SAP Security MonitoringagileSI overview
www.it-cube.net iT-CUBE SYSTEMS GmbH
agileSI 360 SAP Security MonitoringAlthough SAP systems are
extremely critical for the core business of many companies, they
still represent a blind spot when it comes to IT security
monitoring.Due to their significance, information density,
complexity, architecture and vulnera-bility potential, SAP systems
need special protection. They are often the focus of industrial
espionage, fraud and misuse through government intelligence
services, aggressive competitors and corrupt employees. Manual
audits completed on a rotational basis for selected systems are not
suitable for recognizing attacks and policy violations in real-time
or enabling appropriate reactions. Whats missing is intelligent
integration into the central SIEM system. agileSI closes the gap
between SAP and SIEM. The solution monitors security-relevant
events as well as critical SAP system parameters on a continual
basis. The data extracted from the entire SAP environment are then
correlated, visualized in easily interpretable dashboards, prepared
for reports and, based on the priority, forwarded in the form of an
alarm to a ticket system.The result: fully automatic compliance
checks and attack recognition through continuous real-time
monitoring to put it simply: 360 SAP Security Monitoring.To
minimize risks and recognize threats, agileSI records data from log
files, tables and profile parameters and crosschecks these against
policy specifications or analyzes them with intelligent correlation
procedures. The checking logic has been derived from SAP security
recommendations, the DSAG review guidelines and also best practice
experience from SAP penetration tests.
No other IT system contains so much business-critical
information in such a concentrated form:
FI: finance data, key figures, planning figures, etc. HR:
personnel data, salary information, account details PLM: corporate
secrets, development samples, recipes SRM: price lists, purchase
prices, tenders, offers CRM: customer data, turnover figures,
opportunity pipe.
Perform a reality check and examine the following levels in more
detail:
Secure Code: secure code is a prerequisite for a secure system.
Does in-house code contain vulnerabilities or backdoors, e.g. SE/
SA38, SU24/25/26?
Secure Apps: What patch level do the systems have? Have all
security considerations been implemented? Can it be ensured that no
new security risks (e.g. modified roles, workbench objects, etc.)
can be imported into the productive system via transports?
Secure System: Which settings do not correspond with the
configuration guidelines? Can prohibited changes be recognized
quickly, e.g. system change option, changes to rules and user
master records, gateway settings, etc.?
Detect Attacks: Do system users have a specific transaction
volume or do they generate failed logons? Why is there debugging
activity on the productive system? Why has table data been
downloaded to a local PC?
Transaction Monitoring: Can temporary changes to account data,
duplicate invoice payments, payment orders prior to the receipt of
goods, transaction volumes that do not fluctuate over time, etc. be
recognized directly?
www.it-cube.net
Paul-Gerhardt-Allee 2481245 Mnchen, Germany
T: +49 89 2000 148 00 F: +49 89 2000 148 29
[email protected] www.it-cube.net
iT-CUBE SYSTEMS GmbH
Our experts would be happy to assist you. Please feel free to
contact us at any time without obligation!
agileSI the solution with a clever core
agileSI is based on a three-layer architectural model with a
collection, administration, and analytics layer. With the help of
the agents, all required information is extracted from the SAP
systems to be monitored. For this purpose, the agents use various
data extractors for accessing infor-mation in log files, tables,
change documents, etc.
The agileSI Core is the central instance for the setup,
configuration, and monitoring. The SAP systems and the
configuration details of the extractors can be fine-tuned by means
of a comfortable graphical Web Dynpro ABAP interface.
Security Information and Event Management or SIEM in short -
forms the central basis of the Analysis Layer. This layer is
responsible for event categorization, correlations, assessment of
criticality, visualization, notifications and alerting as well as
reporting. Whats more, agileSI can be linked to all common SIEM
systems.
Fig. 2: agileSI architecture structure
Select one of three different integration approaches.
The versions Extended and Light utilize agileSI as the bridging
technology, which is compatible with leading SIEM solution,
including HP ArcSight, QRadar (Q1Labs/IBM), Logpoint, LogRhythm and
Splunk.
The Standalone version includes an embedded front end, which
means custo-mers that have not used a SIEM system in the past can
now monitor SAP systems without the involvement of the Security
department.
agileSI Light utilizes an agentless technology with minimal
integration requirements and includes the top use cases from the
security audit and system log to establish basic coverage.
Our Professional Services Team is also available to help you
audit and optimize security and risk management for your SAP
environment.
Our solutions enable you to significantly reduce the number and
severity of security gaps in your SAP environment - without the
need for additional personnel resources. We support you with
intelligent technology, automation, continuous reviews and a
process that turns risks into actions. With more than 10 years of
experience in SAP Security and IT security, our teams have the
requisite knowledge to ensure the critical systems of our customers
are effectively protected while keeping an eye on costs.
agileSI Time to Value in three versions
agileSI lightagileSI Light
agileSI Extended
agileSI Standalone
agileSI Professional Services
Agent-free SAP Connector
Top Use Cases based on SAL + System Log
Utilizing existing SIEM
Perpetual or term license for agileSI Agent, Core, Security
Analytics Pack
Utilizing existing SIEM-System Maintenance & Support
Implementation Service &
Operations
agileSI Agent, Core, Security Analytics Pack
Embedded SIEM-based Frontend
Maintenance & Support Implementation Service &
Operations
System Integration & Customization Joint Development &
Migration Programs for homegrown developments Operations and
Managed Security Services
