Secure SAP Hana, SAP ABAP, SAP Java, SAP Router and many other SAP technologies which are powering your business.

With our enterprise dashboards, see the current status of your SAP security based on information of all your SAP systems, whenever you need it.

SAP security and attacks evolve. ESNC Security Suite is regularly updated against most current SAP specific threats for protecting your systems.

ESNC Security Suite Modules

Choose what is the best for you

  • List item image

    A01 – Audit and Assessment for SAP

    Our Audit & Assessment module allows you to focus on business risks via technical analysis of your SAP infrastructure and segregation of duties assessment (SoD), where the focus is both on insider threats and Internet based attack vectors.


  • List item image

    P01 – SAP Penetration Testing

    Black box SAP vulnerability testing / SAP penetration testing is an important part of the security lifecycle. Simulate real-life attacks and increase security awareness of key stakeholders using our penetration testing module.


  • List item image

    A02 – GDPR, SoX, ISO27001, PCI-DSS and Compliance of SAP Systems

    Check your SAP system compliance against latest versions of industry standard compliance frameworks such as EU-GDPR, ISO27001, SoX, PCI-DSS and more. Easily implement rules and checklists for your organizational compliance frameworks and create baselines


  • List item image

    C01 – ABAP Code Security Assessment

    Securing self developed ABAP programs, BSP pages, and DynPros is a big challenge for large organizations. With this module, any code that needs to go to production can be easily tested and critical security issues such as ABAP injection or privilege escalation can be addressed before any incident takes place.


  • List item image

    A03 – Remediation and Risk Management

    Our SAP risk management module adds enhanced SAP authorization/segregation of duties functionality and landscape based dashboards which you can drill-down. It allows easier risk assessments with its increased analysis capability and supports you in getting the most out of SAP scan results. It simplifies SAP security review projects significantly.


  • List item image

    R01 – Real-Time Monitoring & SAP Fraud Detection and Prevention with Enterprise Threat Monitor

    Enterprise threat detection is a prerequisite for any proper SAP security implementation. SAP security actions must focus on detecting hacking attempts and on prevention of any security breaches. Please refer to www.enterprise-threat-monitor.com for more information


  • List item image

    A04 – Security Policy Enforcement

    Policy enforcement is a critical step to remain in a secure state. Accidental changes when adding a new application server instance to the SAP system can lead to insecure/misconfigured SAP settings becoming productive. New SAP systems can be setup without proper hardening. Define  organizational security policies and ensure right teams are informed as soon as a violation occurs.


  • List item image

    R02 – Enterprise Threat Monitor SIEM Integration Add-on

    Pre-collect and pre-correlate your SAP event information and automatically send this to any SIEM solution in its native format. ESNC’s long research and SAP background ensures that you get the right events in real time pushed into your SIEM solution.


Often attackers start from the weakest link in the chain such as test and development systems. At an average 7% of the users on these systems have the same password in production. When an attacker breaches a test system, it is likely that it can jump to a QA or Prod system in many cases.

ESNC Security Suite Software Licensing & Support

 

ESNC Security Suite refers to independent applications developed by ESNC which offer subscription licensing model (licensing rental) based on various parameters. Please contact us for options specific to your SAP environment and requirements.

Support and Maintenance

Standard Support and Maintenance

Covers release updates, definition updates and email support during regular business days.

Enterprise Support and Maintenance

Only available with enterprise license. Please contact us for more information.

Platinum Support and Maintenance

For our enterprise customers which have mission critical landscapes, we offer platinum support. Please contact us for more information.

Integration Scenarios with Your SAP Landscape

 

ESNC supports many integration scenarios, based on the ESNC applications used. Some of this integration such as SIEM integration works out of the box and some integration might require minor customization e.g. for customized pre-correlation for SIEM events or for issue tracking/deadline monitoring with SAP Workflow for security issues or real-time events. Also some customization via professional services is required for BO-BW integration and/or Enterprise Portal integration of the Risk Management dashboards.

ESNC Security Suite for SAP NetWeaver and S4/Hana – Module [A01]

In-Depth SAP Vulnerability Assessment

  • List item image

    A01 – Comprehensive SAP Audit Tool and Sap Vulnerability Scanner for Securing Large Enterprises

    Our Audit & Assessment module allows you to focus on business risks via technical assessment of your SAP infrastructure and segregation of duties analysis (SoD), where the focus is both on insider threats and Internet based attack vectors.


The ESNC provides the most comprehensive SAP security audit software to date. Analyzing many SAP systems for critical security issues is only a few clicks away. SAP security reviews can be completed much faster now.

Our SAP security scanner module analyzes your SAP systems, their security configurations, SAP user authorizations and many other SAP components during an SAP audit. It creates SAP system security health check reports, which you can use for applying security best-practices to your SAP systems.

 

ESNC Security Suite for SAP® NetWeaver™ and S4/Hana® Audit and Assessment Module Benefits for SAP Vulnerability Assessments and SAP Security Audits:

  • Transparent overview of your current SAP security issues.
  • Regularly updated with latest SAP security publications.
  • Easy to understand results with instructions on how to fix.
  • Verify your change/configuration management processes with SAP security scan results.
  • Check and view secinfo/reginfo configuration, SAP system security parameters, message server configuration, SAP systems patching, Oracle DB security settings, SAP Hana security and many more.
  • Get detailed information based on SAP SE’s recommendations and references on how to fix your SAP security issues after each SAP security scan.

ESNC SAP Security Audit and Assessment module includes hundreds of checks including the following:

  • SAP Gateway Security Configuration including ACL Analysis
  • SAP Hana 2 Security
  • SAP Message Server Configuration
  • SAP Single Sign-on security
  • SoD (Segregation of Duties) conflicts – User Authorizations Analysis
  • JMS, SAP Management Console and Relevant Components’ security
  • Missing SAP Security Patches/Notes
  • SAP Router Security
  • Enterprise Portal Security
  • SAP Security Audit Log Configuration Analysis
  • RFC / Soap-RFC Enabled Applications Security
  • SAP Payment Card Interfaces Security (PCI)

ESNC Security Suite for SAP – Module [A02]

SAP GDPR, ISO27001, PCI-DSS 3.0, SoX (Sarbanes-Oxley) and Industry Specific Compliance

  • List item image

    A02 – ISO27001, PCI-DSS 3.0 and Compliance of your SAP Systems

    Check your SAP system compliance against industry standard compliance frameworks such as ISO27001:2013, SoX, PCI-DSS 3.0 and more. Easily implement rules and checklists for your organizational compliance frameworks and baselines


ESNC Security Suite SAP Compliance Module Benefits:

  • Check your SAP systems against ISO27001:2013 compliance issues
  • Check your SAP systems against SoX (Sarbanes-Oxley) compliance issues
  • Check your PCI related SAP systems and payment interfaces against PCI-DSS 3.0 compliance new
  • Integrate with your existing compliance frameworks to get/update your ISO27001 maturity from all ISO domains
  • Apply best practices including ISACA or DSAG SAP security recommendations
  • Configure your internal SAP security guidelines or Gold Standard
  • Get reports showing the compliance status of your SAP systems

ESNC Security Suite for SAP – Module [A03]

SAP Risk Management and Remediation

  • List item image

    A03 – Remediation and Risk Management

    The Risk Management module adds enhanced SAP authorization/segregation of duties functionality and landscape based dashboards which you can drill-down. It allows easier risk assessments with its increased analysis capability and supports you in getting the most out of SAP scan results and simplifies SAP security review projects significantly.


ESNC Security Suite SAP Risk Management Module Benefits:

  • Focus on all of your SAP systems’ security and their users from a single interface where you can easily group and filter SAP security issues based on your priorities. Enables horizontal and vertical issue solving e.g. focusing on a single issue on all systems or focusing on all security issues of a single system
  • Develop mitigation plans based on the SAP assessment results.
  • Trigger actions in SAP Workflow [see ESNC Security Suite integration]
  • Re-prioritize SAP security issues, create security acceptances (variances/exceptions), be notified when the variances/security exceptions expire
  • After each SAP scan, access numerous charts which can be used in enterprise dashboards and SAP system progress tracking.

ESNC Security Suite for SAP – Module [A04]

Security Policy Enforcement on SAP Systems

  • List item image

    A04 – Security Policy Enforcement

    Real time policy enforcement is an important process to remain in a secure state. Accidental changes when adding a new application server instance to the SAP system can lead to insecure/misconfigured SAP settings becoming productive. New SAP systems can be setup without adhering to company policies. Define and setup organizational security policies and provide notifications when policies are in-compliant.


ESNC Security Suite SAP Security Policy Enforcement Module Benefits:

  • Define your security baselines and enforcement policies
  • Define system groups and categories for communication
  • Setup alerts to relevant teams when a violation occurs

ESNC Security Suite for SAP – Module [P01]

SAP Penetration Testing and Blackbox Vulnerability Assessment

  • List item image

    P01 – SAP Penetration Testing – ESNC Penetration Testing Suite

    Assurance testing / SAP penetration testing is an important part of the security lifecycle. Simulate attackers and increase awareness using our penetration testing module


ESNC Security Suite SAP Penetration Testing Module Benefits:

  • Run blackbox SAP security analysis and SAP pentests on your systems with zero configuration
  • Many unauthenticated and authenticated attacks are possible
  • Built for speed and efficiency. Analyzes more than 1000 SAP systems within one hour.
  • Find out traces of shadow IT
  • ABAP injection toolkit allows demonstrating ABAP code injection related attacks
  • Attacks for SAP Gateways, SAP cryptographic components, SAP RFC, SAP ABAP and Java AS systems, ICF/ITS web services, and more…
  • Test attacks to SAP single sign-on, which may allow logging on to the SAP ABAP and Java systems via any user without using any password

ESNC Security Suite for SAP – Module [C01]

ABAP Code Security and Vulnerability Assessment

  • List item image

    C01 – ABAP Code Security Assessment

    Securing self developed ABAP programs, BSP pages, and DynPros is a difficult task for large organizations. With this module, any code that needs to go to production can be easily tested and critical security issues such as ABAP injection or privilege escalation can be addressed before any incident takes place.


ESNC Security Suite ABAP Code Security Module Benefits:

  • Analyze your current state of ABAP security
  • Find out if your custom ABAP code applies best practices
  • Detect performance related issues
  • Establish trends and see progress

ESNC Security Suite for SAP – Module [R01]

Real-Time Threat Monitoring and Fraud Detection on SAP systems

  • List item image

    R01 – Real-Time Threat Monitoring & SAP Fraud Detection and Prevention with Enterprise Threat Monitor™

    Enterprise threat detection is critical for ensuring proper SAP security incident monitoring and response. SAP security efforts must focus on detecting hacking attempts and on prevention of any security breaches.

    Our module R01 (Enteprise Threat Monitor) contains numerous threat monitoring cases and it detects SAP hacking activities in real-time. Customers focused on fraud detection on SAP can use license the advanced version of Enterprise Threat Monitor or the Fraud Detection Add-on, which comes with many built-in SAP fraud cases related to general ledger, procure to pay, order to cash and inventory processes – ready to run.

    Using ETM, SAP customers can detect attacks and ensure SAP security and SAP fraud incidents are investigated on time.


Enterprise Threat Monitor Benefits:

  • Monitor the security of your SAP systems 7/24
  • Be informed of attacks and breaches
  • Detect when someone downloads business critical information such as customer information, payroll data, pricing, financial reporting and/or profit margins
  • Detect when a user is added to a production system via unauthorized users
  • Detect when certain transactions are executed on production systems
  • Detect when production systems are opened for changes and modification
  • Build a safety net based on business processes e.g. automatically detect suspicious access SAP users when the associated employees are terminated in SAP HR
  • Detect business related fraud scenarios such as a user changing a vendor bank account and posting an invoice to it
  • Detect violations of four-eyes principles
  • Automatically block many types of SAP specific attacks via blocking users in SAP system or by triggering firewall/switch/IPS block rules
  • Inform relevant incident response teams via automated processes
  • Easily customize rules based on your organizational requirements

Announcing: Enterprise Threat Monitor as a managed security service. See how you can leverage MSS to reduce cost of SAP security monitoring.

ESNC Security Suite for SAP – Module [R02]

SAP SIEM Integration

  • List item image

    R02 – SAP SIEM Integration

    Pre-collect and pre-correlate your SAP event information and automatically send this to any SIEM solution in its native format. ESNC’s long research and SAP background ensures that you get the right events in real time pushed into your SIEM solution.


ESNC Security Suite SAP SIEM Integration Module Benefits:

  • Integrate the results of pre-correlated SAP real-time monitoring analysis and fraud detection results to SIEM products
  • Define actions such as creating ServiceNow tickets based on the detection results
  • SAP ArcSight integration with HP ArchSight native format
  • SAP QRadar integration Supports IBM QRadar Leef format
  • SAP Splunk integration uses Splunk’s HTTPs event collector
  • Supports TCP/UDP/SSL Syslog formats for integrating with any SIEM solution including McAfee SIEM
  • Support for load balancing, event thresholds and many other features.