5 Reasons to Deploy Malware Protection at the SAP Application Layer

⇨ SAP applications make prime targets for cyberattacks due to their importance and the valuable information they handle as they play a central role in managing sensitive data (such as personal information, financial data, and business intelligence) and essential business processes.

⇨ Traditional antivirus solutions at the operating system level are insufficient for protecting SAP applications. They focus on monitoring file system access rather than the specific file transfers managed within SAP application servers or gateways. This gap highlights the necessity for specialized solutions like SAP VSI, which integrate directly with SAP's infrastructure to provide effective protection against vulnerabilities specific to SAP systems.

⇨ Implementing virus and content scanning using SAP's Virus Scan Interface (VSI) is crucial because aligns with SAP's own recommendations dating back to 2016, emphasizing the need for comprehensive scanning during file uploads, downloads, and transitions.

SAP applications are prime targets for cyberattacks due to their critical roles in business operations. These systems store and manage sensitive data including personal information, customer and supplier details, and PCI-relevant billing and credit card information. SAP applications also manage key business processes such as procurement, production, inventory management, sales, human resources, and finance, and deliver essential business intelligence which supports crucial decision-making. SAP applications are especially appealing to threat actors, given they are the center of vital business functions and valuable information, hence, they need the appropriate virus protection measures.

As more SAP systems exposed to the internet are being targeted by attackers with growing expertise in SAP-specific vulnerabilities, these are also prompting warnings from the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security (US-DHS). This makes it crucial to protect SAP systems and their users from content-based attacks as threat actors become more adroit at compromising SAP systems.

Below are the top five reasons why organizations should implement virus and content scanning at the application layer using SAP VSI:

1. SAP Recommends It: Since the first Security Guide for S/4 HANA in 2016, SAP has emphasized the importance of virus scanning, recommending the use of a VSI 2.x-compliant virus scanner. This scanner should be integrated into various stages of processing, such as during file uploads, downloads, and gateway transitions, and configured to perform signature scans, MIME-type detection, and active content detection.
2. Audit Compliance: Auditors now expect SAP applications to have virus scanning for file uploads. SAP_BASIS 757 and related SAP notes highlight this requirement, and the Security Audit Log will generate warnings for unscanned file transfers, flagging them as business risks needing mitigation.
3. Red Team and Penetration Testing: Security evaluations by penetration testers or red teams include testing the application’s file-upload functionalities for vulnerabilities. Without a VSI-compliant security solution, these tests might expose weaknesses like unrestricted file uploads and reliance on file name or extension, which are critical vulnerabilities.
4. OS-Level Antivirus Limitations: OS-level antivirus solutions do not protect SAP applications effectively because they monitor file system access rather than the file transfers managed by the SAP application server or gateway. Uploaded files are stored in the database or document management systems, bypassing OS-level scans.
5. Regulatory Liability: Cybersecurity regulations in the US and EU mandate the implementation of malware protection. Standards such as ISO 27002, PCI DSS, HIPAA, and others require state-of-the-art solutions like SAP’s Virus Scan Interface (VSI). Failing to implement VSI-based protection can be considered negligence, potentially leading to liability for damages caused by malware downloaded from your SAP applications.

As attackers continue to improve their methods for identifying vulnerabilities in SAP systems, organizations must also enhance their defenses. This involves implementing solutions to continuously monitor SAP applications and offer real-time, in-memory protection against various types of attacks, ensuring the security of mission-critical systems and data.

However, standard antivirus solutions are unable to address malware, cross-site scripting attacks, and active content vulnerabilities within SAP applications. These traditional solutions focus on protecting file systems and only cover a limited range of content threats. To address these gaps, SAP developed NW-VSI, a virus-scanning and content-security interface integrated into the application infrastructure. However, while SAP has this anti-virus interface, (NW-VSI), regular anti-virus software is not compatible with it.

Bowbridge Anti-Virus for SAP Solutions leverages expertise in SAP and information technology to deliver robust protection against cyberattacks. The software integrates seamlessly with SAP’s unique internal architecture, providing effective antivirus security for both on-premises application servers and cloud deployments. . Bowbridge’s SAP Solutions are specifically designed for SAP applications, and operate seamlessly in the background, providing security for ABAP and Java-based SAP applications, SAP Business Objects, and new solutions built on SAP HANA and UI5/FIORI, without requiring any code changes. With over five thousand installations across leading enterprises and cloud infrastructures worldwide, Bowbridge SAP solutions provide malware protection and content security for SAP applications.