Mar 16-19, 2026Las Vegas, Nevada, NV
SAP Enterprise Threat Detection
Featured Insiders
Upcoming Events
SAPinsider Las Vegas 2026
Related Vendors
What Is SAP Enterprise Threat Detection?
Powered by SAP HANA, SAP Enterprise Threat Detection enables security administrators to detect, monitor, and analyze security events throughout the SAP landscape by scanning log files and identifying suspicious patterns. It includes a security information and event management (SIEM) tool that employs real-time intelligence to detect external and internal cyber threats and comply with data protection and audit regulations. Available on-premise or in the cloud, SAP Enterprise Threat Detection includes preconfigured and customizable functionality, risk-based prioritized automated alerts, as well as forensic investigation, threat hunting, and anomaly detection. In 2021, SAP launched a cloud-based managed service version of SAP Enterprise Threat Detection.
Key capabilities include:
- Forensic investigation, threat hunting, and anomaly detection functions
- Risk-based and prioritized alerts
- Rapid security log analysis and correlation
- Continuous monitoring of systems
Key Considerations for SAPinsiders
What Is SAP Enterprise Threat Detection?
Powered by SAP HANA, SAP Enterprise Threat Detection enables security administrators to detect, monitor, and analyze security events throughout the SAP landscape by scanning log files and identifying suspicious patterns. It includes a security information and event management (SIEM) tool that employs real-time intelligence to detect external and internal cyber threats and comply with data protection and audit regulations. Available on-premise or in the cloud, SAP Enterprise Threat Detection includes preconfigured and customizable functionality, risk-based prioritized automated alerts, as well as forensic investigation, threat hunting, and anomaly detection. In 2021, SAP launched a cloud-based managed service version of SAP Enterprise Threat Detection.
Key capabilities include:
- Forensic investigation, threat hunting, and anomaly detection functions
- Risk-based and prioritized alerts
- Rapid security log analysis and correlation
- Continuous monitoring of systems
Key Considerations for SAPinsiders
Protect the “crown jewels” in SAP applications. Arndt Lingscheid, Global Solution Owner Cybersecurity and Data Protection at SAP, explains that a company’s most valuable assets — crown jewels — are often located in SAP applications. SAP Enterprise Detection alerts security professionals early to security threats to the crown jewels. “We can do forensic analysis for SAP application logs and threat hunting to identify anomalous activity in the systems to identify threats early,” he explains. The platform has the ability to process and analyze up to 250,000 events per second and correlate the data in real-time with other logs coming in from the SAP environment, he says.
Look at the whole security puzzle. SAP Enterprise Threat Detection uses automated processes based on SAP HANA and machine learning to track attacker activity using predefined and customizable attack paths and user behavioral analysis. It provides automated alerts when attack patterns are detected, which are forwarded to other SIEM systems. The tool enables the security analyst to click on a button and get a correlation of different log types sorted by timestamp to give a complete picture of an enterprise’s security, Lingscheid notes. “We are able to look at the whole security puzzle, not just single puzzle pieces,” he says.
Monitor for suspicious behaviors and anomalous events. SAP Enterprise Threat Detection reduces the time required to identify suspicious events and vulnerabilities in key SAP systems. The platform provides transparency into suspicious user behavior and anomalies in SAP applications to identify and stop security breaches in real time, Lingscheid relates. Its managed service includes monitoring of customers’ entire ERP landscape continuously by SAP experts and risk-based, prioritized alerting. A monthly report summarizes all suspicious activities detected and the details of how they were carried out.
What other vendors offer help with enterprise threat detection for SAP products? Some of the other vendors that offer help with enterprise threat detection for SAP customers include Layer Seven Security, Onapsis, Virtustream, Winterhawk Consulting, Xiting.
17 results
The business benefits of SAP Enterprise Threat DetectionJun 8, 2021 — Nowadays, not a day goes by without a new data breach being reported in the news. Cyber-attacks often target our IT infrastructure using phishing, smishing, ransomware or malware. The goal is often to disrupt a company's operations, encrypt databases or block access to carry out extortion.
The average time to contain a security breach is 280 days. Such a long-lasting attack on an SAP S/4HANA Finance application can have even more serious consequences for an organization than an attack on the IT infrastructure if it results in the loss of important data and money and thus violates compliance regulations. In addition, threats to the application environment such as SAP S/4HANA and the IT infrastructure must be equally considered in the risk management of the entire organization.
Enterprise Threat Detection makes suspicious (user) behavior and anomalies in SAP S/4HANA business applications transparent in real time to detect and stop such security breaches in real time.
- Businesses that had not deployed security automation saw an average total cost of $6.03 million, more than double the average cost of a data breach of $2.45 million for businesses that had fully deployed security automation
- The time to contain a security breach on average is 280 days
- Lost business costs $1.52 million accounted for nearly 40% of the average total cost of a data breach
It’s not a question of experiencing a data breach. It’s only a question WHEN!
Join this session to:
- Understand how you can benefit from SAP Enterprise Threat Detection to protect the intelligent enterprise by identifying, analyzing and neutralizing cyber-attacks on your SAP S/4HANA Finance applications
- Discover how security incidents are detected and analyzed and how evidence of an attack is collected and secured
- Learn how to adopt and adapt specific use cases according to your individual application and company policies
1 minute read
Case study | Threat detection in SAP applications & implementation of SAP Enterprise Threat DetectionJun 7, 2021 — An important component of a comprehensive security strategy is control over activities performed within the SAP environment to ensure landscape security . This includes monitoring applications behavior with respect to policies and regulatory requirements. This session will discuss three customer scenarios both before and after implementing SAP Enterprise Threat Detection.
Scenario 1
Before implementing SAP ETD the customer could not parse SAP security events or respond quickly to possible threats to their SAP landscape which resulted in a negative audit report. After the project the customer was able to process SAP security events in their Security Operations Center (SOC), successfully passing a security audit at the end of the year.
Scenario 2
Before implementing SAP ETD the customer had no correlation between security events coming from SAP and non-SAP sources and had limited forensic capabilities. After the project the customer was able to collect, normalize, and correlate security events, and integrated SAP ETD with the corporate IT Service desk to improve reaction times. Results included faster reaction to possible cybersecurity threats and general security/basis improvements.
Scenario 3: SAP ETD implementation at Severstal
Prior to implementing SAP ETD, time and resource constraints limited monitoring SAP information security events. Project objectives were to reduce the time required to identify incidents and vulnerabilities, to include key SAP systems in the monitoring scope, and to increase security. Additional connectors were developed during the project to increase the systems covered by SAP ETD.
Attend this session to:
- Learn about how customers have implemented SAP ETD
- Understand the benefits SAP ETD brings in making potential threats visible
- Determine how to reduce uncertainty and improve control over application, user, and system behavior
1 minute read
Keynote | System Down? How to Protect Your SAP Landscape for Upcoming Threats in 2021Jan 20, 2021 — In the past few years, 64% of organizations’ ERP systems have been breached, according to a research study by IDC. Are you aware how attackers have breached and can break into unprotected customer SAP landscapes? Attend this session to gain insights into:
- What attacks on your SAP systems look like
- What security challenges exist in SAP environments
- Ways to protect your organization for upcoming threats
1 minute read
Keynote | Enhancing Your SAP Security and Compliance Strategy in the Era of Digital TransformationJan 19, 2021 — Join Onapsis, an SAP partner now offering an SAP Endorsed App, and SAP as we highlight our partnership and how we work together to address security, compliance, and resiliency challenges, so organizations can protect their most mission-critical applications. In this session, we will discuss the increasing threat landscape, the importance of modernizing security and compliance strategies, and how to remain secure during digital transformation. With increasing numbers of companies moving towards cloud-based solutions and SAP S/4HANA there is incredible change happening within the SAP landscape and organization. This interactive discussion with JP & Chris will help you understand how you can protect your SAP systems and ensure compliance during these unique times.
Attendees will learn:
- Why it is critical to evaluate your security and compliance today
- Key steps you can take to secure your system and analyze vulnerabilities
- Common vulnerabilities in SAP systems that customers may not be aware of
- The impact of SAP S/4HANA and cloud migration on security and compliance
- The most critical security skills and support that every SAP team needs to add to their portfolio
1 minute read
Simply Securing a System Is No Longer SufficientNov 13, 2020 — By Robert Holland, VP Research, SAPinsider Securing an SAP system used to involve checking access and process controls and ensuring that the most recent SAP Notes had been applied. Now it involves not only ensuring that the system itself is up to date but must address cybersecurity and compliance issues as well. The Threat Landscape […]
5 minute read
Cybersecurity: Case study: How McKesson uses SAP Enterprise Threat Detection to identify and mitigate risksMar 11, 2019 — Learn how McKesson, the largest U.S. pharmaceutical distributor, implemented SAP Enterprise Threat Detection to strengthen its cybersecurity position. Click this link to view the slides from this session — Cyber_2017_Kuo_Wienand_Casestudyhowmckessonusessap. Benjamin Wienand If you have comments about this article or publication, or would like to submit an article idea, please contact the editor. […]
1 minute read
How to Configure SAP Enterprise Threat Detection for Increased Surveillance and Real-Time Analysis of Security ThreatsApr 14, 2016 — Mining of important security-related logs has always been a challenge for most enterprises in terms of how to gain appropriate security intelligence from collected data sets in order to forestall malicious attacks from within and outside an enterprise. Kehinde Eseyin shows how to set up the SAP Enterprise Threat Detection system landscape to facilitate log […]
29 minute read