Upload
phamkhue
View
233
Download
2
Embed Size (px)
Citation preview
Securing SAP Systems from Cyber Attacks Enabled by SAP GRC / SolMan + Deloitte’s SAP Cyber Security Best Practices & Control Library
Proactively protect and monitor your assets with our Cyber Security Solution
• 20 key elements that organisations should address in order to block or mitigate known attacks on SAP systems
• Guidelines to facilitate the design and implementation of automated monitoring controls
Protect your environments with...
Centre for Internet Security (CIS)Top 20 Critical Security Controls
Why is your SAP environment ripe for the picking?
Top 5 reasons why your organisation is exposed to emerging cyber threats
Achieve a peace of mind and meet your security needs with Deloitte’s Cyber Security Solution. Leveraging on Deloitte’s proprietary cyber security content and powered by SAP’s GRC and Solution Manager (SOLMAN) platforms, the solution enables automated monitoring and continuous detection. This allows businesses to effectively safeguard vulnerabilities found across the different types of assets supporting your SAP landscape.
Is your SAP landscape vulnerable?
With business-critical data being hosted on essential SAP applications, cyberattacks against systems have dramatically increased in ferocity and complexity, compromising information security of organisations and even governments worldwide. However, preventing these attacks and securing your systems can be simpler – Deloitte can help increase your security baseline by implementing industry best practices established by the Centre for Internet Security.
High return for hackers with critical and sensitive business data stored in core SAP
systems
Large attack surface area exposedas monitoring all interconnected SAP
systems is a challenge
Outdated patches, notes or scripts can lead to vulnerabilities being exploited when
updates are not installed
Lack of investment in SAP infrastructure and skills to adequately
defend cyberattacks and intrusions
Insufficient awareness and education of employees can potentially expose firm's
internal environment
Establish Security Framework1
ProtectandMonitor2
RiskRemediation3
Report and Improve4
S4HANA
Windows Solaris Linux AIX
HANA Oracle MySQL
DB2
Framework
Processes
Control Library
ERP, CRM, SRM, HCM
Portal Mobile
Pro
tect
Mon
itor
Rea
ct
Continuously
Automatically
SAP Cyber Security Solution Assets
Provide confidence to top management with Deloitte’s SAP Cyber Security Dashboard
Deloitte is recognised as the leading strategist to translate the following 20 key control points for automated governance across your organisation's multiple SAP fronts. Developed and refined by a community of leading global experts, we apply this set of crucial and concise cyber practices into actionable security measures for your enterprise in a cost effective approach without any additional third-party licensing.
With customised visuals showing insights of current system performance, achieve real-time comprehensive monitoring with Deloitte’s SAP Cyber Security Dashboard. This helps you to monitor all your systems with ease and analyse all key information with the embedded drill-down capabilities.
1 6 11 16
2 7 12 17
3 8 13 18
4 9 14 19
5 10 15 20
Inventory of Authorised DevicesActively manage all hardware devices on the network
Maintenance, Monitoring,and Analysis of Audit LogsCollect logs of events to recover from attacks
Secure SAP Configurationsfor Network DevicesImplement configuration management and change control process for SAP security configurations
Account ManagementActively monitor and control SAP user accounts
Inventory of Authorised SoftwareActively manage all software on the network
E-mail and Web Browser ProtectionMinimise attack surface via web browsers and e-mail platforms
Boundary DefensePrevent flow of information transfer over networks
Security Skills Assessment and Appropriate Training to Fill GapsIdentify skills needed to support defence of enterprise
Secure Configurations for Hardware and SoftwareEstablish and manage security configurations on of all devices and software
Malware DefensesControl the spread of malicious code, while optimising the use of automation
Data ProtectionPrevent data exfiltration, and ensure privacy and integrity of SAP data
Application Software SecurityManage SAP and non-SAP application software security
Vulnerability Assessmentand Patch ManagementMonitoring Patch fixes and Critical Security notes for SAP
Limitation and Control of Network Ports & ProtocolsManage operational use of ports and protocols to minimise vulnerability
Controlled Access Based on the Need to KnowSecure access to critical assets based on a need and right to access
Incident Response and ManagementDevelop and implement incident response infrastructure
Controlled Use of Administrative PrivilegesAccess to SAP Databases only on a need-to-know basis
Data Recovery CapabilityEnsure SAP data is regularly backed up and available for disaster recovery
Wireless Access ControlControl the security use of WLANs and other wireless client systems.
Penetration Tests and Red Team ExercisesSimulate attackers actions to test defence over attacks
Windows Solaris Linux AIX
ERP, CRM, SRM, HCM
Portal
S4HANA
MobileHANA Oracle MySQL DB2
Achieve automated governance with CIS Top 20 controls in your SAP landscape
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/sg/about to learn more about our global network of member firms.
Deloitte provides audit, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries and territories bringing world-class capabilities, insights, and high-quality service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 245,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter.
About Deloitte Southeast AsiaDeloitte Southeast Asia Ltd – a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam – was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises. Comprising 290 partners and over 7,400 professionals in 25 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge to deliver consistent high quality services to companies in the region.
All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and independent legal entities.
About Deloitte SingaporeIn Singapore, services are provided by Deloitte & Touche LLP and its subsidiaries and affiliates.
© 2017 Deloitte & Touche Enterprise Risk Services Pte Ltd.
Step 1 - Define your SAP Cyber Security ScopeSelect your SAP areas of concern and let us help you safeguard your organisation
Step 2 - Want to know more? Let's talk
Philip ChongExecutive [email protected]
Tang [email protected]
Annie [email protected]
Vineet [email protected]
ERP / CRM / SRM / HCM S4 HANA Enterprise Portal Mobile
HANA Oracle SQL DB2
Windows Solaris Linux AIX
SAP App
Database
OS