Recognize Attack Patterns within SAP Applications

Security is critical - not only for operating with integrity but also for securing business operations and competitive advantage. An entire industry of cybercriminals has specialized in using dishonest means to squeeze some of the economic success out of hard-working organizations.

Arvato Systems is now introducing a new solution to detect suspicious actions in an SAP application based on Advanced Detection Capabilities.

Even if humans remain one of the most significant vulnerabilities in threat prevention, IT must also do its homework. Fortunately, it's not just on the dark side that some intelligent minds are working - by far, the more significant part is concerned with recognizing attack patterns and defending against attacks. It is essential to continually develop new, innovative solutions for the three imperative success criteria of prevention, detection, and reaction to eliminate risks specifically. The CISO already has a wide range of tools at its disposal for this purpose. However, many of them are limited to data management at the input and/or output levels.

We are getting better at detecting unauthorized access to data or the attempted injection of corrupt data into a system. Stopping the leakage of important corporate data from a system is also an eternal cat-and-mouse game. Sometimes it's the smart defenders who have the upper hand, and sometimes it's the others.

Arvato Systems is now adding another component to this setup, making it even more difficult for attackers to put their criminal intentions into action. We have thought about how fraud attempts can be detected directly in an SAP application. By combining the latest Microsoft security technology, the SAP Connector and many years of application expertise, data can now be used for analysis in SIEM Microsoft Sentinel.

Increasingly, hackers aren't bulldozing their way in and grabbing what's on display. Often, you'll sneak in through back doors to get in. Eventually, someone in the organization may weaken and click on a link. This gives attackers the opportunity to spy on the organization at their leisure and secretly view data. In this way, they may prepare for a later attack.

This is exactly where Arvato Systems' new Microsoft Sentinel Threat Monitoring for SAP comes in. By analyzing and correlating real-time data, we link the traces that attackers leave behind within the SAP application. In this way, attacks are uncovered and fraud attempts are detected in time.

Our managed service proactively examines data usage deep within the application, drawing on data sources such as the audit log, syslog, and most importantly, the application log. The combination of these three logs makes the difference: event data is collected, aggregated and made available to innovative AI and ML algorithms for a new level of fraud protection. Although the implementation of this concept requires the use of cloud solutions, the application under investigation does not need to be in a cloud environment. The SAP Connector uses the latest Docker-based container technology for easy setup. The necessary code units are simply integrated into the SAP application code. This connects the solution to the Docker container and analysis can begin. Companies are thus enabled to detect attack patterns even faster and are given more time for substantial response and/or protective measures.

Arvato Systems is one of the first partners to combine the power of Microsoft Azure Sentinel and the SAP Connector with deep knowledge of the SAP application landscape. And one of only a handful of partners invited by Microsoft to develop a solution for this specific use case. OurMicrosoft Sentinel Threat Monitoring for SAP is offered as a managed service - for continuous monitoring of SAP instances.

Contact us to learn more about the innovative Microsoft Sentinel Threat Monitoring for SAP. We look forward to helping you reduce the attack surface for cybercriminals.