Today is an important day in Onapsis history. We’re officially kicking off the first annual Onapsis Roadshow series in North America. We have seen rapid growth in customers engaging Onapsis for our expertise in SAP cyber-security solutions. With a growing amount of customers leveraging our solutions, now is the time for us to bring our customers together in order to share best practices and build out their networks to make the most out of their investment with Onapsis.
$1.3 billion lost an hour! This is what one of our global customer’s estimates is the impact to their business if their SAP systems become compromised and operations are disrupted. The cost of an SAP breach can be inconceivable. And yet, it may be one of the most under scrutinized areas in IT security from a business continuity perspective. Everyday our services team sees the real-world impact of breaches to organization’s SAP systems.
Even though SAP has more than 10,000 standard transactions, all companies create their own custom ones. There are different reasons for building custom transactions. For example, a user might need a specific report, a list, or a functionality that isn't in the system. Sometimes there are even cases where custom transactions with identical functionality of an existing standard transaction are created. Creating custom transactions isn't a problem, it is a normal usage of the system.
SAP is a complex and ever changing system, whether because of changes introduced to your SAP implementation to better suit your business, or through the application of Security Notes (Patches) to ensure that newly disclosed vulnerabilities are mitigated. In order to provide a predictable and scheduled flow of vulnerability mitigation information and security patches, SAP releases the major part of their latest Security Notes information on the second Tuesday of every month.
A few days ago, an important set of bugs that affect the suites of protocols TLS/SSL were published in https://www.smacktls.com/. These protocols are mainly used as the security layer underlying the HTTP(s) protocol, but many other protocols may be affected. The described vulnerabilities have received specific names: SKIP-TLS and FREAK.