Embed Size (px)
Citation preview
C-Forge 2017
Virtual Forge Security and Quality Suite
[ Cyber Security | Continuity of SAP® Operations | Compliance ]
Road to Green –the Successful Approach for Protecting SAP Landscapes
Assess:
Our tool-supported approach for Risk Assessments and
SAP Penetration Tests will deliver a detailed insight into the
state of your SAP security and quality.
Stay Clean:
Virtual Forge Solutions build a strong “firewall” to validate all
SAP changes for any security and quality related risks.
Our continuous monitoring and built-in reporting
functionalities ensure a clean and secure SAP system
landscape.
Get Clean:
Our services and solutions will help you harden your SAP
systems for a fixed price in a fixed time.
How Security & Quality issues arise
Virtual Forge Quality and Security Suite
Virtual Forge Quality and Security Suite
SAP Change Control:
TransportProfiler
What TransportProfiler can do for You
Transports need to be imported to be
analyzed properly. Additional cost and
effort is required.
For you this means:
TransportProfiler will save time, costs and
effort by analyzing transports before
importing.
Transports often contain dangerous
content. System stability is at risk and
changes to business data lead to
compliance and security issues.
For you this means:
TransportProfiler protects systems against
downtime, critical content is identified early.
TRANSPORTPROFILER
Control your SAP Transports
Security
Compliance
Quality
Change Control
Virtual Forge TransportProfiler checks transport objects for
completeness, consistency, and changes in critical data. This
makes it possible to identify flawed transports in advance,
which in turn helps to avoid security issues, damage to target
systems, and the costs and effort required for correcting
errors.
Virtual Forge TransportProfiler – for You this means:
Proactive Approach
Transport Profiling before release to target system
Correction possible before incident occurs
Protection from system downtime and blockages
No systems blocked by transports
Critical changes will be detected in time
Secure transport management
Transports will be validated before import
Protection from Malware and security weaknesses in transports
Significant cost savings
Reduces the need for additional systems
Reduced effort for transport validation
9
Virtual Forge TransportProfiler – General Features
Cockpit
Support for various transport request inspection scenarios
• Validation of Exports or Imports into a Target System
• Validation of external transport files / 3rd-Party Products
Software Delivery Validation
• Transport requests can be validated for completeness before delivery
Finding Manager
Detailed information and description for all findings
Audit proof documentation (PDF)
Transport Organizer Integration
Customer Test Cases
TransportProfiler: Control Your SAP Transports
SAP Scan in the cloud✓ Check critical objects
✓ Check consistency
✓ Check completeness
✓ 100% integration
TransportProfiler TransportProfiler TransportProfiler
Transports
• Local• RFC• Extern
SandboxCopy of
production
DEV QA PROD
Analysis &
Reporting
System Check:
SystemProfiler
What SystemProfiler can do for You
95% of all customized SAP® systems
are vulnerable. An attacker can gain
full access by exploiting just one of
these vulnerabilities.
For you this means:
SystemProfiler will secure the entire SAP
system landscape and continuously monitor for
potential vulnerabilities.
Keeping up with changing
environments is cumbersome,
configuration drift is a constant
challenge. Keeping up involves
tremendous costs and effort.
For you this means:
SystemProfiler will help SAP adminstrators to
focus on their core tasks. Manually checking for
configuration errors becomes a thing of the past.
SYSTEMPROFILER
Security
Compliance
Quality
SAP NetWeaver for ABAP. Java and SAP HANA
Virtual Forge SystemProfiler is an unique solution for validating and
securing SAP system configuration and base authorizations - to detect
and correct errors, and to avoid recurrence. This leads to minimized
critical risks, significant cost reduction through more stable, and faster
SAP systems and drastically reduced effort for monitoring and
correction measures.
Secure your SAP System landscape
Security and compliance risks: Significantly reduced
Prevention from cyber-attacks, fraud and system downtimes
Ensures compliance to internal and external security and quality baselines
Comprehensive approach to SAP Security through integration into IT security solutions (SIEM/SAP ETD)
System configuration: fully secured
Expert knowledge guarantees comprehensive coverage of all security relevant settings
Over 300 predefined and configured tests will be delivered with the standard
Reduced complexity and full scalability due to flexible security policies
Central administration: up to 80 % less effort and costs
Reduced operative effort through centralized architecture
Continuous monitoring of the entire system landscape and comprehensive reporting
Proactive approach and automated corrections
Virtual Forge SystemProfiler – for you this means:
Virtual Forge SystemProfiler – General Features
Inspection Policies
Individual security policy for each system
Flexible and powerful black-/whitelist management
Finding Manager
Detailed information and description for all findings
Options for automated and manual correction directly accessible
Complete architecture
Covers HANA, ABAP and Java-based SAP systems
Includes built-in reporting options
Open integration into adjacent solutions (SIEM, SAP ETD, Ticketing, …)
Extensible and customizable Test Cases
SAP
system landscape
SystemProfiler: for a Secure SAP Environment
SAP Scan in the cloud✓ Complete validation
✓ Automated security
✓ Full transparency
✓ 100% integrationMonitoring & Reporting
Policies
Results
Validation
Code Validation:
CodeProfiler
What CodeProfiler can do for You
With one critical issue for every 1.000
lines of code in an average SAP
system, attackers have plenty of
vulnerabilites to chose from.
For you this means:
CodeProfiler for ABAP and CodeProfiler for
HANA act as a custom code firewall, preventing
insecure and unstable code to enter production.
Custom code contains a
considerable number of performance
and robustness deficiencies,
increasing the likelihood of data
corruption or system downtime.
For you this means:
CodeProfiler for ABAP and CodeProfiler for
HANA integrate directly into the development
process and identify possible issues early on.
20
Secure & improve Your Custom Code
CODEPROFILER for ABAP & CODEPROFILER for HANA
Security
Compliance
Quality
Code layer
Virtual Forge CodeProfilers pinpoint and correct security,
compliance and performance vulnerabilities in ABAP™ and
HANA™ programs before downtimes and long runtime cause
expensive corrections or security vulnerability's are exploited
by attackers..
Knowledge is power: 75% less correction costs
Development and maintenance costs will be reduced by improving the quality of programs
The power in your SAP code: 84% faster and failsafe programs
Reduce run-time and hardware utilization through improved performance
Minimize system failures and downtime using selective corrections
HANA optimization: prepare your ABAPTM code for HANA
SAP Code Firewall: 92% less effort and costs reduced by 98%
Set quality standards for internal and external developments
Accurate and resource-saving analysis and evaluation
100% more security and compliance
Prevents data theft and industrial espionage
Virtual Forge CodeProfiler - for You this means ...
Virtual Forge CodeProfilers – General Features
Full integration into development process
Users don’t need to learn a new tool
Frictionless process integration
Finding Manager
Detailed information and description for all findings
Innovative functionality
Automated correction possibilities
Includes built-in reporting options
Extensible and customizable Test Cases
More than 250 test cases for security, compliance and quality
CodeProfiler: the Standard for SAP Code Scan
SAP Scan in the cloud✓ All ABAP objects,
many HANA objects
✓ Extensive content
✓ Patented technology
✓ 100% integration
SAP system landscape
Firewall / Scan on commit
CodeProfiler TMS Integration
CodeProfiler Scan
Development
Transport Release
Existing Code
Monitoring & Reporting
Reporting: Visualizing
Results and Trends
Virtual Forge Reporting in a Nutshell
Separate solution covering all Virtual Forge solutions:
SystemProfiler
CodeProfiler for ABAP
TransportProfiler (planned)
Pre-defined content
Different KPIs specific to each solution
Scope can be set for each customer individually
Fully integrated into SAP
Developed in ABAP
Using ICF-Services and AngularJS
Virtual Forge Reporting
26
SystemProfiler Reporting
27
Virtual Forge
Cloud
Virtual Forge Cloud: Fast & Smart SAP Scan
SAP Scan in the cloud✓ Secure SAP Code
✓ SAP Addon Check
✓ History, Benchmark
✓ Reporting
How Safe is Your SAP System?
Quality
Compliance
Security
SAP®
Free Risk Assessment
▪ Summary & Specific Examples of Findings
▪ Vulnerabilities Prioritization & Classification
▪ System, Code & Transport Metrics
Disclaimer
© 2017 Virtual Forge GmbH. All rights reserved.
Information contained in this publication is subject to change without prior notice.
These materials are provided by Virtual Forge and serve only as information.
SAP, ABAP and other named SAP products and services as well as their respective logos are trademarks or
registered trademarks of SAP AG in Germany and other countries worldwide.
All other names of products and services are trademarks of their respective companies.
Virtual Forge accepts no liability or responsibility for errors or omissions in this publication. From the
information contained in this publication, no further liability is assumed. No part of this publication may be
reproduced or transmitted in any form or for any purpose without the express permission of Virtual Forge
GmbH, Germany or Virtual Forge Inc. The General Terms and Conditions of Virtual Forge apply.
Thank you very much for your attention!
32
Christer Mäkelä
CEO, ADSOTECH
[email protected] | +358 40 900 9990
www.adsotech.com
