SAP Enterprise Threat Detection, a new IT security application, quickly detects and analyzes threats before initiating countermeasures.
The software recognizes intrusions from external sources, as well as attacks originating from internal networks, which are rated as particularly dangerous.
Identify threats more quickly than ever
A lot of companies that run SAP software already use a range of security applications to protect their systems from cyber attacks. In addition to employing firewalls, attack detection systems, and data encryption, they closely examine their own software for security risks. With the new solution SAP Enterprise Threat Detection, companies can analyze huge data volumes at incredible speed, and spot familiar patterns. This means that threats can be identified more quickly than ever before. Any necessary countermeasures can then be taken immediately.
Software features of SAP Enterprise Threat Detection
Attack detection: Protocol data can be analyzed in its appropriate context. The software processes protocol information from SAP systems and other IT infrastructure components, and can limit subsequent analyses to a single system function and the IT resource location. If it detects unusual activity, SAP HANA can analyze the protocol data through the SAP Event Stream Processor, which is supported by SAP Enterprise Threat Detection. The analysis results indicate whether an actual intrusion is taking place.
Protocol analysis: Since the full protocol data requires immense storage capacity, the software extracts relevant protocol data from individual systems and selectively forwards it to the SAP Event Stream Processor. The application’s open interface enables integration of user-defined systems and infrastructure elements, such as proxies, routers, and switches. On a basic level, the software triggers independent warning alerts. Beyond this, data from different protocols can be correlated to generate any type of complex analysis deemed necessary.
Pattern recognition: Protocols of user switch, security monitoring, the RFC gateway (which specifies technical internet standards), and transactions may contain logs of suspicious activity. The software analyzes these protocols and checks whether corresponding attack patterns are already known. A pattern match triggers a warning alert.
Forensic examination of data: The new software not only supports companies in monitoring their systems in real time and conducting ad-hoc analyses, companies can also compare past data with known attack patterns that are predefined in the solution. In addition, new attack patterns can be identified and subsequently used for ad-hoc analyses.
Integration of non-SAP software: Using a public application programming interface (API), companies can integrate non-SAP system protocol data from incident management systems and other security solutions, as well as from routers or proxies, into their analyses.
Customization: The integration of IT landscape contextual data, such as user data or dashboard configurations, allows the software to be customized to best meet company-specific needs.