SAP Enterprise Threat Detection (ETD)

Real-time Defense against Internal and External Threats

When it comes to the security of IT environments, SIEM products (Security, Information and Event Management) in SAP shops often fall short because they cannot fully interpret the SAP log files. SAP Enterprise Threat Detection (ETD) solves this problem. The monitoring software helps companies identify and prevent cyberattacks in real time by comprehensively analyzing the central log files of both SAP and non-SAP applications.

Systematically close security gaps

SIEM monitoring systems do not provide sufficient protection for SAP systems because they do not "understand" the specific SAP protocols and evaluation options and thus cannot identify all possible attack patterns. Enterprises which want to protect their SAP systems from fraudulent insiders, economic spies and external hackers are therefore forced to "upgrade" their SIEM systems. This requires some time and costs as well as significant SAP expertise. With SAP Enterprise Threat Detection (ETD), this effort can be avoided and the gap in critical infrastructure monitoring can be closed. SAP ETD can either be integrated into existing SIEM systems or operated as a stand-alone solution and can be used for monitoring SAP systems and non-SAP systems.

Identify attack scenarios using patterns

Cybercrime has many faces and uses many attack vectors. For this reason, SAP ETD provides preconfigured patterns that address known attack patterns. As new attack patterns are constantly being developed and to ensure that the patterns are always up-to-date, SAP also provides regular updates. Where the protection requirements of particular data/systems are critical – custom patterns can also be developed and not yet standardized system logs can be learned (log learning).

Comprehensive protection thanks to targeted log file analysis

ETD is a real-time solution from SAP that can read not only all log files of SAP applications, but also non-SAP systems. ETD offers not only technical, but also semantic application-specific analyses of the SAP protocols. This allows you to detect in real time, for example, when unauthorized postings are made in a system or e-mails are infiltrated with malware. Since the ETD solution is based on the SAP HANA in-memory platform, large amounts of data can be processed rapidly. If there is an attack on SAP systems and the running applications, ETD detects them and triggers an alert to which predefined follow-up activities can be linked, so the response playbook is defined and built in. ETD also supports forensic analysis. A close examination of the events after an alert helps to understand how the attack occurred, what happened, who was involved, and which systems were involved. The results can then be directly incorporated into the development of new custom patterns.

Product characteristics & features

  • Out-of-the-box Integration with all SAP logs (switch on and you're done)
  • Compatibility with all log types (through log learning)
  • Numerous patterns for analysis including regular pattern updates by SAP (every other month)
  • Integration of current and individually defined patterns for attack detection and ad hoc analysis
  • Support for forensic analysis
  • Pseudonymization for the initial protection of employees
  • Pure HANA (DB) application - not based on ABAP
  • On-premise or managed service deployment

Your benefits at a glance

  • Centrally collect security events and information on attack detection and analysis
  • Increase operational security through automated alerts in the event of system attacks and data integrity
  • Monitoring systems in real time
  • Proactive threat detection through comprehensive logfile analysis
  • Efficient monitoring of internal processes
  • Automatically check attack patterns using defined patterns
  • Simplify data protection-compliant logging and evaluation by supporting pseudonymization
  • Support the business with comprehensive reporting functions

"Cybercrime is on the rise. That is why it is not enough today to rely on pure prevention. Instead, companies need to create the necessary conditions to prevent real-time hacking, because fraud and security incidents in the SAP environment can cause serious damage. Based on SAP Enterprise Threat Detection, we help you protect your business against domestic and external attacks in the best possible way."

Olaf Tetzlaff (Your ETD expert)