×
[searchandfilter taxonomies="search"]
Home / Blog / How Does Appsian Work with SAP GRC Access Control?

How Does Appsian Work with SAP GRC Access Control?

By Rajesh Rengarethinam • August 20, 2020

At the SAPinsider 2020 virtual conference experience, one of our product demo attendees asked how Appsian works with SAP GRC Access Control. We get this question a lot as SAP security and system professionals explore adding attribute-based access controls (ABAC) to the native SAP role-based access controls (RBAC) to streamline and strengthen access policy management and enforcement. Sometimes there is confusion about whether ABAC is enhancing or replacing their RBAC. Let’s take a quick look at how Appsian’s ABAC works with and enhances SAP GRC Access Control.  

What is SAP GRC Access Control 

Organizations use SAP Governance, Risk, and Compliance (SAP GRC) to manage regulations and compliance and remove any risk in managing critical operations. One of the SAP GRC modules that helps organizations meet data security and authorization standards is SAP GRC Access Control. This module ensures that the right access is given to the right people with RBAC. It uses templates and workflow-driven access requests and approvals to streamline the process of managing and validating user access and provisioning. Without SAP GRC, for comparison, a person is creating all the roles from scratch and assigning privileges to them.

Appsian Enhances SAP GRC with Attribute-Based Access Controls 

Appsian combines the SAP GRC role-based access controls with an attribute-based access control solution that delivers an ABAC + RBAC hybrid approach. This enhanced approach enables granular control and visibility that delivers a wide range of business benefits and lets you deploy data-centric security policies that leverage the context of access to reduce risk.  

Appsian overcomes the limitations of traditional RBAC, allowing you to fully align SAP security policies with the objectives of your business and streamline audits and compliance. 

As you can see in this illustration, ABAC begins the moment users start to access data and transactions. Where RBAC assigns access based specific roles, ABAC considers the context of access (who, what, where, when, and how) before allowing access to transactions or data. Customers can set up additional rules that allow conditional access, for example, masking specific data fields or limiting the number of transactions after a particular time of day) or entirely denying access based on factors such as an unknown IP address. 

Real-Time Analytics for SAP Security & Risk Management 

With Appsian360, our real-time analytics and reporting tool, Appsian can enhance the SAP GRC reporting capabilities with direct, real-time visibility into transaction usage, violations, and compliance risk. Additionally, customers can: 

  1. Monitor transaction usage, master data changes, and SoD violations 
  2. View actual SoD violations with user, data, and transaction correlation 
  3. Segment reports by user/data attributes 
  4. Drill down into end-user usage events 

Appsian360 provides analytical reports to drill down into end-user usage events to capture business risks and anomalies, and usage events that tie back to compliance risks.  

The ABAC + RBAC Hybrid Approach to SAP GRC Access Control 

By combining data-centric security capabilities with attribute-based policies, Appsian extends and enhances the existing SAP GRC internal access controls and improves the reporting and auditing capabilities. 

Contact us today and schedule a demo to see how Appsian can help you enforce access controls beyond the standard RBAC model of SAP. 

Related Articles.

How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
Data privacy is often associated with how companies are allowed to collect and handle customer data. Lost in the data…...
April 6, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Monitoring High Privileged User Activity in PeopleSoft and SAP Using Appsian360

Monitoring High Privileged User Activity in PeopleSoft and SAP Using Appsian360

By Michael Cunningham • August 11, 2020

We are in the midst of a perfect storm of ERP security calamity: the greatest work from home experiment colliding with historic levels of employee churn and unemployment. Hackers are exploiting the situation by launching phishing, spear-phishing, and other social engineering attacks at remote workers to gain access to privileged user accounts and email passwords.   

The increased threat surface and hacker activity mandate that companies deploy a strong security posture at the identity perimeter, using tools such as virtual private networks (VPN) and adaptable multi-factor authentication (MFA). However, limiting security to user access and authentication can leave organizations at risk of malicious activity when, not if, a privileged user account is compromised.   

Unfortunately, today’s legacy on-premise SAP and PeopleSoft systems simply do not provide organizations the granular visibility and context of user access and data usage they need in real-time to make proactive and strategic decisions. This lack of visibility and reliance on static controls to ensure your most critical data isn’t compromised means that many organizations are flying blind.  

Monitoring Privileged User Activity Must Be Part of a Strong Security Posture   

The issue with traditional ERP logging and analytics is that it focuses on troubleshooting errors and scanning for broad system vulnerabilities. They were not designed for understanding user behavior, data access, and usage. In addition to ensuring a strict authentication process, companies need to layer in the ability to monitor privileged user activity continuously.   

Using a layered-defense approach, organizations can proactively mitigate many of the risks associated with the increased interest in corporate networks and user accounts. A strict authentication process on its own is no longer acceptable. Actively monitoring privileged account activity is a critical way of identifying that an external threat has entered the network, compromised an account, and is ultimately engaged in fraud or theft.   

Granular Privileged User Activity to Monitor  

Organizations can set fine-grained access controls all day long. For example, organizations may be able to apply time-based ABAC for standard users, since the general human resources employee likely works during daytime hours, and you have visibility into which user accessed an application. Unfortunately, if you do not have a granular-level view into precisely what a user accessed, then you are missing a significant part of the data security puzzle.  

I’m sure you can think of a list of all Tier 1, highly sensitive data fields you want to watch closely. A shortlist includes C-suite salary information, social security numbers, bank account information, national ID number, passport number, visa permit number, driver’s license number, etc.   

Continuously monitoring privileged user activity and behavior at the granular level provides valuable visibility into how users engage with data and what they do with their access. For example, application-level logging can’t track or show you if a hacker or malicious insider changes employee direct deposit information to route that week’s payroll run into an offshore account. Only field-level logging can show you how much “over access” users may have or if they are engaged in irregular activity.  

With this information, organizations can review whether a certain activity was necessary and document the findings. By tracking the activity back to the user, the organization proves governance and proactively protects data.  

Appsian360: Monitor ERP Activity for High Privilege Users  

Using Appsian360 to monitor privileged user activity, you get a 360-degree view of what is happening around your ERP data as well as full visibility into exactly how your ERP data is being accessed – by whom, from where, on what, and why. From there, you can map out a targeted incident response before damages become catastrophic.   

Your organization needs to be in a constant and vigilant state of security when it comes to monitoring privileged user account activity, especially in these times of excessive employee churn and remote access. Unfortunately, doing so in your ERP system is a manual process that needs to be addressed frequently.  

Request a demo of Appsian360 to see for yourself how your organization can actively monitor privileged user activity and mitigate the risks associated with a compromised account or malicious insider. 

Related Articles.

How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
PeopleSoft Data Privacy: Detecting When Users View Co-Worker PII Data
Data privacy is often associated with how companies are allowed to collect and handle customer data. Lost in the data…...
April 6, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Protecting ERP Data from Application Vulnerabilities Using A Multi-Layered Security Approach

Protecting ERP Data from Application Vulnerabilities Using A Multi-Layered Security Approach

By Michael Cunningham • August 6, 2020

You spend countless hours, not to mention considerable money, to secure your SAP and Oracle ERP data. One day, you discover that cybercriminals have exposed a vulnerability using an application misconfiguration. This has become increasingly common as criminals seek methods to covertly infiltrate applications to gain access to thousands of employee records. 

This situation happened to Microsoft in December 2019 and didn’t generate the kind of headlines usually associated with data breaches. This was simply a human error. But these kinds of human errors and misconfigurations are one way that hackers can gain a foothold into your SAP or PeopleSoft ERP system. Now the question is, how are you going to protect your data after an attacker side-stepped your perimeter defenses? 

Misconfiguration is the Fastest Growing Security Risk 

According to the 2020 Verizon Data Breach Investigations Report, misconfiguration errors (failing to implement all security controls) are up 4.9% from last year’s report and are the fastest-growing risk to web applications. It’s easy to apply this kind of risk to legacy ERP systems because SAP and PeopleSoft environments often consist of millions of lines of custom code and custom-built components communicating with each other and to external systems through various APIs and interfaces bolted together over time. 

On top of that, you’re dealing with an abundance of changes to roles, configurations, access controls, and compliance protocols to accommodate new business processes and evolving data privacy policies. If companies are not analyzing and monitoring the underlying security implications of all these changes and movement, they’re bound to face a similar situation as Microsoft with a backdoor left unlocked for any hacker to stroll through. 

Finally, don’t forget that many organizations simply do not stay current with system updates and security patches. According to the Data Breach Investigations Report, only half of the vulnerabilities are patched within three months after discovery, leaving companies exposed to attacks against known exploits.  

The Multi-Layered ERP Data Security Approach 

The growing complexity of SAP and PeopleSoft environments make securing ERP data an enormous challenge. To prevent inadvertent exposures from misconfiguration, Greg Wendt, executive director of Appsian, suggests that companies “must adopt a multi-layered security approach with dynamic security tools that can monitor user access in real-time, providing transparency over what data is accessed and by whom.”  

This multi-layered approach includes masking sensitive data, verifying identity via multi-factor authentication (MFA), and enhanced logging and analytics. Appsian adds layers of security WITHIN your ERP system to help ensure your data is still protected when a hacker strolls past your perimeter defenses, thanks to a misconfiguration. 

Dynamic Data Masking provides contextual masking policies that adapt to the context of access. That means when a hacker attempts to access sensitive data fields but doesn’t match key attributes such as user ID, privilege, device, location, or IP address, they will encounter full, partial, click-to-view masking or complete redaction of the data field. 

Adaptive MFA ensures that contextual attributes (ex. device, network, location) are the determining factor for deploying MFA challenges. For example, customers can require an MFA challenge when a user account is accessing the system from a remote IP address or after business hours.  

Enhanced Logging and Analytics with Appsian360 allow you to monitor your networks for suspicious activity and provide detailed insights regarding how, when, and by whom transactions and data fields are being accessed. This visibility is particularly important for identifying users with high-privilege access who are accessing pages they shouldn’t be. The enhanced logging can trace all the pages a user accessed during a session, helping to identify a potential intrusion. This kind of real-time data access and usage visibility was previously unavailable to SAP and Oracle ERP customers. 

Eyes and Ears on the Entire ERP Data Ecosystem at All Times  

“The enterprise must learn to have eyes and ears on their entire data ecosystem at all times,” said Wendt. Microsoft’s recent data breach due to misconfiguration highlights the importance of a security strategy that continuously looks for misconfigurations and compliance violations. Next, they should establish a multi-layered security approach to prevent unauthorized data access, along with enabling organizations with the ability to identify access trends that may be indicative of incorrect access controls. 

Misconfigurations are, unfortunately, a common error and should be treated with the same sense of urgency and level of effort by security professionals as their network perimeter. After all, not all attacks are external. 

Contact us today to learn how the Appsian Security Platform and Appsian360 can help you establish a multi-layered security solution. 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
How to Detect PeopleSoft Security Threats with Real-Time Analytics
How to Detect PeopleSoft Security Threats with Real-Time Analytics
PeopleSoft applications process and store vast amounts of customer, employee, and financial data that are constantly accessed by an increasing…...
April 12, 2022
Learn More
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
PeopleSoft Data Exfiltration: Be Alerted to the Violation of Data Security & Privacy Policies
The financial, reputational, and regulatory impact of a data breach can be catastrophic. Data exfiltration, whether malicious or accidental, typically…...
April 8, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Why Colleges and Universities are Rushing to Implement Single Sign-On for PeopleSoft

Why Colleges and Universities are Rushing to Implement Single Sign-On for PeopleSoft

By Scott Lavery • August 4, 2020

It’s not uncommon for higher education institutions to approach us (with great haste) about our Single Sign-On (SSO) solution for PeopleSoft Campus Solutions. Lately, I’ve noticed an uptick in the urgency. Nobody’s hair is literally on fire, but after speaking with a handful of universities, it sure feels that urgent. Here’s what’s happening. 

The COVID-19 Pivot Strikes Again 

When COVID-19 first caused colleges and universities to shut down their campuses and rapidly switch to online learning, that was their primary focus. Pretty much all non-essential IT (and PeopleSoft) projects were immediately put on hold. After an intense focus on student, staff, and faculty safety and performing herculean feats to enable remote learning and remote access for thousands, IT departments are back to focusing on data security and access.  

This summer, many institutions around the country were cautiously optimistic they could reopen in the fall and were making plans to welcome back faculty and students into something they hope will resemble normal campus life. IT and security teams were also busy, reviewing priorities, projects, and budgets. They know that thousands of students, faculty, and staff depend on the institution’s applications to keep operations running smoothly.  

Unfortunately, all this planning and optimism might be for naught. Almost daily, universities that had released detailed plans for in-person classes in the Fall have reversed themselves and said they will go almost entirely online. Because of these sudden changes, some IT departments are quickly pivoting to adapt their systems to better handle remote access and excessive self-service demands.  

And that’s the urgency we’re experiencing: To improve productivity, enhance security, and improve the overall user experience, universities are (urgently) turning to a SAML SSO solution for PeopleSoft Campus Solutions. Why? Because the first step in addressing usability is ensuring authentication is secure, without causing user friction. 

Enable PeopleSoft SSO with SAML-Based IdPs 

The good news is that Appsian can help universities meet this urgent request in two weeks or less. We provide the only turnkey SAML integration solution for PeopleSoft without any custom development or additional hardware. You can allow thousands of users (students and faculty) to access multiple applications, not just PeopleSoft, using a single login on any device.  

Customers can also use multiple IdPs concurrently, including Okta, Ping, ADFS, Shibboleth, Azure, and more, ensuring that any patchwork of systems used across groups, buildings, and departments are accessible and secure. 

The More Things Change, the More Changes You Have to Make 

COVID-19 has utterly wrecked the college experience for students, but requirements for accessing and securing applications for the upcoming school year haven’t changed for IT departments.  

What’s changed is the urgency to make sure that applications, data, transactions, and lectures are accessible and secure.  

At the end of the day, institutions must pivot their operations to ensure that applications can be seamlessly accessed. For no other reason than friction causes abandon – and when students are 100% virtual, abandon is far more likely. 

The quickest way to improve usability and security for PeopleSoft Campus Solutions is with a SAML Single Sign-On SSO. 

Contact us today to learn how you can make this happen in 2 weeks! 

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / When it Comes to ERP Data Security, Context (of Access) Matters – Appsian360 Can Help!

When it Comes to ERP Data Security, Context (of Access) Matters – Appsian360 Can Help!

By Michael Cunningham • July 28, 2020

Organizations using traditional, on-premise ERP applications like SAP ECC and Oracle PeopleSoft are facing a rapidly changing reality around the collection, storage, and usage of data. Aside from the growing number of compliance regulations they need to follow, such as GDRP, CCPA, and others, they face critical visibility gaps related (explicitly) to understanding ERP data access & usage.  Especially at a fine-grained level.

This lack of visibility is exacerbated by organizations enabling remote and mobile access to their users, exposing them to a myriad of data security and compliance threats like hacking (phishing), along with fraud and theft from internal users. All of which result in the loss of millions of dollars each year.  

Fortunately, ERP applications that were once considered a “black box” can now be enhanced with the most sophisticated logging and analytics technology available on the market. Introducing Appsian360, the first and only data access and usage analytics platform for SAP and PeopleSoft.  

Why Context of User Access and Data Usage Matters  

Far too often, user behavior is a mystery, resulting in security, fraud, theft, and business policy violations. Specifically, a lack of detailed insights regarding how, when, and by whom transactions and data fields are being accessed.   

As they exist today, legacy on-premise SAP and PeopleSoft systems simply do not provide organizations the granular visibility and context of user access and data usage they need in real-time to make proactive and strategic decisions.   

“For years, organizations have been operating with limited visibility, and current threats to ERP data have made this status quo completely intolerable,” said Piyush Pandey, CEO of Appsian. “Appsian360 is about knowing who is doing what – at a very granular level.”   

With Appsian360, security and compliance leaders can drill into specific data access and know exactly who is doing what, where, and why. With that level of in-depth, contextual information, any red flag incidents can undergo a rapid response plan.   

“The beauty of Appsian360 is it’s a comprehensive solution that provides actionable insights,” added Pandey. “We know that forensic investigations and time to mitigation costs organizations countless amounts of money – and we’re pleased that Appsian360 can alleviate much of this burden.”  

Appsian360 for SAP and PeopleSoft  

Appsian360 installs into your ERP web server and does not require any additional customizations. There are zero noticeable effects on application performance. Here’s a high-level look at what Appsian360 can do for you.  

Detect Security Threats in Real-Time: Appsian360 proactively alerts you to security threats like hacking, phishing, misuse of privileged accounts, and many more. You can quickly receive the information required to fully enable forensic investigations.  

Uncover Hidden Business Risks: Appsian360 helps you detect and respond to fraud, theft, and errors by employees and third parties (vendors, consultants, etc.). Companies can maintain a complete view of sensitive business transactions, and what (specific) users are doing.  

Monitor Employee Productivity: Appsian360 helps you maintain oversight as users process and execute business transactions. You can use these insights to ensure efficient staffing and identify potential bottlenecks in critical HR, payroll, and finance activities.  

Understand Data Access & Usage with More Clarity Than Ever Before  

Organizations can no longer rely on having a lot of data. They need to start triangulating and developing context around the data they’re getting and how it’s being used. Appsian360 provides real-time data access and usage visibility previously unavailable to SAP and Oracle ERP customers.  

To see how data security and compliance threats that were once considered “the price of doing business” are no match for the watchful eye of Appsian360, join us for a virtual demonstration on Thursday, August 13. You can register here: https://www.appsian.com/visibilty-using-appsian360/.  

Contact us today for a personalized demo and find out how Appsian360 can fill critical visibility gaps for your organization.   

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / The RECON Bug Highlights SAP Customers’ Need for Fine-Grained Control and Visibility (Not Just Security Patches)

The RECON Bug Highlights SAP Customers’ Need for Fine-Grained Control and Visibility (Not Just Security Patches)

By Rajesh Rengarethinam • July 21, 2020

A critical SAP vulnerability (CVE-2020-6287 or RECON) was recently discovered by Onapsis that gives attackers TOTAL control of vulnerable business applications. It allows hackers to gain unauthenticated access to SAP and then create new user accounts with admin (superuser) privileges. With these privileges, a malicious attacker can do limitless amounts of damage, including stealing data, changing bank account numbers, fully sabotaging systems, and more. 

RECON Shares Similarities to a Familiar Foe – 10KBLAZE 

The RECON vulnerability puts the confidentiality, integrity, and availability of SAP ERP data and processes at risk, which is very similar to the 10KBLAZE exploit from 2019. What do these two exploits have in common? Simple, they are leveraging a lack of visibility and control to be successful. There is a reason that these exploits focus on the creation of admin accounts – because once you’re an admin (legitimate or not), you have the keys to the castle. 

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators of SAP products to:  

  1. Analyze systems for malicious or excessive user authorizations. 
  2. Monitor systems for indicators of compromised accounts resulting from the exploitation of vulnerabilities. 
  3. Monitor systems for suspicious user behavior, including both privileged and non-privileged users. 
  4. Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks. 
  5. Define comprehensive security baselines for systems and continuously monitor for compliance violations and remediate detected deviations. 

The key recommendations align to the need for monitoring – monitoring systems, monitoring transactions, monitoring the creation of accounts, and (most importantly) monitoring data access and usage. This is where many SAP ERP customers will struggle as attaining fine-grained controls and visibility are complex, even prohibitive at times, with native functionality. This is precisely where Appsian can help. 

A Second Layer of Defense: Fine-Grained Control and Visibility 

RECON and 10KBLAZE highlight that a single, static layer of security within SAP is inadequate to combat modern-day threats. Appsian enables SAP ERP customers to layer their defenses using a comprehensive suite of fine-grained, risk-aware access controls, and continuous monitoring of data access and usage. 

Here are Appsian’s recommendations to minimize your attack surface and the risks posed by RECON – and future vulnerabilities like it (in addition to recommended security patches.) 

Attribute-Based Access Controls (ABAC) Are Essential in a Dynamic Environment  

RECON and 10KBLAZE take advantage of vulnerabilities in the open, internet-facing components of SAP (think remote access). The Appsian Security Platform (ASP) uses attribute-based access controls (ABAC) to implement data-centric, “risk-aware” controls. ABAC prevents specific transactions like user provisioning when access originates from untrusted IP addresses (or IP addresses outside your whitelist), certain geographic locations, outside work hours, mobile devices, and many other contextual attributes. Bottom line – Appsian can stop the creation of a user account (or changes in privileges) if access is coming from outside the corporate network. Fine-grained policies can be implemented to block high-risk activity, such as those matching the RECON attack patterns. 

Visibility into Data Access and Usage is Essential for Combatting Configuration Gaps 

Both RECON and 10KBLAZE center around the unauthorized creation of high privileged user accounts. Appsian360, the latest real-time analytics solution by Appsian, captures and visualizes data access and usage, which is essential for monitoring user provisioning activity like user creation/deletion and role/profile changes. Appsian360 can detect and alert organizations at the point of initial account creation, minimizing the damage by reducing how long a threat goes undetected.     

Appsian360 can also detect suspicious transaction activity if the compromised and illegitimate accounts are not addressed at the point of creation. Furthermore, this creates an audit trail that acts independently from existing SAP logs and can expedite breach forensics activities. 

Prepare Yourself for the Next Critical SAP Vulnerability – Layer Your Defenses (While and After you Patch Your Applications) 

RECON isn’t the first critical vulnerability to affect SAP, nor will it be the last. While there are security patches available to keep their ERP systems safe, these can take time (and resources) to implement, which results in significant downtime of production systems. Furthermore, the time to apply the patches depends on the complexity and the components involved. By all means, stay up to date on system updates, but bugs like RECON and 10KBLAZE serve as a reminder that patches aren’t enough to protect critical SAP data. 

Talk to the SAP Security Experts at Appsian today to discuss how your organization can address the risks posed by RECON and other vulnerabilities.

Related Articles.

Go beyond traditional SAP GRC capabilities with Appsian
How Appsian Enhances SAP GRC with Cross-Application SoD & Risk Management
What is SAP GRC? SAP Governance, Risk, and Compliance (SAP GRC) is a set of SAP solutions that enable organizations…...
December 31, 2021
Learn More
How To Handle Expiring SAP User Role Assignments
How To Handle Expiring SAP User Role Assignments
There are many reasons why SAP customers need to provide temporary access to their applications. These include short-term contractors or…...
December 16, 2021
Learn More
Appsian How-To: Enforce Transaction Level Policy Controls in SAP
The typical business application’s role-based access control (RBAC) security model provides poor dynamic transaction level policy control enforcement. In this…...
November 24, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / SAP RECON Vulnerability Puts Thousands of ERP Customers at Critical Risk

SAP RECON Vulnerability Puts Thousands of ERP Customers at Critical Risk

By Rajesh Rengarethinam • July 16, 2020

A critical SAP vulnerability (CVE-2020-6287 or RECON) was recently discovered by Onapsis that gives attackers TOTAL control of vulnerable business applications. The RECON vulnerability allows hackers to penetrate SAP systems and create new users with administrative privileges, allowing them to manage (read/modify/delete) every record/file/report in the system. 

The RECON bug is one of those rare vulnerabilities that received a maximum of 10 out of 10 rating on the CVSSv3 vulnerability severity scale, so it is crucial that organizations move quickly to apply patches. 

Remote and unauthenticated attackers can exploit the vulnerability to create a new SAP admin user, bypassing access and authorization controls and gaining full control of the SAP system. Exploitation will impact the confidentiality, integrity, and availability of SAP applications. With an admin-level user account at their disposal, an attacker can: 

  1. Steal personal identifiable information (PII) from employees, customers, and suppliers 
  2. Read, modify or delete financial records 
  3. Change banking details (account number, IBAN number, etc.) 
  4. Administer purchasing processes 
  5. Disrupt the operation of the system by corrupting data or shutting it down completely 
  6. Perform unrestricted actions through operating system command execution 
  7. Delete or modify traces, logs and other files 

The RECON Attack Path 

The RECON vulnerability is easy to exploit and resides in the LM Configuration Wizard component of the SAP NetWeaver Application Server (AS) JAVA. The LM Configuration Wizard of SAP NetWeaver AS JAVA does not perform an authentication check, allowing an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user. This compromises the Confidentiality, Integrity, and Availability of the system. 

The vulnerability not only compromises the security of the NetWeaver Java applications but can also be used to exfiltrate credentials to an ABAP system through the ABAP secure storage and potentially lead to the exposure of ERP data-sensitive PII and financial information. 

SAP Guidance: Apply the Patch or Enable a Workaround 

The critical nature of this vulnerability caused the Cybersecurity and Infrastructure Security Agency (CISA) to strongly recommend organizations immediately apply patches, as noted in SAP Security Note #2934135

If you cannot apply the patch, then at least disable the tc~lm~ctc~cul~startup_app application, as described in SAP Security Note 2939665. Note 2939665 is a workaround and a defense-in-depth, but not a solution. 

Further Risk Mitigation Measures 

Being up to date on the patches will help mitigate the vulnerability. Still, because of the number of security patches released in recent years, several customers are behind on these as the application of these patches requires downtime of the production systems. Moreover, the time to apply the patches depends on the complexity and the components involved. It can require a significant amount of time and effort, especially if the systems are a couple of patches behind.   

All this ends up increasing the risk and the timeframe for which the systems are exposed. Having application security in the form of multi-factor authentication or additional policy-based controls and logging will help mitigate the risks and control sensitive data exposure in mission-critical systems. 

Talk to the SAP Security Experts at Appsian today to discuss how your organization can address the risks posed by RECON and other vulnerabilities. 

Related Articles.

Go beyond traditional SAP GRC capabilities with Appsian
How Appsian Enhances SAP GRC with Cross-Application SoD & Risk Management
What is SAP GRC? SAP Governance, Risk, and Compliance (SAP GRC) is a set of SAP solutions that enable organizations…...
December 31, 2021
Learn More
How To Handle Expiring SAP User Role Assignments
How To Handle Expiring SAP User Role Assignments
There are many reasons why SAP customers need to provide temporary access to their applications. These include short-term contractors or…...
December 16, 2021
Learn More
Appsian How-To: Enforce Transaction Level Policy Controls in SAP
The typical business application’s role-based access control (RBAC) security model provides poor dynamic transaction level policy control enforcement. In this…...
November 24, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Appsian Releases Report Revealing Executive Perspective on SAP Business Risks and Controls

Appsian Releases Report Revealing Executive Perspective on SAP Business Risks and Controls

By Michael Cunningham • June 25, 2020

Every organization using SAP ERP applications faces the unique challenge of maintaining a strong security posture while enabling productive business processes. Throw in the uncertainty of today’s rapidly changing environment, and you can bet that IT professionals and business stakeholders are facing misalignment between IT controls and business rules and objectives. 

To discover how organizations are evolving their security and risk management practices, Appsian commissioned a survey of nearly 200 senior stakeholders using SAP applications through an independent market research firm. We compiled the results of our survey into the SAP Security Report: Executive Perspective on SAP Business Risk Management

We found that this rapid state of change in today’s environment has brought about a new normal for acceptable risk in SAP – but not by choice. While some organizations are adopting new processes and technology to address risk, legacy strategies are holding back many in their path towards efficiently managing ERP data risks. 

We also uncovered four key takeaways from the respondents: 

1. Business Process Risks Are Slipping Through the Cracks 

Executive confidence is wavering in an organization’s ability to detect business risks from fraud, theft, and human error. While concern is generally high, a lack of consistent visibility into these business processes highlights a gap that many have yet to address. 

2. IT Leaders Are Concerned About Excessive User Privileges 

Excessive user privileges continue to be a top concern of leadership – and for good reason. Users have the keys to your kingdom, and with this, pose a heightened risk if their accounts are compromised or if they engage in malicious activity. 

3. Misalignment is Hurting Confidence in SAP Security 

Tight alignment between SAP security controls and business goals and objectives is paramount to secure, compliant, and efficient business processes. However, many respondents signal that the two are not aligned effectively. 

4. Limited Visibility & Complex Controls Are Hindering Progres

Organizations are facing the limitations of their existing technology and processes. Solving this will require a new approach to overcome complexities in controls and limited visibility into their business-critical applications. 

Want to gain a better understanding of how organizations are evolving their ERP security and risk management practices? Curious about the kinds of risks organizations are most concerned about, and how they view and prioritize user and system visibility, access control, oversight, and accountability? 

Download your free copy of the SAP Security Report today and take a deeper dive into these findings.  

Related Articles.

[Podcast] Automated Controls for Compliance – How and Why
Appsian’s Vice President of Product Strategy & Customer Experience, David Vincent, appears in the latest episode of Brilliance Security Magazine…...
March 2, 2022
Learn More
Go beyond traditional SAP GRC capabilities with Appsian
How Appsian Enhances SAP GRC with Cross-Application SoD & Risk Management
What is SAP GRC? SAP Governance, Risk, and Compliance (SAP GRC) is a set of SAP solutions that enable organizations…...
December 31, 2021
Learn More
How To Handle Expiring SAP User Role Assignments
How To Handle Expiring SAP User Role Assignments
There are many reasons why SAP customers need to provide temporary access to their applications. These include short-term contractors or…...
December 16, 2021
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / CCPA Enforcement Is on Track to Start July 1, 2020. Are Your Data Privacy Strategies Ready?

CCPA Enforcement Is on Track to Start July 1, 2020. Are Your Data Privacy Strategies Ready?

By Michael Cunningham • June 24, 2020

Time is almost up for companies scrambling to get their data privacy strategies in compliance with the California Consumer Protection Act (CCPA). Beginning as early as July 1, 2020, the California Attorney General’s office can start enforcing the CCPA and handing out penalties of up to $2,500 per violation or up to $7,500 per intentional violation.  

So, when exactly, will the CCPA become law? On June 1, 2020, the California AG took the final step before the regulations become enforceable by submitting the final text of the CCPA Regulations to the California Office of Administrative Law (the “OAL”). The OAL has 30 working days–plus an additional 60 calendar days related to the COVID-19 pandemic–to review the submission and approve it to become an enforceable law. Doing the math, the California AG can begin enforcing violations as early as July 1 or as late as September 1, 2020

Strategies for Improving ERP CCPA Compliance  

Companies using PeopleSoft, SAP ECC, S/4HANA and Oracle EBS are likely facing additional compliance challenges due to inherent limitations built into these legacy ERP systems. Let’s look at a couple of tactics for enhancing your ERP systems to improve compliance with CCPA and establishing the capabilities to prepare for the uncertainty around data privacy. 

1: Enhance Visibility into User Activity 

The CCPA requires organizations to implement appropriate security measures around personal data and satisfy data subject access requests (DSARs). That means businesses must know what personal data they store and the user activity going on around it. However, traditional ERP systems do not provide the required level of granularity. 

To achieve detailed visibility around data usage, organizations need to expand their native logging capabilities by adopting a strategy that focuses on data access and usage. Meaning, organizations must capture contextual details like date of access, UserID, IP address, device, location of access, actions performed, etc. 

This is information that is critical for compliance reporting and understanding how data is being used within your organization. 

2: High Privilege Access Should be the Highest Priority for Strengthening DLP 

When it comes to ERP systems, the static rules that govern access can be limiting because roles and privileges are user-centric, not data-centric. User-centric roles say a person (or group in most cases) can view something under any circumstances, while data-centric means the nature of the data defines the access. This gets organizations in trouble time and time again from a DLP perspective because high privilege users always have the ability to see more data than they actually need (to do their job.) This makes non-compliance with CCPA almost inevitable. Overexposure of data is your biggest enemy and governing access by static rules (aka ‘all or nothing access rules’) creates an enormous liability.

Implementing data-centric policies (typically through attribute-based access controls) ensures that a user can only access data deemed necessary and job-related. This is because the data itself is governing access – not a user role. For example, access to certain high-risk transactions can be restricted based on a user’s location – or access can be granted, but with masked data fields. With every variation of context, attribute-based access controls can pivot and adjust accordingly. By reducing the threat surface, companies can reduce the risk of data leakage and mitigate compromised access damages.  

3: Use Real-Time Analytics and Data Visualization (SEIM) to Expedite Incident Response Time 

 Integrated and real-time analytics displayed on dashboards were always a “nice-to-have” feature for security teams; however, keeping CCPA deadlines of breach identification and reporting in mind, data visualization has become a must-have feature. These advanced dashboards equip security professionals with real-time snapshots of data usage. The drill-down capabilities allow for enhanced data discovery and exploration to expedite breach detection and response, helping organizations stay compliant with CCPA and other existing and upcoming regulations.   

Ready or Not, CCPA Enforcement Has Arrived  

If you’ve not wrapping up your CCPA compliance efforts by now, there’s no better time than the present to start (or continue down that road). Appsian can help you fast track your compliance efforts by enhancing your visibly and applying a data-centric ERP compliance framework. 

The last thing any company wants is to discover that they’re out of CCPA compliance only when there’s a breach of the regulation. 

Contact us to learn how Appsian can help you address your end-to-end security and compliance needs.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. ...
  5. 7
  6. 8
  7. 9
  8. 10
  9. 11
  10. 12
  11. 13
  12. ...
  13. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands