ERPScan Announces Threat Map to simplify protection of SAP systems at the Gartner Security & Risk Management Summit

Gartner Security & Risk Management Summit 2017, National Harbor, MD, 13 June, 2017ERPScan, the most credible business application security provider, is excited to announce updates to its flagship product for securing SAP environments at the 2017 Gartner Security & Risk Management Summit, June 12-15.

SAP Cybersecurity was an important topic for years but now it deserves increased attention. An SAP system introduces more risks than businesses assume. In the era of growing number of connected devices, which provide access to the system from anywhere, network and organizational boundaries are blurring. So an SAP software is changing. From a legacy system available only inside the company and known by financial and HR departments, it has transformed into a global IT platform with Cloud and Mobile features and 300k+ customers interconnected into a global chain. Another reason behind the skyrocketing importance of SAP Security is that attackers have shifted their focus; instead of hacking endpoints, they target business applications – since 2012, we witness cyberattacks on SAP annually.

Besides, according to the ERP Cybersecurity Survey 2017 released by Crowd Research Partners several weeks ago, 89% of security professionals anticipate that the number of attacks on SAP systems will increase. Moreover, the average damage of an SAP security breach is estimated at $5 million.

Only the cutting-edge technologies can protect SAP systems from the sophisticated threats. ERPScan is happy to announce the latest enhancements to its flagship product, ERPScan Security Monitoring Suite for SAP, that is focused on improving visibility and risk prioritization based on overall impact and business context.

A new patent-pending technology dubbed Threat Map is aimed to optimize the work of securing SAP applications by providing a scheme of all interconnected SAP systems within an organization and their security issues that are likely to be exploited by a malefactor. Threat Map automatically identifies potential attack vectors and, unlike traditional tools which can provide only network topology, creates an interactive map of attacks on the application layer. ERPScan’s advanced algorithm calculates all the thousands of possible attack paths (e.g. via unpatched vulnerabilities, misconfigurations, and default passwords) and presents them as a map. For instance, a common SAP installation is a dozen of SAP Systems with hundreds of connections. The tool can predict a typical attack scenario when hackers can break into a non-productive system, decrypt a password and use it in another system responsible for the core business.

A customer will also receive a list of systems sorted by the remediation priority status – a unique metric, which combines criticality of SAP System, criticality of all connected systems, the number and weight of all the system’s connections and the number and severity of all vulnerabilities in the selected system. All the listed features help to find the weakest link which should be patch first of all.

We welcome all Gartner Security Summit attendees to visit our booth 1032, have a look at our updates and receive a free copy of recently released SAP Cybersecurity Framework, a document based on Gartner’s PPDR Framework which can help to align SAP Cybersecurity into overall Cybersecurity initiative.

About the Gartner Security & Risk Management Summit

The premier gathering of security, risk management, and business continuity management leaders, the Gartner Security & Risk Management Summit delivers the insight organizations need to secure a digital business future. The comprehensive agenda addresses the latest threats, flexible new security architectures, governance strategies, the chief information security officer role, and more. The summit offers a unique opportunity to reinvent security and risk for the digital age, based on Gartner’s trusted independent research and practical recommendations.

Gartner Disclaimer

While Gartner is hosting the Gartner Security & Risk Management event, Gartner is not in any way affiliated with ERPScan or this promotion, the selection of winners or the distribution of prizes. Gartner disclaims all responsibility for any claims that may arise hereunder.

About ERPScan

ERPScan is the most respected and credible Business Application Cybersecurity provider. Founded in 2010, the company operates globally and enables large Oil and Gas, Financial, Retail, and other organizations to secure their mission-critical processes. Named an ‘Emerging Vendor’ in Security by CRN, listed among “TOP 100 SAP Solution providers” and distinguished by 40+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.

ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions for CISOs to evaluate and secure SAP and Oracle ERP systems and business-critical applications from both, cyberattacks and internal fraud. Our clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to monitor and manage security of vast SAP and Oracle landscapes on a global scale.

We function in two hubs, located in Palo Alto and Amsterdam to provide threat intelligence services, agile support and operate local offices and partner network spanning 20+ countries.