ERPScan to update the first and only PeopleSoft Security Suite

Palo Alto, CA – July 7, 2017 ERPScan, the most honorable ERP Security vendor and the only company providing tools specialized for assessing security of Oracle PeopleSoft applications, presents significant updates to its product – ERPScan Security Monitoring Suite for Oracle PeopleSoft – in the wake of recent cyberattacks and upcoming GDPR.

Oracle PeopleSoft combines Supplier Relationship Management, Human Capital Management, Supply Chain Management, and other applications. The software has 6000+ enterprise customers (57% of the Fortune 100 list) and serves 20 million end users worldwide and is in use at over 800 universities across 20 countries.

Several attacks against PeopleSoft applications, especially ones against higher education institutions, were covered by the security media. For example, in 2012, a student breached a PeopleSoft platform of the University of Nebraska in Lincoln (UNL) and obtained SSNs on more than 650 000 students, parents, and personnel. Still, publicly known attacks are just the tip of the iceberg.

PeopleSoft applications are often connected to the Internet for providing access to third parties. According to a Shodan search, there are over 200 PeopleSoft Systems exposed to the Internet, with most servers located in the North America.

Multiple vulnerabilities affecting the Oracle PeopleSoft system (361 in total, according to the vendor’s official advisories), could allow attackers to get unfettered access to the system and obtain critical HR or supplier data, social security numbers, and even credit card data. Hackers can also cause denial of service or modify financial information such as bank account numbers.

Because of their extreme complexity and high level of customization, protecting Oracle’s PeopleSoft is a unique challenge. Nowadays its security is more important than ever as GDPR is coming and PeopleSoft falls under the regulation.

Higher education shapes the future of a country, that’s why we are proud to introduce our renewed solution, which, in addition to standard PeopleSoft security checks, analyzes particular settings of PeopleSoft modules for Higher Education. The product also includes special checks for the most critical modules in terms of business impact, namely HR and Financial.

– commented Alexander Polyakov, CTO at ERPScan.

ERPScan updated its first and only cybersecurity suite for PeopleSoft applications in order to combine 3 areas of security so the solution:

  • Analyzes vulnerabilities and misconfigurations in the PeopleSoft platform;
  • Checks custom-developed PeopleSoft applications written in PeopleCode for vulnerabilities and backdoors;
  • Performs Segregation of Duties checks to detect users with rights to carry out multiple critical actions.

Another key enhancement is a Threat Map – a unique patent-pending tool that creates a map of connections between numerous PeopleSoft systems within a company to show how an attacker can pivot from one system to another using various hacking techniques.

Join our webinar on 19th July to learn the latest news and findings related to Oracle PeopleSoft security and updates to our solution.

About ERPScan

ERPScan is the most credible Business Application Cybersecurity provider. The company operates globally and enables large Oil and Gas, Financial, Retail, and other organizations to secure their mission-critical processes. Named an ‘Emerging Vendor’ in Security by CRN and distinguished by 40+ other awards, ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.

ERPScan’s primary mission is to close the gap between technical and business security and provide solutions for CISOs to evaluate and secure SAP and Oracle ERP systems. Our clients are large enterprises, Fortune 2000 companies and managed service providers.