Back to Vendor Directory

Onapsis

As the only cybersecurity and compliance Endorsed App from SAP, Onapsis protects the business applications that run the global economy. The Onapsis Platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors such as SAP, Oracle, and others. Our solutions are powered by Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business applications. Trusted by 30% of the Forbes Global 100, we are the market leader to accelerate your SAP initiatives securely.

Featured Solutions

  • The Onapsis Platform

    The Onapsis Platform provides unprecedented visibility into business-critical SAP and Oracle applications.

  • Threat Monitoring & Pre-Patch Protection

    Onapsis Defend - SAP Threat Monitoring & Pre-Patch Protection. Gain an early warning system for unauthorized changes, sensitive data access, misuse, or cyberattacks targeting business-critical SAP applications. Get real-time intel so you can respond faster and prevent serious damage.

  • Attack Surface Management

    Onapsis Assess - Complete ERP Attack Surface Management. Discover vulnerabilities across your critical ERP application landscape and get the risk-based guidance you need to better prioritize and respond faster to issues posing the greatest threats to your business.

Featured Content

  • Ch4tter: Threat Actors Attacking SAP for Profit

    New Intelligence to Protect SAP from Ransomware and Data Breaches, Onapsis and Flashpoint have joined forces to level the playfield, revealing how threat actors are attacking SAP applications. Download our report or listen to our recent webinar

  • SAP Security: Before, During, and After a RISE with SAP Migration Featuring Snohomish PUD

    RISE with SAP is a comprehensive suite of cloud-based applications, platforms, tools, and services that help businesses of all sizes accelerate their digital transformation. However, any migration to the cloud comes with security challenges. Using third-party security technology can enhance and expand your ability to protect your data and systems while transitioning into a RISE with SAP environment. In this webinar, learn how enhanced visibility, automated security scanning, and incident response can augment your team’s ability to inspect what they expect from RISE with SAP, increase business value, and promote risk abatement.

Multimedia Center

Articles / Case Studies / Videos

  • Anatomy of an Attack: Breaking Down a C2 Incident on SAP

    Onapsis Research Labs detailed a security breach where an SAP system was compromised, transformed into a command and control bot through a vulnerability, and used to launch a distributed denial of service attack via Cloudflare.

  • Securing SAP Remote Function Calls: The Crucial Role of S_ICF Authorization

    Reading time: 5 mins

    The article discusses the importance of the S_ICF authorization object in SAP systems as a security measure to mitigate RFC hopping attacks by controlling access to RFC destinations and ensuring that only authorized users can initiate function calls, thereby reducing the risk of unauthorized privilege escalation following a cyber attack. Membership Required You must be…

  • Hash Cracking and the SAP Landscape

    Reading time: 6 mins

    This article discusses the use of hashing for password security in SAP systems, explaining how hashes are stored, methods for cracking them using tools like JohnTheRipper and Hashcat, and emphasizes the importance of addressing weak hashes and deactivating downward compatibility to enhance data protection.

  • Cybersecurity sessions

    83% of Organizations experienced at least one ransomware attack in the last year

    Reading time: 1 mins

    A recent report reveals that 83% of organizations faced ransomware attacks in the past year, with significant impacts on ERP systems, prompting 93% to seek dedicated ERP security solutions, while concerns grow over AI-enhanced threats and organizations increasingly adjusting their cybersecurity strategies and investments.

  • ERP Security for Utility Companies – Onapsis Partners with SNOPUD to Secure Critical SAP Applications

    Reading time: 2 mins

    Cyberattacks on utility companies are increasingly targeting vulnerabilities in SAP applications, posing significant financial and operational risks, with the average cost of a data breach reaching $4.72 million. The energy sector, with its sensitive enterprise resource planning (ERP) systems like SAP, is particularly attractive to cybercriminals. Despite this, many utility companies struggle to allocate adequate…

  • Augmenting Existing SAP Network Security with Onapsis

    Reading time: 2 mins

    A recent study by Onapsis highlights a 400% rise in ransomware incidents targeting SAP systems, emphasizing the critical need for enhanced security measures to protect these applications. SAP offers various security features, including user authentication, encryption, and monitoring controls like SAProuter. However, if compromised, SAProuter can be an entry point for unauthorized access. Traditional vulnerability…

  • Cybersecurity sessions

    New Report Reveals Evidence of Increased Cybercriminal Interest in ERP Applications

    Reading time: 4 mins

    Novel research report from Onapsis and Flashpoint details increasing interest and value of ERP security application vulnerabilities for ransomware and data breaches.

  • Vulnerabilities Affecting SAP AI Services

    Reading time: 3 mins

    On July 17th, 2024, Hillai Ben-Sasson, a security researcher from the cloud company WIZ released the results of a research focused on SAP Cloud AI services, which was part of a broader research around mainstream AI cloud providers also including Hugging Face and Replicate. The researcher identified a set of weaknesses in the cloud infrastructure…

  • Collibra data intelligence

    Lessons from Onapsis-Flashpoint Report and Beyond

    Reading time: 2 mins

    In the realm of enterprise resource planning (ERP) systems, security is a constant battleground. Despite the availability of patches for known vulnerabilities, the Onapsis-Flashpoint Ch4tter report sheds light on a worrying trend: increased attack activities on these critical systems.

  • cybersecurity

    Protecting SAP Solutions from Cyber Threats with Onapsis

    Reading time: 1 mins

    Recent SAPinsider research highlights that protecting sensitive data in SAP systems is a major concern for SAP customers. Traditional security efforts focused on managing access, but new research by Onapsis and Flashpoint reveals an increase in cyber threats targeting SAP systems. Ransomware incidents have surged by 400%, and discussions about SAP vulnerabilities on various web…

  • SAP Customer Experience

    A Risk Driven Approach to SAP Application Security

    Reading time: 1 mins

    SAP applications are foundational, business-critical systems. Their importance and overall complexity are exploding in scale, as organizations continue to support legacy systems while simultaneously transitioning to the cloud.

  • Deloitte & Onapsis Strategic Alliance

    Deloitte and Onapsis Form Strategic Alliance to Help Shared Clients Secure SAP S/4HANA Cloud®, RISE with SAP® and Cloud ERP Digital Transformations.

  • Onapsis Continues to Set the Standard for More Complete SAP Application Security for RISE with SAP, SAP BTP, and S/4HANA Cloud

    Reading time: 3 mins

    Market-defining innovation and comprehensive coverage leads to deeper visibility, stronger controls, and greater risk reduction for F500 SAP Organizations.

  • SAP BTP

    Onapsis Launches Advanced Security Features for SAP Business Technology Platform

    Reading time: 2 mins

    Latest release of Onapsis Assess enhances visibility and scanning for SAP BTP.

  • Securing SAProuter: How to Get More Complete Protection for This Critical SAP Asset

    Reading time: 2 mins

    We’re happy to see more and more organizations responding to this elevated SAP threat landscape by turning their attention to hardening their SAP applications and investing in improving their SAP security postures. This applies not only to “traditional” assets across the SAP tech stack (e.g., ABAP, HANA, JAVA), but also specific applications, such as SAP…

  • RISE to the Occasion – Webinar

    As part of RISE with SAP, customers benefit from high-caliber, secure cloud infrastructure and various security services managed by SAP. However, it’s important to remember that there are areas of security that are NOT covered by SAP that you will have to manage yourself.

  • SAP Cyber Hygiene Practices to Protect Your Enterprise’s Business Goals

    In the new technological landscape, nothing is ever internal-only or running on a secure system—including SAP. Hear how using Onapsis as a customer can successfully create a vulnerability management.

  • Onapsis Assess Overview Video

    Complete ERP attack surface management.

  • Onapsis Defend Overview Video

    SAP threat monitoring & pre-patch protection.

  • Onapsis Control Overview Video

    Shift left and accelerate digital transformation.

  • Onapsis Comply Video

    Automatically audit IT controls across your SAP.

  • Onapsis Security Advisor Overview Video

    Accelerate your SAP security journey with AI-Powered, tailored guidance based on 14+ years of SAP and cyber experience.

  • security

    Cloud Security Fundamentals

    Reading time: 6 mins

    SAP workloads are moving to the cloud at an accelerating rate, with 50% of those currently running on-premise likely to move in the next two years. While some will go into software-as-a-service environments, the bulk of SAP workloads moving to the cloud will go into infrastructure-as-a-service environments. This type of environment requires a different approach…

  • Managing Risk in the Cloud with Global Apparel Manufacturer Gains Visibility and Threat Intelligence for SAP HEC

    Reading time: 1 mins

    A large international apparel manufacturer running multiple independent, in-house SAP systems around the world wanted to implement an additional system to cover new geographical regions, but this time running on the SAP HANA Enterprise Cloud (HEC).

  • Customer Success Story: A leading European technology trading group mitigates SAP Cyber security risks with managed service from 1DigitalTrust

    Reading time: 1 min

    One of Europe’s leading technology trading groups within products and systems for industrial applications has secured its SAP systems all over Europe with an Onapsis cybersecurity solution delivered by 1DigitalTrust as a managed service to avoid expensive downtime to its business.

  • Case Study: Time To Build Secure, Compliant, SAP Applications

    Reading time: 1 mins

    A global chemical company relies on SAP for their business-critical applications and leverages custom code development to support their organization. However, the organization struggled to keep up their development cycles at a pace that aligned with the speed of their business. A manual code review process with no way to check transports for errors, led…