Onapsis and Microsoft Partner to Provide End-to-End SAP Security Monitoring

Onapsis have announced the launch of a new integration between Onapsis Defend, the company’s threat monitoring product, and Microsoft’s Sentinel security information and event management (SIEM) platform. The integration is designed for Microsoft Sentinel solutions for SAP applications and will provide security operations centers (SOC) with a unified perspective on threat detection and response capabilities for security events impacting SAP applications.

Challenges with Securing SAP Landscapes

One of the biggest challenges with securing SAP systems today is having visibility into what is happening in these mission-critical landscapes. SAP systems are usually at the core of an organization’s business processes, typically serving as the system of record, but are often not integrated into broader security controls and monitoring. This can result in a gap when it comes to understanding and tracking activity in SAP systems and landscapes.

The Microsoft Sentinel solution for SAP applications helps address these needs by continuously monitoring SAP systems for threats at the business logic, application, database, and operating system layers. The tool works as a SIEM platform that correlates SAP monitoring with other signals across the organization. But Microsoft Sentinel also works as a security orchestration, automation, and response (SOAR) tool that allows organizations to build automated response processes that interact with SAP systems to stop active security threats.

Partnership Between Onapsis and Microsoft

While the capabilities of the Microsoft Sentinel solution for SAP applications are hugely beneficial, the new partnership allows for insights generated by Onapsis to enhance and supplement information already available in the Microsoft Sentinel solution for SAP applications. According to Onapsis Chief Product Officer Sadik Al-Abdulla, this will allow “enterprises to investigate and respond to SAP threats faster, meet strict disclosure requirements with confidence, and strengthen their security posture across both on-prem, cloud, and RISE with SAP environments.”

The benefits offered by the integration include an extension to the pre-patch exploit protection and early warning alerts provided by the Microsoft Sentinel solution for SAP applications which enriches the existing information with threat intelligence from Onapsis Research Labs. SAP events will be enriched with detailed explanations, mitigation guidance, and anomaly scoring from Onapsis Research Labs.

The Microsoft Sentinel solution for SAP applications, in combination with the Microsoft Security Copilot and insights and threat intelligence from Onapsis, will offer better identification of attacks impacting both the SAP and broader environment. And organizations will be able to push security events to the Microsoft Sentinel solution for SAP applications for correlation with other enterprise events to streamline incident handling and reduce response times through a unified view of the threats in the Microsoft Unified SecOps Platform.

According to Martin Pankraz, Product Manager, SAP Security at Microsoft, “Onapsis complements our efforts to secure the whole ecosystem with their market-leading pre-breach capabilities such as SAP exploit and zero-day detection, SAP Vulnerability Management, or ABAP Code Security. We’re delivering deeper protection for our customer’s SAP landscapes, empowering them to respond to SAP threats faster and keeping them far ahead of the latest SAP attacks and exploitation techniques from malicious threat actors.”

What This Means for SAPinsiders

• Integrate your SAP monitoring into centralized security operations. While many organizations are monitoring SAP systems, and automated threat detection and response and continuous monitoring are two of the most used technologies when it comes to securing SAP systems, this monitoring should be accessible to SOCs. By integrating SAP-related information into SIEM/SOAR systems, unified visibility across both SAP and non-SAP systems is gained, ensuring that your SOC can act on SAP-specific risks.
• Establish continuous vulnerability and compliance checks for SAP landscapes. While the new partnership between Onapsis and Microsoft highlights the need for real-time monitoring of business-critical systems, organizations should operationalize automatic scanning of SAP code, configurations, and business interfaces. This means embedding checks for known SAP vulnerabilities, vulnerable custom code, misconfigured authorizations, and exploit paths so that security is built-in rather than bolted-on after go-live.
• Align responsibility for SAP security across business, IT, and security teams. This announcement underscores the complexity of securing SAP environments, particularly in cloud or hybrid cloud environments, where infrastructure, platform, and application roles can overlap. SAPinsiders should establish clear roles between teams and define who owns detection of SAP-specific threats, who owns response escalation, and how ERP-centric alerts are triaged within the broader threat-detection ecosystem.