SAP Security Monitoring with agilesi. agilesi tm Solution Brief Product Specification July 2012 Version 1.1



Similar documents
agilesi tm Whitepaper September 2012 Version 1.1 SAP Security Monitoring with agilesi Business Whitepaper Securing SAP Landscapes

Andreas Mertz (Founder/Man. Dir. it-cube SYSTEMS, CISSP) 360 SAP Security

Securing your IT infrastructure with SOC/NOC collaboration

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

IBM QRadar Security Intelligence April 2013

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM QRadar as a Service

Secret Server Splunk Integration Guide

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Continuous Audit and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

QRadar SIEM and Zscaler Nanolog Streaming Service

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

DEMONSTRATING THE ROI FOR SIEM

1 Introduction Product Description Strengths and Challenges Copyright... 5

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Demonstrating the ROI for SIEM: Tales from the Trenches

Strengthen security with intelligent identity and access management

Inception of the SAP Platform's Brain Attacks on SAP Solution Manager

ObserveIT User Activity Monitoring

What is Security Intelligence?

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Protect Your Connected Business Systems by Identifying and Analyzing Threats

Drive Performance and Growth with Scalable Solutions for Midsize Companies

Q1 Labs Corporate Overview

Vendor Landscape: Security Information & Event Management (SIEM)

CyberArk Privileged Threat Analytics. Solution Brief

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

Application Monitoring for SAP

QRadar Security Intelligence Platform Appliances

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

End-to-End Application Security from the Cloud

Vulnerability Management

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Find the intruders using correlation and context Ofer Shezaf

Dynamic Enterprise Performance Management

Introducing SAP s Landscape and Data Center Innovation Platform. Phil Jackson SAP Solution Engineer

IBM Security Intelligence Strategy

SANS Top 20 Critical Controls for Effective Cyber Defense

Continuous Monitoring and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

SAP Security Recommendations December Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.

Enterprise Security and Risk Management

SAP NetWeaver Information Lifecycle Management

Security Integration Splunk and ArcSight

Attack Intelligence: Why It Matters

Tivoli Security Information and Event Manager V1.0

High End Information Security Services

theguard! SmartChange Intelligent SAP change management think big, change SMART!

Continuous Network Monitoring

SAP Business Objects Attacks: Espionage and Poisoning of BI Platforms

QRadar SIEM and FireEye MPS Integration

IBM Cognos Performance Management Solutions for Oracle

How To Buy Nitro Security

Scalability in Log Management

IBM SECURITY QRADAR INCIDENT FORENSICS

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

SAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH

White Paper: Consensus Audit Guidelines and Symantec RAS

Minimize Access Risk and Prevent Fraud With SAP Access Control

The Shop Floor Dispatching and Monitoring Tool. Jutta Wesemann-Ruzicka SAP AG

CYBER-ATTACKS & SAP SYSTEMS Is our business-critical infrastructure exposed?

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

HP NonStop Server Security and HP ArcSight SIEM

Extreme Networks: A SOLUTION WHITE PAPER

IBM Security X-Force Threat Intelligence

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

IBM Security QRadar SIEM Product Overview

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

From the Bottom to the Top: The Evolution of Application Monitoring

Automate PCI Compliance Monitoring, Investigation & Reporting

Extreme Networks Security Analytics G2 Vulnerability Manager

Solve Your Toughest Challenges with Data Mining

CA SiteMinder SSO Agents for ERP Systems

The SIEM Evaluator s Guide

SAP IT Infrastructure Management

Under the Hood of the IBM Threat Protection System

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Detect & Investigate Threats. OVERVIEW

Enforcive / Enterprise Security

How To Manage A Privileged Account Management

FIVE PRACTICAL STEPS

Detect, Prevent, and Deter Fraud in Big Data Environments

Boosting enterprise security with integrated log management

The Purview Solution Integration With Splunk

Ultimate Windows Security for ArcSight. YOUR COMPLETE ARCSIGHT SOLUTION FOR MICROSOFT WINDOWS Product Overview - October 2012

How to Define SIEM Strategy, Management and Success in the Enterprise

Solve your toughest challenges with data mining

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Caretower s SIEM Managed Security Services

CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014

Transcription:

SAP Security Monitoring with agilesi Solution Brief agilesi Rel. 1.1

Product Overview agilesi turns SAP Security Data into Insight, Action and Competitive Advantage. The new agilesi solution is a game-changer in the space of monitoring SAP systems for critical security events, through its combination of unprecedented depth of visibility and the deep, built-in knowledge of how to best utilize that visibility. agilesi goes far beyond regular SoD checks performed on a few selected systems. With its ABAP-based extractor framework it integrates seamlessly with SAP landscapes. Centrally managed and precisely configured extractors offer unlimited access to the various sources within an SAP R/3 system and all its modules. All relevant event and configuration information is pulled in customizable intervals from all systems of interest. Of course it s officially certified by SAP to integrate with SAP applications. Leveraging on its extensive built-in content base a vast array of suspicious events, fraudulent activities and weak settings will become visible, and thus identifying vulnerabilities, threats and other important issues at the earliest possible stage. By improving SAP Security & Risk Management agilesi generates intelligent, actionable insights, lowers the number and criticality of auditors' findings, enables compliance and transforms risk into remediation.» A paradigm shift in the purpose of 360 SAP Security Monitoring out-of-the-box solution which not only alerts on issues, but pre-emptively monitors for early warning signs, and proactively secures your most critical business application «Product Description System Architecture Figure 1: agilesi system architecture agilesi is based on a three layer architectural model with a collection, an Administration and an Analytics Layer (Figure 1). The main task to be performed at the Collection Layer is the extraction of data performed by the agilesi agents running on SAP systems that will be monitored. The agents are developed in ABAP and integrate closely with the SAP systems. They will be delivered as Add-Ons or SAP transports, i.e. having their own namespace registered with SAP. The Agents and the central component called Core form a powerful versatile extractor framework the backend of agilesi. The main component of the Administration Layer is the agilesi Core - the central instance for setting up the solution, configuring and monitoring it, which also receives and preprocesses all security monitoring data extracted by the Agents. The agilesi Core also is an Add-On, and can be installed on one of the Agent systems along with an Agent, or separately on a dedicated SAP Netweaver Application Server ABAP. The central pillar of the Analysis Layer is the agilesi frontend which can be either a SIEM solution which may already exist in the customers IT infrastructure or as Standalone Version utilizing an embedded front-end based on Splunk. Security Intelligence for the SAP landscape System Features agilesi eliminates the blind spot in SAP Security Monitoring. It is a real Security Intelligence solution that covers auditor guidelines, security recommendations for SAP systems and the results of numerous SAP penetration tests out of the box. It can be easily adapted to cover customer specific monitoring requirements without any programming efforts. agilesi also interworks with SAP code scanning solutions for a more holistic approach. Common point-solutions only solve a few aspects of SAP security lacking variety of flexible formats and causing a significant overhead in manual efforts. agilesi extracts and interprets continiously all of the necessary data in SAP landscapes that regular tools cannot provide. The agilesi agents have several data extractors to access data stored in log files, tables, change documents, etc. Table 1 lists all extractors and the data available through agilesi. Extractor Events/Data Example Use Cases!» Over 95% of SAP systems are exposed to espionage, sabotage and fraud attacks.«do you really think auditing SoD controls is sufficient? Deep, High Resolution Visibility agilesi continuously scans the whole SAP landscape (ABAP-based system) and detects weak system configurations, excessive user access rights (and SoD violations), potential threats through attacks, and can be used to monitor critical transactions or privileged user activity. The preprocessed data is analyzed in SIEM (Security Information and Event Management) solutions of different vendors, and cross-device correlated with events from the surrounding ITinfrastructure, e.g. databases, operating systems, user identity management systems, etc. at the same time. Security Audit Log System Log Subset of security events in SAP systems, such as (failed) logins, transaction starts, etc. SAP basis log for availability, error tracking, security,... Brute force login User created / deleted /l ocked / unlocked Password changes Execution of reports Debugging Execution of OS commands System Parameters SAP system configuration Password policy checks SAP Gateway check Encryption of communication (SNC status) - 2 - - 3 -

Tables Data stored in tables System and client change settings Single Sign-On / Logon Tickets RFC configuration Any data stored in any table Ping Monitor availability Check availability of SAP systems Gateway Config. & Log Communication with external programs Monitor 'denied' external calls Access Controls Authorization data SoD checks Table Logging Changes to data stored in tables Monitor critical tables (master data, conditions of purchase) Table 1: agilesi TM Extractors and Example Use Cases Figure 3: agilesi Standalone Dashboard (example) Figure 4: agilesi for ArcSight ESM Dashboard (example) The Core is the agilesi central component at the Administration Layer which provides a native web interface based on SAP s Web Dynpro ABAP (WP) technology to centrally configure and monitor the backend part of the solution (figure 2). The predefined reports based on generally accepted audit guidelines and SAP security recommendations help customers to get the findings into a remediation cycle and take action to improve system security or react on security incidents. The solution delivers results out of the box but is highly customizable to allow adoption to special requirements and customers security policies. agilesi currently provides reports for the TOP20 SAP Security Use Cases for all supported SIEM systems and for the standalone solution. The report collection for agilesi for ArcSight ESM additionally contains all reports covering the DSAG (Germanspeaking SAP User Group ) audit guidelines (see figure 5). Figure 2: Core s administration Web frontend Depending on the SIEM system, the Core and it s Consumer Connector create output data in either file-based format, which can be accessed by the SIEM system at the file system level or as a syslog stream. The data format can be different to support the various frontends, e.g. ArcSight s Common Event Format (CEF). The messages are fed into SIEM systems, get categorized, often utilizing extended schemes, e.g. Domain Field Sets to handle the more than 1.500 SAP-specific key value pairs. The agilesi Security Analytics Pack provides a comprehensive set of predefined correlation rules, meaningful dashboards, and adoptable reports for security relevant key indicators. The rule sets are applied to check for compliance, and identify violations, suspicious patterns, anomalies and security-related events. Presenting a view of the information, agilesi provides real-time dashboards with a highly intuitive and customizable layout for each of the SIEM systems to be integrated (figure 3 & 4). Figure 5: Report collection provided with agilesi for ArcSight - 4 - - 5 -

Supported Platforms agilesi is supported for all ABAP-based applications that are in SAP Mainstream Maintenance, installed on SAP Netweaver Application Server ABAP 7.0 EHP 1 or later (see figure 6), for example: SAP NetWeaver 7.0 EHP 1 SAP NetWeaver 7.3 SAP ERP 6.0 SAP CRM 6.0, 7.0 SAP SCM 5.1, 7.0 SAP SRM 6.0, 7.0... Key Values and Benefits agilesi - A CISO s Weapon for Passing Audits and Minimizing Risks Integrating application security events into SIEM systems can quickly become a parody of its promise: inefficient, expensive and time-intensive. agilesi helps security teams and business process owners to take direct, timely action to operate proactively and effciently in handling security incidents. Automation, continuous data extraction and smart correlation are the three key factors to save money, protect transaction integrity and reduce staff workload. Eliminate the blind spot in SAP Security Monitoring Regain control with Security Intelligence for SAP Continously monitors critical system conditions and events Automates collection, correlation, visualization & reporting Reduces audit costs & efforts Provides standard checks and SAP-specific threat vector detection Enables SOC teams to interpret SAP security events Improves SAP Security & Risk Management Lowers number and criticality of auditors' findings Transforms risk into remediation Supports fulfillment of compliance requirements Consolidates the SAP tool zoo into one holistic approach Major vendors evaluated agilesi and signed in technology partnerships and joint-development programs to enhance the detection capabilities of their SIEM products by bridging the 'SAP-SIEM-Gap'. Global corporations and government agencies have tested agilesi to drive smarter, faster decisions in security risk management that contribute directly to the bottom line of IT operations. Figure 6: Supported SAP products (as of March 2012): agilesi TM is supported on Mainstream Maintenance products (yellow). Source: SAP AG! agilesi supports CEF for HP/ArcSight ESM, and other formats e.g. for splunk, IBM Q1Labs QRadar, and LogRhythm. Other consumers will be supported in the future. - 6 - - 7 -

About Headquartered at Munich, Germany, it-cube is a leading full-service provider for IT-Security with a proven track record of projects delivering a measurable reduction in business risk and lowering the long term investment in information security. it-cube is committed to providing excellence and innovation through highly specialized developments, products and services, including Consulting, Customization, System Integration, Training, and Operational Services. With over 10 years of experience and an extremely motivated, qualified and certified team it-cube serving national and international major blue chip organizations. With agilesi it-cube SYSTEMS provides a continuous analysis platform for 360 SAP Security Monitoring that generates actionable insights and competitive advantage without requiring that SOC teams become SAP experts. Our packaged security analytics convert risk into remediation making critical events and settings interpretable by meaningful visualizations showing what happened, by whom, why and how to solve it. While it-cube SYSTEMS is an endorsed SAP business partner, agilesi is officially certified to be integrated with SAP applications. it-cube SYSTEMS is active throughout Germany / Austria / Switzerland and around the globe. Our customers include renowned large corporations as well as medium-sized enterprises of various sectors, such as the aerospace, automotive, financial, insurance, telecommunication, and chemical industries. Founded in 2006, it-cube SYSTEMS is privately held and headquartered in Munich, Germany. For more information about agilesi, please visit our Web site at /sap, email us at sales@it-cube.net or call us at +49 89 2000 148 0. Copyrights and Trademarks Copyright 2012 All Rights Reserved. All information to be changed without further notice. it-cube will accept no liability for the information provided here and will not guarantee that it is up to date, correct, complete or sound. Liability claims against the author, based on material or ideal damages caused by the use or ignorance of information provided here, will be generally excluded except in proven cases of gross negligence or conscious wrong-doing on the part of the author. The author explicitly reserves the right to modify, complete, delete certain sections of web-pages or the entire offer without further notice, or to cease to publish this content temporarily or definitively. agilesi as well as the respective logo is a trademark or registered trademark of it-cube Systems GmbH in Germany and other countries. SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. ArcSight ESM is a trademark of ArcSight, an HP company. All other product and service names mentioned are the trademarks of their respective companies. legal notice: photo page 8: blind date / photographer: birdy`s. / source: photocase.com; front: fotolia.com; page 2: istockphoto.com, Published by Paul Gerhardt-Allee 24 81245 München Handelsregister: HRB 164 145 USt-ID-Nummer nach 27 a UStG: DE814759132 Geschäftsführer: Dipl.-Ing. Andreas Mertz T: +49-89 2000 148 00 F: +49-89 2000 148 29 E: info(at)it-cube.net

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information