The significant increase in cyber threats around the world — exacerbated by the COVID-19 pandemic in 2020 — has intensified the need for organizations to go beyond preventive measures. Higher standards around real-time monitoring, threat detection, and rapid response are required to safeguard businesses.

This is why SAP is releasing SAP Enterprise Threat Detection, a real-time cloud-based enterprise threat detection solution tailored for SAP applications and delivered as a 100% managed service by SAP on SAP Business Technology Platform. This cloud offering uniquely combines leading software with 24/7 SAP managed security services by SAP experts.

The solution and service aim to support companies in detecting cyber-attacks in real time by continuously collecting, correlating, and analyzing anomalous and suspicious events across the SAP system landscape before serious damage occurs. 

Why Is SAP Releasing This Service for Customers Now?

Many companies are currently switching to the cloud or to SAP S/4HANA. This transformation is an opportunity to enhance companies’ security measures and to protect such investments. Security is no longer a trivial subject and therefore cannot be neglected. Failing to make it a top priority means taking high risks and possibly facing hefty consequences when audited.

Cyber-attacks against businesses are in the news weekly. However, little technical detail is shared about the layers of the IT landscape being attacked. Since SAP applications often contain the most valuable data and run the most critical business processes across the enterprise, they are increasingly becoming a target for external and internal fraudsters.

Attacks can have serious consequences, such as loss of trust and intellectual property, huge fines, business interruption, revenue leakage, misstatement of financial records, among many other damages.

While general security teams guard the walls, perpetrators — internals or externals — are making their way to the companies’ crown jewels through the application layer’s backdoors.

What Is the Objective of the Cloud Edition of SAP Enterprise Threat Detection?

The logic and the structure of enterprise resource planning (ERP) systems are very different from the ones on the network or operating system layer. SAP applications have been developed to support end-to-end processes, so there is a huge amount of controls that must be managed and monitored.

Imagine the ERP system as an office building in a city (the internet) with thousands of criminals. All windows and doors are locked and bolted. Are we 100% sure that we are safe? Unfortunately not, because:

  • Thieves and perpetrators always find new ways to break in and this is not going to stop. It is a continuous act of offense and defense from the attacker and the defender improving their methods and strategies to succeed.
  • The best lock is futile if (internal) attackers are already in the house. More so, an alarm system will not necessarily protect your home if it fails to activate. Hence, there is a high exposure to risk.

In both scenarios, the objective is to detect such cases in real time to raise alerts faster with SAP customers, leveraging the managed service of SAP Enterprise Threat Detection, cloud edition.

24/7 Monitoring as a Managed Service

The managed service for SAP Enterprise Threat Detection includes monitoring of customers’ entire ERP landscape 24/7 by SAP experts, and risk-based, prioritized alerting. In addition, a monthly report is issued summarizing all suspicious activities detected as well as the details of how they were carried out.

While this offers effective protection that covers most auditors’ requirements, some companies may want additional support and flexibility. The extended version provides companies the option for extended services and enhanced service level agreements, such as prompt reaction to abnormalities and/or forensic analysis over a specified number of months, and more flexibility in creating and updating detection rules.

“Security is a top priority for SAP. We know some of our customers don’t have in-house security operations centers to monitor and protect their mission-critical applications from ever-growing cybersecurity threats”, said Thomas Ruhl, head of Product Management for Customer Innovation and Maintenance at SAP. “That’s why we released SAP Enterprise Threat Detection, cloud edition: a solution that bundles powerful software and a managed service by SAP security experts to defend against cyber-attacks and safeguard their business.”

Customers interested in learning more can contact their SAP Account Executive to organize a session to better understand the complete offering or email CIM_Communications@sap.com.