A recent research by Onapsis reveals a 400% increase in ransomware incidents that involved compromising SAP systems, including a significant rise in malicious activities and ransomware threats targeting SAP applications. As sophisticated and well-established threat actors increasingly focus on SAP systems, protecting these applications has become a critical priority for organizations for preserving operational integrity and protecting sensitive data.

SAP has put measures in place to protect data and applications hosted in SAP environments and provides a range of security features, including user authentication and authorization, encryption, access, and monitoring controls like SAProuter. SAProuter acts as a proxy in a network connection between SAP systems or between SAP systems and external networks and acts as a network entry point for attackers. However, if compromised, SAProuter can allow unauthorized access to an organization's vital SAP system.

While vulnerability management and threat and security monitoring are the go-to strategies used by organizations, these often do not fully support SAP systems. This results in teams lacking the visibility and context needed to effectively detect and address vulnerabilities, and to monitor for any suspicious activities within the external-facing application.

Onapsis provides automation capabilities and in-depth threat intelligence from its Onapsis Research Labs to simplify securing complex SAP landscapes. Onapsis Assess supports SAProuter, enabling customers to extend their vulnerability management to SAProuter. With automated, targeted scans and risk-driven analysis, users can better prioritize and expedite their response to potential threats. This removes the need for manual reviews of SAProuter SecurityNotes and releases, automatically detecting insecure configurations that could permit unauthorized access to SAP systems.

Additionally, Onapsis has updated Onapsis Defend to support SAProuter. This capability allows customers to continuously monitor SAProuter for insider threats and potential indicators of compromise. Users can swiftly detect unauthorized access through targeted alerts for specific user logins, external network logins, and unusual or failed login attempts, and can identify unapproved or unexpected changes to the access control list (ACL) that could permit unauthorized access to their SAP systems. Onapsis Defend leverages advanced threat detection rules to automatically monitor over 2,000 threat indicators, including zero-day threats, across various SAP assets such as ABAP, JAVA, HANA, and SAProuter. Powered by real-time threat intelligence, anomaly scores, and user behavior analysis, it prevents threats from reaching the critical SAP application layer and enhances existing network security by integrating vendor-agnostic, open-source rules for detecting network-based SAP attacks, based on the threat intelligence provided by Onapsis Research Labs.

The Onapsis Platform operates independently of SAP systems and ensures that the security and performance of SAP landscapes remain uncompromised and unaffected. It provides visibility into essential SAP systems, enabling teams to understand, manage, and resolve security, compliance, and availability issues by using advanced analytics, reporting, and automation tools.