New Onapsis Platform Updates Deliver Deeper SAP Security

Today’s dynamic threat situation for SAP customers is complex. This makes the relevance of cybersecurity tools and strategies increasingly important, and a topic that organizations must actively address. With SAP systems being increasingly targeted by threat actors, SAPinsider’s most recent cybersecurity research found that nearly one in four (23%) respondents reported experiencing some form of attack that impacted their SAP systems over the preceding year, organizations cannot afford to lose focus when it comes to protecting those systems.

Helping address this need, Onapsis has announced significant updates to the Onapsis Platform for SAP that will be available in late September 2025. Included in the updates are three new capabilities: SAP Notes Command Center, Rapid Controls for Dangerous Exploits, and Alert on Anything for SAP Business Technology Platform (BTP). Focusing on providing increased visibility, greater insights, and increased automation, these capabilities will help organizations strengthen their SAP application security posture at a time when there are a record number of attacks targeting business-critical applications.

In speaking about the new capabilities, Onapsis CEO Mariano Nunex stated that, “Organizations don’t have the time to spend going through false positives and wondering whether a patch has been correctly applied. Instead, they need security solutions that are customizable to their unique business and attack surface.” Nunez went on to say that, “The new capabilities in our Assess and Defend products, as well as the expansion of our platform, provide our customers with the technologies they need to keep ahead of sophisticated threat actors, protect their most valuable data, and achieve business resilience.”

Keeping up with patches and updates is the single biggest challenge faced by respondents to SAPinsider research when it comes to securing their SAP systems. Three of the top five issues that lead to this patching backlog are specifically related to SAP Notes. The biggest issue is difficulty validating whether a SAP Note has been properly applied, but almost as significant are a reluctance to apply notes that might impact system availability and difficulty understanding which SAP notes are the most critical.

SAP Notes Command Center in Onapsis Assess is intended to address these specific needs. The new capability helps users anticipate SAP patch days and prioritize patching tasks while providing additional insights into SAP Note applications. A new dashboard in the command center helps validate that patches were applied correctly which helps eliminate time spent on false positives. The insights offered by the dashboard also helps reduce the risk of undetected vulnerabilities.

The new Rapid Controls capability leverages Onapsis Defend’s detection rules to monitor threat activity targeting SAP vulnerabilities. These controls will proactively help organizations address the risk of critical vulnerabilities while supporting regulatory requirements such as EU NIS2 and US SEC.

With use of SAP BTP accelerating in the SAP community, one of the most important things for organizations to using the platform to do is ensure that it is effectively secured. With the new Alert on Anything for SAP BTP capability, organizations are able to customize and expand their SAP BTP threat monitoring. This provides users with the flexibility they need to most effectively manage security controls and tailor them to their individual environments.

Lastly, the latest update expands coverage analysis in Onapsis Security Advisor. Onapsis Security Advisor helps organizations gain a comprehensive view of their SAP security posture while providing AI-powered, tailored guidance based on Onapsis’ SAP cyber experience. The expanded coverage helps identify threats in a security landscape that may not be actively monitored. This expands the ability to detect and act on potential unmonitored critical systems that are still part of the SAP landscape.

What This Means for SAPinsiders

• Prioritize the protection of SAP systems and the data in them. With SAPinsiders experiencing a growing number of attacks and the acceleration of cloud and hybrid-cloud deployments, maintaining a strong cybersecurity focus is crucial. This importance is emphasized by the increased use of data from SAP systems to support AI projects. Protecting the data that comes from SAP systems should be a top priority, and tools like the Onapsis Platform for SAP help organizations increase their cybersecurity capabilities significantly.
• Acquire executive sponsorship for any cybersecurity strategy. According to SAPinsider research, having strong executive sponsorship for cybersecurity projects helps increase visibility across infrastructure, applications, and data. This makes a significant difference in the overall implementation of cybersecurity capabilities which in turn helps reduce the number of attacks impacting SAP systems.
• Implement a layered approach to cybersecurity. Although solutions like the Onapsis Platform for SAP offer significant benefits, the best cybersecurity strategy involves a layered approach to defense. Combining cybersecurity capabilities, for example the Onapsis Platform with SSO, MFA, and zero trust, will help increase protection and make it significantly more difficult for threat actors to even reach SAP systems.