Has Your System Been Breached?

Since cyber attackers are aware of methods for breaking into SAP systems, companies need to take countermeasures. It is important that they know what data they should analyze to detect where their systems have been compromised, according to Juan Perez-Etchegoyen of Onapsis. In his upcoming Cybersecurity for SAP Customers 2018 session, “Detect and Respond: How to Tell If You Have Been Breached,” in Prague, he warns of a number of vulnerabilities and then in demos provides remedies.

For example, a cyber attacker with just a few authorizations can enter your system and then prevent evidences of the breach to be shown to users, unless you take countermeasures. SAP Security Note 1926485 warns that SAP NetWeaver does not check user authorizations when deleting message classes. That means a user with access to transaction code SE92 can delete messages, and SAP events are not shown. The solution to avoid this issue is to apply the mentioned SAP Security Note on the system, which can be done manually or by upgrading the Support Package of the ABAP system.

Another example: Limits are defined for the security audit log. By default, no more than 100M logs can be saved per day. When the maximum size is reached, the system stops the logging. Attackers could generate records in the Security Audit Log, reach its size limitation, and turn off logging.

During the presentation, Juan Perez-Etchegoyen will detail ways to prevent this issue, including proper sizing of the logging and tracing mechanisms to avoid reaching the defined limits. The presentation includes different improvements you can implement to not only secure your SAP ABAP, Java, and SAP HANA systems, but also to be prepared in the event of a breach.

You can learn more about strategies to secure SAP systems at Cybersecurity for SAP Customers 2018 to be held in Prague from June 27 to 29. Visit www.sapcybersecurity2018.com for more information.