevention only. ESNC Security Suite has both prevention, detection and response capability. You can enforce policies and detect if someone is breaching them.

Industry Specific Security Checks and Business Risks Analysis

For Oil, Gas and Utilities industries and many others such as banking and telecom in the line, ESNC offers built-in risks and security checks for your industry.

Pay only for what you need

Modular architecture of ESNC Security Suite allows you to have the functionality which is required for you. So you are only paying for what is needed by you.

Customize and Integrate to Your Existing Workflows

Easily customize your compliance rules and automatically create SAP workflow and case tickets for incidents or integrate to SAP Solution Manager and Enterprise Portal.

Regularly updated

SAP security and attacks evolve. ESNC Security Suite is regularly updated against most current SAP specific threats for protecting your systems.

SAP Vulnerability Assessment, SAP Penetration Testing, SAP Security Monitoring Done Modular

 


We built ESNC Security Suite to be modular and scalable for addressing SAP security audit and detection requirements of our customers. Our customers can focus on different aspects of SAP security for mitigating SAP security vulnerabilities based on their environment and they can increase their SAP security coverage over time. They can focus on different aspects of SAP security such as SAP GUI vulnerabilities or SAP portal hacking protection/mitigation or they can run different types of SAP audits in their landscape including an SAP HR audit.

The modular structure of ESNC Security Suite reduces the costs for SAP security and allows you to build a system which is scalable and future-proof.

You can start e.g. by our SAP audit and assessment module A01 for executing an SAP authorization audit and combine it with Risk Management and Remediation Module A04 to trigger SAP security activities and build an SAP IT audit checklist. Our SAP compliance module A02 allows checking your SAP audit baselines based on this customized security baseline on all of your SAP systems. In this scenario, you would need to only license the modules A01, A02 and A04.

After the initial fixes are done and SAP baselines are deployed, you can choose to add real-time monitoring (R01) for detecting and alerting about breaches. Over time you can add ABAP code security (C01), SIEM integration (R02) and SAP security policy enforcement (A03), so that you have a very good coverage of SAP security matters.

How does it work?
  • Pick your modules – Easy and quick to install
  • Select systems for scan, no specialized SAP knowledge is required
  • Scan in minutes
  • Start automated mitigation process, review results
  • Generate detailed reports, automatically assign tasks
  • Repeat as required
ESNC SAP Security Menu

ESNC Security Suite Modules

Pick and choose what is the best for you

  • A01 – Audit and Assessment for SAP

    Our Audit & Assessment module allows you to focus on business risks via technical analysis of your SAP infrastructure and segregation of duties assessment (SoD), where the focus is both on insider threats and Internet based attack vectors.

  • P01 – SAP Penetration Testing

    Black box SAP vulnerability testing / SAP penetration testing is an important part of the security lifecycle. We are the first to offer a SAP pentesting software for security professionals, internal audit teams, and for auditing companies, where no technical background is required.

  • A02 – ISO27001, PCI-DSS 3.0 and Compliance of SAP Systems

    Check your SAP system compliance against latest versions of industry standard compliance frameworks such as ISO27001, SoX, PCI-DSS and more. Easily implement rules and checklists for your organizational compliance frameworks and create baselines

  • C01 – ABAP Code Security Assessment & Correction

    Securing self developed ABAP programs, BSP pages, and DynPros is a big challenge for large organizations. With this module, any code that needs to go to production can be easily tested and critical security issues such as ABAP injection or privilege escalation can be addressed before any incident takes place.

  • A03 – Remediation and Risk Management

    Our SAP risk management module adds enhanced SAP authorization/segregation of duties functionality and landscape based dashboards which you can drill-down. It allows easier risk assessments with its increased analysis capability and supports you in getting the most out of SAP scan results. It simplifies SAP security review projects significantly.

  • R01 – Real-Time Monitoring & SAP Fraud Detection and Prevention

    SAP security actions must focus on detecting hacking attempts and on prevention of any security breaches. Our module detects hacking and fraud attempts in real-time. The required actions can be directly triggered through SAP workflow and deadline monitoring so that incidents are investigated on time.

  • A04 – Security Policy Enforcement

    Real-time policy enforcement is a critical step to remain in a secure state. Accidental changes when adding a new application server instance to the SAP system can lead to insecure/misconfigured SAP settings becoming productive. New SAP systems can be setup without proper hardening. Define organizational security policies and apply them automatically to any SAP system.

  • R02 – SIEM Integration

    Pre-collect and pre-correlate your SAP event information and automatically send this to any SIEM solution in its native format. ESNC’s long research and SAP background ensures that you get the right events in real time pushed into your SIEM solution.

ESNC Security Suite Software Licensing

ESNC Security Suite’s flexible modular structure allows our customers to pay only for the modules they require and it gives a path for expansion for getting more protected against SAP security vulnerabilities affecting them. Our customers can pick and choose the modules necessary for protecting their environment such as whether they need to protect against SAP portal hacking or they are interested in a SAP authorization audit. They can also use our product for auditing SAP transports as well. Please refer to the modules section for more information on the modules and their use cases.

The licensing is based on the selected modules and number of SAP systems / instances. We have multiple licensing options which would match the demands of large enterprises:

Perpetual License

This is the most typical licensing model. It allows a perpetual price to be paid for the licensing. Support and maintenance agreement is sold separately for release updates, threat definition updates and support requests.

Subscription License

This allows paying a monthly or yearly subscription fee. This fee includes maintenance, software updates, threat definition updates and support as well as licensing for the software during subscription period.

Enterprise License

This license allows unlimited SIDs to be analyzed and monitored by ESNC Security Suite during the duration of the licensing agreement. The typical duration is 3 years. Support and maintenance is sold separately.

Software as a Service (SaaS)

For SAP security audits and SAP vulnerability assessment services by ESNC consultants and partner organizations, SaaS model licensing is commonly used. This allows using the ESNC software during assessments. Typical license duration is 30 days for each individual SID.

Support and Maintenance

Standard Support and Maintenance

Covers release updates, definition updates and email support during regular business days.

Platinum Support and Maintenance

For mission critical systems we also offer platinum support. Please contact us for more information.

 

 

Did you know?
Often attackers start from the weakest link in the chain such as test and development systems. At an average 7% of the users on these systems have the same password in production. When an attacker breaches a test system, it is likely that it can jump to a QA or Prod system in many cases.

Integration Scenarios with Your SAP Landscape

 

ESNC Security Suite is a very powerful software solution both when used stand-alone or side-by-side with existing SAP technologies. ESNC already supports multi-user support and automated reporting out of box. We support many integration scenarios, based on the ESNC modules used. Some of this integration such as SIEM integration works out of the box and some integration might require minor customization e.g. for customized pre-correlation for SIEM events or for issue tracking/deadline monitoring with SAP Workflow for security issues or real-time events. Also minor customization is required for BO-BW integration and/or Enterprise Portal integration of the Risk Management dashboards.

Common integration scenarios and related modules:

  • Integration to SAP workflow for security analysis results (A01)
  • Integration with SAP Enterprise Portal, SAP Business Objects and SAP BW dashboards for ESNC Risk Management module (A03) and SAP compliance module (A02)
  • TMS/ChaRM integration and SAP Workflow integration for ESNC Code Security module (C01)
  • Integration with external SIEM appliances and Software for ESNC SIEM module (R02)
  • SAP Solution Manager integration (A01, A02, A03, A04, R01)
  • SAP HR integration for employee terminations (R01)
  • Integration with existing Risk Management and Compliance solutions for ISO27001 dashboards (A03)

ESNC Security Suite for SAP NetWeaver – Module [A01]

 

 

In-Depth SAP Vulnerability Assessment

  • A01 – Comprehensive SAP Audit Tool and Sap Vulnerability Scanner for Securing Large Enterprises

    Our Audit & Assessment module allows you to focus on business risks via technical assessment of your SAP infrastructure and segregation of duties analysis (SoD), where the focus is both on insider threats and Internet based attack vectors.

The ESNC provides the most comprehensive SAP security audit software to date. Analyzing many SAP systems for critical security issues is only a few clicks away. SAP security reviews can be completed much faster now.

Our SAP security scanner module analyzes all of your SAP application servers, their security configurations, SAP user authorizations and many other SAP components during an SAP audit. It creates SAP system security health check reports, which you can use for applying security best-practices to your SAP systems.

ESNC Security Suite audit and assessment module is an SAP security scanner which focuses on the most valuable, easy to exploit, and highest impacting SAP security issues. It reduces the costs of SAP audit projects and SAP validation/reassessment significantly.

 

ESNC Security Suite for SAP® NetWeaver™ Audit and Assessment Module Benefits for SAP Vulnerability Assessments and SAP Security Audits:

  • Transparent overview of your current SAP security posture in short time.
  • Regularly updated with latest SAP security threats.
  • Easy to use SAP scan tool for checking most important SAP security issues of your systems with a few clicks.
  • Easy to understand results with instructions on how to fix.
  • Analyze SAP security configuration of all of your application servers, systems and landscapes with each SAP audit.
  • Verify your change/configuration management processes with SAP security scan results.
  • Check which SAP users have critical authorizations and cause SoD violations.
  • Check and view secinfo/reginfo configuration, SAP system security parameters, message server configuration, SAP systems patching, Oracle DB security settings, SAP Hana security and many more.
  • Get detailed information based on SAP AG’s recommendations an references on how to fix your SAP security issues after each SAP security scan.

SAP Password Compliance Analysis – SAP User Security Audit

 

SAP security scan tasks cannot be fulfilled without proper SAP password security analysis. This analysis simulates an attacker gaining access to SAP password hash tables and running SAP password cracking tools, so that discovered passwords can be fixed before they can be misused.

The SAP passwords hashes are present on many tables such as USR02 and USH02. An attacker can use many attack paths to access those tables such as using a display user for viewing the USR02 table or using the remote function module RFC_READ_TABLE for reading them.

ESNC Security Suite analyzes compliance of SAP passwords to your organizational security policy with each SAP security scan. The customers are free to choose whether they want the SAP passwords to be displayed or masked. This restriction is enforced on the binary level and before the software is installed.

SAP password analysis module supports SAP hash codes B, F, G (BCODE and PASSCODE) and the latest SAP password hashes H and I (PWDSALTEDHASH). ESNC Security Suite is currently the only tool which can analyze latest SAP password hashes.

 

ESNC Security Suite - SAP User Password Security Analysis

Comprehensive SAP Security Audit Reports

All discovered issues are presented via state-of-art SAP security assessment reports. Reports include the findings of the SAP security scan, recommendations and action plan. All reports are exportable to multiple formats including XML, CSV, XLS and PDF.

 

ESNC Security Suite - SAP Security Report

 

Scheduling and Automated SAP Security Report Generation

System data retrieval and SAP security audit tasks can be scheduled with a few clicks. E.g. you can run the SAP security scan on your selected productive systems monthly for creating management dashboards and you can schedule the SAP security audit on QA and DEV systems for a different interval.

 

ESNC Security Suite - SAP Security Information Retrieval Scheduling

ESNC SAP Security Audit and Assessment module includes hundreds of checks including the following:

  • SAP Gateway Security Configuration including ACL Analysis
  • SAP Hana Security new
  • SAP Message Server Configuration
  • Weak Passwords of Business Users
  • SAP Single Sign-on security
  • SoD (Segregation of Duties) conflicts – User Authorizations Analysis
  • SAP User Password Policy
  • JMS, SAP Management Console and Relevant Components’ security
  • SAP Internet services, ITS security
  • Enterprise Portal Security
  • SAP Java Applications Security including Application Security Configuration new
  • Dynpros/WebDynpros/BSP pages security
  • Weak network filtering of SAP components
  • Missing SAP Security Patches/Notes
  • SAP Focused OS/Database Security
  • SAP Router Security new
  • SAP Security Auditing Settings
  • ADS and TREX security
  • SAP Software Deployment and Transport Security
  • SAP Security Audit Log Analysis and Intrusion Detection
  • HR – Employee Self Service Security Analysis new
  • RFC / Soap-RFC Enabled Applications Security
  • CPIC Security
  • Registered Server Security
  • EDI Interfaces
  • SAP Payment Card Interfaces Security (PCI) new

ESNC Security Suite for SAP NetWeaver – Module [A02]

SAP ISO27001, PCI-DSS 3.0, SoX (Sarbanes-Oxley) and Industry Specific Compliance

  • A02 – ISO27001, PCI-DSS 3.0 and Compliance of your SAP Systems

    Check your SAP system compliance against industry standard compliance frameworks such as ISO27001:2013, SoX, PCI-DSS 3.0 and more. Easily implement rules and checklists for your organizational compliance frameworks and baselines

ESNC Security Suite SAP Compliance Module Benefits:

  • Check your SAP systems against ISO27001:2013 compliance issues
  • Check your SAP systems against SoX (Sarbanes-Oxley) compliance issues
  • Check your PCI related SAP systems and payment interfaces against PCI-DSS 3.0 compliance new
  • Integrate with your existing compliance frameworks to get/update your ISO27001 maturity from all ISO domains
  • Configure and apply your own compliance related rules easily
  • Get reports showing the compliance status of your SAP systems and code

ESNC Security Suite for SAP NetWeaver – Module [A03]

SAP Risk Management and Automated Security Issue Fixing

  • A03 – Remediation and Risk Management

    The Risk Management module adds enhanced SAP authorization/segregation of duties functionality and landscape based dashboards which you can drill-down. It allows easier risk assessments with its increased analysis capability and supports you in getting the most out of SAP scan results and simplifies SAP security review projects significantly.

ESNC Security Suite SAP Risk Management Module Benefits:

  • Focus on all of your SAP systems’ security and their users from a single interface where you can easily group and filter SAP security issues based on your priorities. Enables horizontal and vertical issue solving e.g. focusing on a single issue on all systems or focusing on all security issues of a single system
  • Develop mitigation plans based on the SAP assessment results.
  • Trigger actions in SAP Workflow [see ESNC Security Suite integration]
  • Integrate results into SAP Enterprise Portal [see ESNC Security Suite integration]
  • Re-prioritize SAP security issues, create security acceptances (variances/exceptions), be notified when the variances/security exemptions expire
  • After each SAP scan, access to numerous charts which can be used in enterprise dashboards and SAP system progress tracking.  The dashboards can be accessed from Business Objects or BW too
  • Fix many security issues by applying the fixes on test systems with a couple of clicks to help SAP teams test the effects of the fixes faster. Quick fixing on test systems commonly means better support from the SAP teams to get the fixes transported to production and improve security

ESNC Security Suite for SAP NetWeaver – Module [A04]

SAP Security Policy Enforcement on Multiple Systems

  • A04 – Security Policy Enforcement

    Real time policy enforcement is a must to remain in a secure state. Accidental changes when adding a new application server instance to the SAP system can lead to insecure/misconfigured SAP settings becoming productive. New SAP systems can be setup without adhering to company policies. Define and setup organizational security policies and apply them automatically to any SAP system.

ESNC Security Suite SAP Security Policy Enforcement Module Benefits:

  • Define your security baselines and enforcement policies
  • Automatic security policy enforcement on selected SAP systems
  • Automatic baseline enforcement
  • Automatic forced reset of incompliant passwords
  • Automatic distribution of forbidden passwords for increasing SAP password security

ESNC Security Suite for SAP NetWeaver – Module [P01]

SAP Penetration Testing and Blackbox Vulnerability Assessment

  • P01 – SAP Penetration Testing

    Assurance testing / SAP penetration testing is an important part of the security lifecycle. We are the first to offer a SAP penetration testing software for security professionals, internal audit teams, and for auditing companies, where no technical background is required.

ESNC Security Suite SAP Penetration Testing Module Benefits:

  • Run blackbox SAP security analysis and SAP pentests on your systems with zero configuration
  • Requires very little knowledge to run. Designed with ease of use in mind
  • Many unauthenticated and authenticated attacks are possible
  • Built for speed and efficiency. Analyzes more than 1000 SAP systems within one hour.
  • Asset discovery and identification feature allows building SAP system inventory and discovering and assessing rogue SAP systems
  • ABAP injection toolkit allows demonstrating ABAP code injection related attacks
  • Attacks for SAP Gateways, SAP cryptographic components, SAP RFC, SAP ABAP and Java AS systems, ICF/ITS web services, remote password audit via RFC and HTTP, Dynamic function execution and more…
  • Test attacks to SAP single sign-on, which allow logging on to the SAP ABAP and Java systems via any user without using any password
  • Allows business data extraction and analysis
  • Dashboards and reporting which can be customized by organization’s own powerpoint template
Assurance testing / SAP penetration testing is an important part of the security lifecycle. We are the first to offer an SAP penetration testing software for security professionals, internal audit teams, and for auditing companies, where no technical background is necessary for enhancing your SAP security audit results and checking whether an attacker can harm your SAP system.

Just before any configuration changes – to see the actual status – or right after applying security hardening to your SAP systems, SAP security testing allows verifying that the security controls are functional. Companies such as SAP AG use ESNC Penetration Testing Suite for securing their SAP systems.

ESNC Penetration Testing Suite - SAP Security Scanner
With ESNC Penetration Testing Suite, you can run an SAP ABAP AS security audit or an SAP Java AS security review periodically. Combined with its excellent reporting features, you can track the progress of your entire system and report it to upper management.

Often, security professionals and auditors are challenged about the feasibility of the attacks by non technical people from business board, internal audit departments, and senior management. Either for getting approvals for a proper aligned SAP security project or for creating user and manager awareness, ESNC Penetration Testing Suite provides excellent SAP assurance testing for your enterprise. It is a state-of-art SAP security scanner and It can be used to support typical SAP audit activities, SoX audits and PCI-DSS assessments. SAP vulnerability assessment results can be used to eliminate the discovered SAP security issues and update detection capabilities. Development activities around SAP ABAP security and SAP Java security do not bring much value when SAP basis security is not in place.

ESNC Penetration Testing Suite includes many modules for testing critical components of SAP ABAP AS security and SAP Java AS security. One of these applications is our injection toolkit for ABAP. It allows running ABAP exploits and ABAP shellcode directly on the SAP systems’ core. It is a must-have tool for every SAP pentester and serious SAP auditor. SAP exploits are becoming more and more popular and criticality of a detected SAP security issue is best understood by actually exploiting it during an SAP security scan. The injection toolkit’s additional shellcodes can be obtained seperately.

ESNC Pentest Suite - SAP ABAP Injection Exploit Toolkit
ESNC Penetration Testing Suite is now a module of ESNC Security Suite. It uses SAP certified components to connect to SAP systems.

ESNC Security Suite for SAP NetWeaver – Module [C01]

ABAP Code Security and Vulnerability Assessment

  • C01 – ABAP Code Security Assessment & Correction

    Securing self developed ABAP programs, BSP pages, and DynPros is a difficult task for large organizations. With this module, any code that needs to go to production can be easily tested and critical security issues such as ABAP injection or privilege escalation can be addressed before any incident takes place.

ESNC Security Suite ABAP Code Security Module Benefits:

  • Run blackbox SAP security analysis and SAP pentests on your systems with zero configuration
  • Requires very little knowledge to run. Designed with ease of use in mind
  • Many unauthenticated and authenticated attacks are possible
  • Built for speed and efficiency. Analyzes more than 1000 SAP systems within one hour.
  • Asset discovery and identification feature allows building SAP system inventory and discovering and assessing rogue SAP systems
  • ABAP injection toolkit allows demonstrating ABAP code injection related attacks
  • Attacks for SAP Gateways, SAP cryptographic components, SAP RFC, SAP ABAP and Java AS systems, ICF/ITS web services, remote password audit via RFC and HTTP, Dynamic function execution and more…
  • Test attacks to SAP single sign-on, which allow logging on to the SAP ABAP and Java systems via any user without using any password
  • Allows business data extraction and analysis
  • Dashboards and reporting which can be customized by organization’s own powerpoint template

Securing self developed ABAP programs, BSP pages, and DynPros is a difficult task for large organizations. Without the presence of automated tools, it is almost impossible to accomplish.

We believe that in any system where development is done, secure software lifecycle models must be implemented, regular SAP security audits should be extended to include ABAP security reviews and business processes must be alligned considering security development lifecycle best practices. Typically companies mostly apply ABAP performance review activities and ignore the security part.

We help companies by offering them our ABAP code security solution that covers most critical aspects of ABAP security including BSP security. Any code that needs to go to production can be easily tested and critical security issues such as ABAP injection or privilege escalation can be addressed before any incident takes place.

ESNC Code Security Module – Securing your ABAP Development Objects

We support many scenarios for manual or automated scanning based issue detection and mitigation. The scenario details can be found below:

Scenario I: Periodic Scanning ABAP Code

For simplicity in detecting and resolving code related issues, periodic scans can be executed from a single location. The target systems can be all systems including DEV, QA and PROD. Reports can be manually reviewed, prioritized an distributed to developers.

At this phase, we also support our customers with our services focusing on priorization of the issues and mitigation strategies.

Scenario II: Mandatory Code Scan Before Releasing a Transport

On certain systems, it is not desired that the developer releases a transport which doesn’t adhere company’s security policies. ESNC Code Security can be used to enforce such policies. In this case, developer’s code must pass all mandatory checks, otherwise transport is not released. For flexibility, companies can include “nice to have” checks which are not mandatory, in this case the developer is only notified of such defects, they are not enforced.

Scenario III: Integrating ABAP Code Security with Business Processes, ChaRM and SDL

ESNC Code Security allows approval processes to be implemented. This allows better handling cases where exceptions to the enforced rules are desired.

Scenario IV: Broad Coverage and Process Integration

ABAP code can be changed in a variety of ways including tools like RS_REPAIR_SOURCE programs or maliciously via ABAP rootkits/backdoors. To ensure that the developed code is running on the productive system without any malicious changes, we recommend configuring ESNC Code Security on all of the SAP systems in the landscape and enabling code difference verification feature. With this feature, you will be alerted when a code released for transport is later directly changed in other sytems e.g. the production system. The rules for this checks can be configured based on the customers’ requirements.

ESNC - ABAP Security via TMS - Charm and Proactive Security

ESNC Code Security – Additional Features

Flow Analysis for ABAP

ESNC Code Security Analysis Engine includes code flow analysis since 2010 for detecting SAP ABAP security threats that span to multiple ABAP reports, functions or classes. Based on it’s capabilities we detected vulnerabilities in SAP AG’s code and informed them. SAP released security patches for its products for these vulnerabilities in 2010 and later.

Flexible Rule Engine

ESNC Code Security Analysis Engine allows easy implementation of custom rules for ABAP security reviews. This powerful feature allows customers to build up their ABAP security and ABAP performance related rules. It is possible to specify criticality and weight of the rules and whether they should appear on the final report as well.

The rule logic is only limited by the available memory and processing power.

ESNC Code Security for SAP ABAP - Security Rule Configuration

ABAP Performance and Compliance Checks

ESNC Code Security includes rules for checking code quality, performance and compliance related issues of your ABAP code.

Differential Scans

ESNC Code security allows comparing applications on different times. Based on the result of the initial findings, the improvements or newly introduced issues can easily be determined. This feature can also be used to compare code in two different systems.

ESNC Code Security for SAP ABAP - Security Analysis Comparison

Accepting Risks/Eliminating False Positives

ESNC Code Security allows accepting the risks or marking desired findings as false positive. These issues do not appear at later scans (until they expire), increasing the quality of the findings each time a scan is performed. The results shown in risk management dashboards and other dashboards always take into account accepted security risks.

ESNC Code Security for SAP ABAP - Evaluating Risks
ESNC Code Security for SAP ABAP - Risk Management

ESNC Security Suite for SAP NetWeaver – Module [R01]

Real-Time Threat Monitoring and Fraud Detection on SAP systems

  • R01 – Real-Time Threat Monitoring & SAP Fraud Detection and Prevention

    SAP security efforts must focus on detecting hacking attempts and on prevention of any security breaches. Our module detects hacking and fraud attempts in real-time. The required actions can be directly triggered through SAP workflow and deadline monitoring to ensure incidents are investigated on time.

ESNC Security Suite Real-Time Enterprise Threat Monitoring and Fraud Detection Module Benefits:

  • Monitor the security of your SAP systems 7/24
  • Be informed of attacks and breaches
  • Detect when someone downloads business critical information such as customer information, payroll data, pricing, financial reporting and/or profit margins
  • Detect when a user is added to a production system via unauthorized users
  • Detect when certain transactions are executed on production systems
  • Detect when production systems are opened for changes and modification
  • Build a safety net based on business processes e.g. automatically detect and block SAP users when the associated employees are terminated in SAP HR
  • Detect business related fraud scenarios such as a user changing a vendor bank account and posting an invoice to it
  • Detect violations of four-eyes principles
  • Automatically block many types of SAP specific attacks via blocking users in SAP system or by triggering firewall/switch/IPS block rules
  • Inform relevant incident response teams via automated processes
  • Easily customize rules based on your organizational requirements

ESNC Security Suite for SAP NetWeaver – Module [R02]

SAP SIEM Integration

  • R02 – SIEM Integration

    Pre-collect and pre-correlate your SAP event information and automatically send this to any SIEM solution in its native format. ESNC’s long research and SAP background ensures that you get the right events in real time pushed into your SIEM solution.

ESNC Security Suite SAP SIEM Integration Module Benefits:

  • Integrate the results of pre-correlated SAP real-time monitoring analyis and fraud detection results to SIEM products
  • Automatically extract and forward SAP Security Log Information, SAP System Log Information
  • Automatically extract and forward SAP Critical Table Changes, Critical Authorization Changes, SAP Security Configuration Issues, SAP Audit Compliance Status
  • Supports HP ArchSight native format
  • Supports IBM QRadar Leef format
  • Supports TCP/UDP/SSL Syslog formats for integrating with any SIEM solution