1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5



Similar documents
ObserveIT User Activity Monitoring

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

1 Introduction Product Description Strengths and Challenges Copyright... 5

Vulnerability Management

Protecting the keys to your kingdom against cyber-attacks and insider threats

NextLabs Rights Management Platform

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Extreme Networks Security Analytics G2 Vulnerability Manager

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

IBM Security QRadar Vulnerability Manager

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IBM Security QRadar Risk Manager

ALERT LOGIC FOR HIPAA COMPLIANCE

What is Security Intelligence?

How To Buy Nitro Security

The SIEM Evaluator s Guide

End-user Security Analytics Strengthens Protection with ArcSight

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

TRIPWIRE NERC SOLUTION SUITE

IBM Security QRadar Risk Manager

Privilege Gone Wild: The State of Privileged Account Management in 2015

Netzwerkvirtualisierung? Aber mit Sicherheit!

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Q1 Labs Corporate Overview

Total Protection for Compliance: Unified IT Policy Auditing

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Privilege Gone Wild: The State of Privileged Account Management in 2015

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

IBM Advanced Threat Protection Solution

Safeguarding the cloud with IBM Dynamic Cloud Security

Oracle Role Manager. An Oracle White Paper Updated June 2009

PCI DSS Overview and Solutions. Anwar McEntee

The Benefits of an Integrated Approach to Security in the Cloud

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

THE TOP 4 CONTROLS.

McAfee Database Security. Dan Sarel, VP Database Security Products

Extreme Networks Security Analytics G2 Risk Manager

Continuous Network Monitoring

Trend Micro. Advanced Security Built for the Cloud

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

2012 North American Managed Security Service Providers Growth Leadership Award

QRadar SIEM 6.3 Datasheet

IBM QRadar Security Intelligence April 2013

SANS Top 20 Critical Controls for Effective Cyber Defense

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

How To Manage Security On A Networked Computer System

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Unified Security, ATP and more

Application Monitoring for SAP

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Cybersecurity and internal audit. August 15, 2014

The Importance of Cybersecurity Monitoring for Utilities

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

How To Protect Your Cloud From Attack

Using SIEM for Real- Time Threat Detection

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Boosting enterprise security with integrated log management

Requirements When Considering a Next- Generation Firewall

Avoiding the Top 5 Vulnerability Management Mistakes

Under the Hood of the IBM Threat Protection System

Protect Your Connected Business Systems by Identifying and Analyzing Threats

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

8 Key Requirements of an IT Governance, Risk and Compliance Solution

How To Manage A Privileged Account Management

Symantec Cyber Security Services: DeepSight Intelligence

FIVE PRACTICAL STEPS

Payment Card Industry Data Security Standard

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

IBM Security IBM Corporation IBM Corporation

The Cloud App Visibility Blindspot

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Security. Security consulting and Integration: Definition and Deliverables. Introduction

PCI DSS Reporting WHITEPAPER

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

End-to-End Application Security from the Cloud

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Find the needle in the security haystack

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Cisco Advanced Malware Protection for Endpoints

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Enterprise Security Solutions

Transcription:

KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform to integrate vulnerability and compliance controls, real-time detection and response, as well as advanced threat protection functionality into existing risk and incident management infrastructures. by Alexei Balaganski ab@kuppingercole.com May 2015 Content 1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5 Related Research Leadership Compass: Access Control / Governance for SAP Environments 71104 Executive View: SAP Audit Management - 71162 Report No.: 71290

1 Introduction Onapsis is a privately held cyber-security company headquartered in Boston, MA, USA. Founded in 2009, the company has been focusing on providing solutions for securing business-critical enterprise applications. In just a few years, Onapsis has established itself as one of the leading experts in the area of SAP cyber-security. With a dedicated team of security experts, the Onapsis Research Labs work closely with SAP to provide up-to-date intelligence on vulnerabilities and other threats specific to SAP systems. With offices in Munich, Lyon, London and Buenos Aires, Onapsis has a strong global market presence, serving over 160 large enterprises from verticals including manufacturing, energy and retail. The company also has a large partner network that includes leading consulting and audit firms and technology vendors. Extensive integration capabilities through a set of open APIs, as well as endorsement by the largest consulting agencies has made the most widely used SAP-specific security solution in the market. It is impossible to overestimate the importance of SAP system security for modern enterprises. SAP solutions are widely used in all industries to store sensitive information and run critical business processes: from Enterprise Resource Planning and Human Resources systems to Business Intelligence to Customer Relationship and Supply Chain Management. Constant availability and protection of SAP systems is critical for over 250,000 enterprises around the world, as is their continued visibility and auditability to ensure compliance. Regular (ideally, continuous) inventory, assessment and auditing of SAP systems is therefore both a critical security and compliance requirement to ensure that potential problems are discovered before they are exploited by attackers or punished with a hefty fine from auditors. Unfortunately, although most companies focus on addressing business logic security with GRC solutions, securing SAP application platform and network infrastructures is often left to existing general security tools like firewalls and antiviruses. However, such tools are incapable of identifying application-specific vulnerabilities, misconfigurations or abnormal behavior patterns, because they lack relevant context information about SAP systems. Only a specialized solution that can correlate such information with the latest vulnerability intelligence is able to detect these problems and to assign a meaningful risk score to each of them. However, even if a particular vulnerability has already been discovered, it may take up to 18 months for SAP to develop a patch and for an organization to deploy it on a running SAP system. This leaves a large window of opportunity for hackers to exploit the vulnerability and compromise sensitive data or disrupt critical business processes. Detecting zero-day vulnerabilities and protecting unpatched systems from exploits is therefore a must. The is an example of an integrated approach to address all of these challenges. The platform provides a unified foundation for a set of solutions for Vulnerability and Compliance, Detection and Response, and Advanced Threat Protection for SAP systems. Quick deployment, rich integration capabilities with existing security infrastructures and flexible subscriptionbased pricing backed by a large network of partners and expertise of the company s own research team make Onapsis the leading contender in the SAP security solution market. Report No.: 71290 Page 2 of 6

2 Product Description is an integrated cyber-security solution for business-critical applications in SAP environments. Combining context-aware insight into various platforms (ABAP, J2EE, HANA, Mobile and BusinessObjects) with the latest security intelligence from the company s own research lab and integrating with existing network security and incident management systems, it provides a unified platform for continuous real-time monitoring of SAP systems, early discovery and remediation of security and compliance problems, detection and response to hacking attacks and malicious insider activities, as well as protection from zero-day vulnerabilities and other advanced threats. The is the common foundation for a range of solutions that Onapsis is providing to address various aspects of enterprise application security. These solutions are offered on a subscription basis and can be deployed individually or as a completely integrated suite. In the latter case, individual components are able to complement each other by sharing additional context information, which improves ranking of incidents by risk score and provides better analytics and remediation capabilities. Regardless of the chosen license, the solution is deployed as a preconfigured virtual appliance hosting the central console and a number of network sensors installed close to the target SAP systems. Most customers run them on premise for security reasons; however, cloud deployments are supported as well. An important aspect worth noting is openness and extensibility of the platform. By leveraging a number of open APIs, it integrates with existing network security tools like firewalls or intrusion detection systems, as well as governance and SIEM solutions. The platform itself is constantly being enhanced, with support for other enterprise application platforms (such as Oracle) on the roadmap. Currently, Onapsis offers the following modules built on top of their Security Platform: Onapsis Vulnerability and Compliance The Vulnerability and Compliance solution provides comprehensive insight into existing SAP infrastructures to identify all their components and connections between them and thus to facilitate vulnerability management and to identify possible security and compliance violations before they lead to a breach or a fine from auditors. By providing graphical maps of SAP infrastructures and by offering comprehensive asset categorization through dynamic tagging, the solution can greatly simplify management of large infrastructures with many geographical or business units, asset owners, etc. Automated auditing and risk assessments can then be performed continuously, on a schedule or manually when needed. By correlating discovered vulnerabilities, misconfigurations and compliance violations with business context, the solution can provide not just a flat list of problems, but a detailed mitigation plan prioritized by Common Vulnerability Scoring System (CVSS) scores and business impact with concrete actionable remediation information. A number of predefined compliance audit plans for major regulations like PCI, SOX or NERC is available. Naturally, customers can define their own policies as well and apply them to different parts of their infrastructures via dynamic tags. Report No.: 71290 Page 3 of 6

Onapsis Detection and Response The Detection and Response solution provides real-time visibility into malicious activities on SAP infrastructures and applications, including external threats, malware attacks and zero-day exploits. Additionally, it provides detection of abnormal user behavior, which usually indicates either a hacked account or a malicious insider. By combining the largest known SAP attack database with the ability to learn normal behavior patterns of internal SAP users, privileged accounts, as well as external contractors and other third parties, the solution ensures detection of most security threats close to real-time. When additional business context and critical asset information is available from the Vulnerability and Compliance module, detected security incidents are automatically prioritized by risk score and enriched with additional actionable information. Different kinds of alerts can be triggered based on risk score or various business attributes of affected systems. If a system is known to be immune to a particular attack, it is even possible to suppress unnecessary alerts completely. The system also detects and alerts on changes in SAP infrastructures that are not malicious per se, but may make organizations vulnerable for future attacks. Integration with existing network security tools and the ability to log SAP activities without enabling SAP s own logging mechanisms ensure high performance and low resource utilization. Advanced Threat Protection By subscribing to the Advanced Threat Protection service, customers get access to the most recent findings of the Onapsis Research Labs regarding discovered, but unpublished, vulnerabilities. Thus, their systems can be automatically protected from zero-day vulnerability exploits, closing the usual monthslong gap between the time a vulnerability is discovered and the time a patch is deployed. According to the company s estimates, this window can be as long as 18 months. It s worth emphasizing that does not provide any automated remediation mechanisms of its own for protecting SAP systems against active attacks. This is by design, since introducing automated changes into business-critical systems is extremely risky on its own and violates nearly every organization s change management guidelines. However, rich alerting functionality, integration with major SIEM solutions and a possibility to trigger an action in the existing network security infrastructure (for example, to block the source IP address of an incoming attack) still ensure that the users can significantly improve visibility and reduce response times to all kinds of threats to their enterprise application infrastructures. Report No.: 71290 Page 4 of 6

3 Strengths and Challenges With the, the company provides a unified enterprise application security solution for SAP environments backed by an extensive partner network. With comprehensive coverage for all major aspects of SAP security (with the possible exception of source code analysis), easy deployment as a virtual appliance and rich integration capabilities, and a promising roadmap for supporting other enterprise application platforms, Onapsis can be rightfully considered the first choice for any company looking for a solution to secure their business-critical applications. Strengths Unified platform distributed, multi-tenant, cloud-ready Own research lab provides up-to-date SAP security intelligence Open APIs for integrating with existing security and GRC solutions Comprehensive SAP infrastructure discovery with graphical maps and rich categorization capabilities (dynamic tagging) Automated identification of vulnerabilities, misconfiguration and compliance violations on continuous, scheduled or on-demand basis Predefined reports for key compliance guidelines with actionable remediation information and mitigation planning included Real-time detection of malware, exploits, abnormal user behavior, SoD violations, zeroday vulnerabilities Business context improves incident ranking, provides actionable information Challenges Does not include source code analysis functionality Does not provide automated remediation (by design, too risky for business-critical systems) 4 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. Report No.: 71290 Page 5 of 6

The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst company, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Straße 16 65193 Wiesbaden Germany Phone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information