sap security - enterprise threat detection methodology for qradar - siem
TRANSCRIPT
ESNC ESNCESNCSecurity Solutions for SAP Applications
SAP Security Monitoring with IBM QRadar and Enterprise Threat Monitor
www.enterprise-threat-monitor.com
Enterprise ThreatMonitor™
!The US Inves,ga,on Services (USIS) Breach Confiden'al data for 27,000 Department of Homeland Security (DHS) employees breached through SAP system. USIS’s DHS contract canceled; company filed for bankruptcy.
Recent IBM study shows average data breach is costly $3.79 million is the average total cost of a single data breach. 23% increase in total cost associated with data breach since 2013. Ebay, JP Morgan Chase, Bri,sh Airways, UPS suffered major data breaches
Source: http://www.nextgov.com, IBM - 2015 Cost of Data Breach Study
Hackers Stole over $31 Million from Russian Central Bank this December
NSA: “41% of cyber-a0acks target the energy industry, and in par<cular oil and gas companies.”Security Breaches Are a Big Problem
87% of the Global 2000 companies rely on SAP
FI• Bank accounts• Pricing
strategy
HR• Salary infos• PII• SSN
BW• Vendors• Strategy
details
CRM • Customer info• Credit cards
SRM• RfPs, bids• Business
negotiations• Supplier info
SAP is the heart of the enterprise
- Sensi<ve data is stored on SAP - Hackers are constantly discovering new
methods to a0ack business systems
CONFIDENTIAL AND PROPRIETARY
Someone steals the password of a service user and uses it to download customer master data?
Someone uses debug/replace to bypass authoriza'on checks and delete/change business data?
An external consultant misuses his rights and views sensi've employee salary informa'on?
Blind spot: User activity and insider threats
****
$
Can you detect if…
CONFIDENTIAL AND PROPRIETARY
Introducing Enterprise Threat Monitor for SAP Applications
Find the hackers in your SAP landscape
- Iden<fy a0acks in real <me. - Analyze threats quickly and neutralize
before they can cause serious damage.
Enterprise ThreatMonitor™
CONFIDENTIAL AND PROPRIETARY
ETM has over 300 high quality SAP threat detection cases ready for QRadar
- Uses its built-in threat detec'on paUerns to detect suspicious ac'vi'es and aUacks
- Eliminates false posi'ves by its adap've noise reduc'on engine
- Resul'ng high quality, pre-correlated offenses are sent to QRadar
Enterprise ThreatMonitor™
SAP specific correlation
IBM QRadar IntegrationHR
ERP CRM
ETM sends alerts in real-time
Secure Portal
CONFIDENTIAL AND PROPRIETARY
Sample Use Cases
- SAP debugging is used for bypassing transac'on authoriza'ons - An unauthorized user assigned a cri<cal SAP role to another
user - A user downloaded customer master or payroll data to its PC - Users are sharing their SAP accounts - Failed logons of mul'ple SAP users from the same worksta'on - A produc<on SAP system is opened to changes - An opera'ng system command is executed on SAP gateway
Find out if:
CONFIDENTIAL AND PROPRIETARY
QRadar Integration Steps
- Download Enterprise Threat Monitor: • hUps://www.enterprise-threat-monitor.com/download
- Follow the steps for connec<ng to SAP: • hUps://www.enterprise-threat-monitor.com/installa'on
- Use built-in SIEM wizard to add your QRadar system. - Import ETM log source extension and configure event
proper'es, QID mappings, and QRadar specific se_ngs using ETM’s step-by-step guide.
- DONE!
From 0 to real-time SAP security monitoring
SAP specific correlation
Enterprise ThreatMonitor™
ESNC ESNCESNCSecurity Solutions for SAP Applications
Thank you
EnterpriseThreatMonitorisaregisteredtrademarkofESNCGmbH,Germany.ThisdocumentcontainsreferencestoproductsofSAPSE.SAP,ABAP,SAPGUIandothernamedSAPproductsandassociatedlogosarebrandnamesorregisteredtrademarksofSAPSEinGermanyandothercountriesintheworld.HPandArcSightareregisteredtrademarksofHewleF-PackardDevelopmentCompany,L.P.SplunkisaregisteredtrademarkofSplunk,Inc.IBMandQRadararetrademarksofInternaMonalBusinessMachinesCorporaMon.Thecontentsofthisdocumentisproprietary.
www.esnc.de |
Nördliche Münchnerstr. 15a, 80807 Grunwald by Munich/Germany
Try ETM 14 days for free www.enterprise-threat-monitor.com