Systematically close security gaps
SIEM monitoring systems do not provide sufficient protection for SAP systems because they do not "understand" the specific SAP protocols and evaluation options and thus cannot identify all possible attack patterns. Enterprises which want to protect their SAP systems from fraudulent insiders, economic spies and external hackers are therefore forced to "upgrade" their SIEM systems. This requires some time and costs as well as significant SAP expertise. With SAP Enterprise Threat Detection (ETD), this effort can be avoided and the gap in critical infrastructure monitoring can be closed. SAP ETD can either be integrated into existing SIEM systems or operated as a stand-alone solution and can be used for monitoring SAP systems and non-SAP systems.
Identify attack scenarios using patterns
Cybercrime has many faces and uses many attack vectors. For this reason, SAP ETD provides preconfigured patterns that address known attack patterns. As new attack patterns are constantly being developed and to ensure that the patterns are always up-to-date, SAP also provides regular updates. Where the protection requirements of particular data/systems are critical – custom patterns can also be developed and not yet standardized system logs can be learned (log learning).
Comprehensive protection thanks to targeted log file analysis
ETD is a real-time solution from SAP that can read not only all log files of SAP applications, but also non-SAP systems. ETD offers not only technical, but also semantic application-specific analyses of the SAP protocols. This allows you to detect in real time, for example, when unauthorized postings are made in a system or e-mails are infiltrated with malware. Since the ETD solution is based on the SAP HANA in-memory platform, large amounts of data can be processed rapidly. If there is an attack on SAP systems and the running applications, ETD detects them and triggers an alert to which predefined follow-up activities can be linked, so the response playbook is defined and built in. ETD also supports forensic analysis. A close examination of the events after an alert helps to understand how the attack occurred, what happened, who was involved, and which systems were involved. The results can then be directly incorporated into the development of new custom patterns.
Product characteristics & features
- Out-of-the-box Integration with all SAP logs (switch on and you're done)
- Compatibility with all log types (through log learning)
- Numerous patterns for analysis including regular pattern updates by SAP (every other month)
- Integration of current and individually defined patterns for attack detection and ad hoc analysis
- Support for forensic analysis
- Pseudonymization for the initial protection of employees
- Pure HANA (DB) application - not based on ABAP
- On-premise or managed service deployment
"Cybercrime is on the rise. That is why it is not enough today to rely on pure prevention. Instead, companies need to create the necessary conditions to prevent real-time hacking, because fraud and security incidents in the SAP environment can cause serious damage. Based on SAP Enterprise Threat Detection, we help you protect your business against domestic and external attacks in the best possible way."
Olaf Tetzlaff (Your ETD expert)