ERPScan in KuppingerCole’s leadership Compass for SAP Access Control

Palo Alto, CA – August 6, 2015 ERPScan, a most distinguished player in the SAP and Oracle security area, was included as a Challenger in recent KuppingerCole’s Leadership Compass about Access Control/Access Governance for SAP environments for the SoD module of ERPScan Security Monitoring Suite.

The ERPScan company is known for their innovative platform for assessing and monitoring SAP and Oracle systems against cyber-attacks and fraudulent activities. This solution provides a unique functionality to Identify, Analyze and Remediate security issues and is shipped as 3 separate modules to cover all SAP security areas: Vulnerability Management, Source Code Security, and Segregation of Duties. It supports all major SAP platforms: NetWeaver ABAP, NetWeaver J2EE, HANA, BusinessObjects, and Mobile, specializing on industry-specific solutions.

KuppingerCole is one of the top European analyst agencies with a strong focus on IAM and GRC markets. Recently, KuppingerCole’s analysts selected ERPScan’s SoD module for inclusion into their Leadership Compass about Access Control/Access Governance for SAP environments. Though this module was not designed as a stand-alone solution, it was well positioned even when comparing with companies and solutions which Flagship products were selected. ERPScan’s SoD Module was included into the final list by following appropriate requirements and selected straight into Challengers position. This level identifies products which are not yet Leaders but have specific strengths which might make them Leaders. Typically, these products are also mature and might be leading-edge when looking at specific use cases and customer requirements.

The Leadership Compass is written by KuppingerCole’s Senior Analyst Matthias Reinwarth in cooperation with company founder and Principal Analyst Martin Kuppinger. The report provides an overview and analysis of the market for Access Control & Access Governance Solutions for SAP environments. By adding the right Access Control components to their SAP infrastructure, organizations can significantly improve enterprise risk management and corporate compliance with applicable laws and regulations. The Leadership Compass about AccessControl/Access Governance for SAP environments provides decision makers with a compass to help them to find the Governance solution for SAP that best meets the needs of their company.

ERPScan, with its in-depth, read-only analysis that goes far beyond access control and governance by providing in-depth vulnerability and configuration management and source code security scanning is an interesting alternative for customers with the appropriate use case scenario or as an additional component for an existing access governance solution.

Martin Kuppinger, KuppingerCole

Among the advantages, KuppingerCole’s analysts noted the following:

  • Unique, complete SAP security solution;
  • Highly configurable for various scans and continuous monitoring scenarios;
  • Comprehensive landscape scanning and visualization features;
  • Strong features for statistics and trends, every deployment scenario evaluation;
  • Audit-ready logging and scheduled reporting capabilities.
We got good feedback on our SoD module, even in comparison with competitors who specialize in this area, but I agree with KuppingerCole’s analysts that our tool should be seen as a complementary solution to existing GRC tools. Our primary advantages are the Vulnerability Management and Code Scanning modules and the unique advanced correlation functionality which can add information from the SoD module to the general picture, unlike any stand-alone SoD or VM solution. While our technology cannot give you the advantage of prevention that other tools provide, it’s much easier to use for consulting companies, who already benefit from this solution because it doesn’t require implementation of any agents in SAP systems. To help companies use our solution as a complementary tool to SAP GRC, we already have integration with SAP GRC.

– Alexander Polyakov, CTO, ERPScan

The report also details that ERPScan has got positive ratings in the Security area for overall secure architecture of its product as well as in the Interoperability area for integration with external solutions, including GRC, ITSM, SIEM, and IDS systems from SAP and non-SAP.

About KuppingerCole

Founded in 2004, KuppingerCole is a global Analyst Company headquartered in Europe focusing on Information Security and Identity and Access Management. KuppingerCole further specializes in Governance, Risk Management and Compliance.

KuppingerCole’s analysts are experienced in deriving corporate value from securing and maintaining information security and privacy across cloud, mobile and social computing platforms. Under the leadership of founder Martin Kuppinger, KuppingerCole’s highly qualified and globally recognized analysts continuously research and update our online research library, and perform manufacturer-independent advisory services.

KuppingerCole organizes conferences, workshops, and webcasts in the fields of Information Security, IAM and Cloud.

About ERPScan

ERPScan is one of the most respected and credible Business Application Security providers. Founded in 2010, the company operates globally. Named an Emerging Vendor in Security by CRN 2015 and distinguished by 30+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities. ERPScan consultants work with SAP SE in Walldorf to assist in improving the security of their latest solutions.

We follow the sun and function in two hubs, located in the Netherlands and the US, to operate local offices and partner network spanning 20+ countries around the globe.