[August 24, 2016] |
|
Onapsis Releases SAP Security In-Depth Publication for SAP HANA
Onapsis,
the global experts in business-critical application security, today
released SAP (News - Alert) HANA System Security Review Part 2. This publication
analyzes SAP HANA Internal Communication Channels, details associated
risk, and identifies how to properly audit an SAP HANA system. As the 13th
edition in the SAP Security In-Depth series, SAP HANA System Security
Review Part 2 describes how to update the SAP HANA platform, noting
new improvements in each Support Package.
SAP HANA is regarded by SAP as the absolute in-memory database for its
products and, more recently, as a standalone platform. The vast majority
of companies who have already adopted SAP HANA are leveraging its
capabilities to support business-critical applications. Due to its
nature, SAP HANA stores an organization's most important assets,
including customer data, product pricing, financial statements, employee
information, supply chains, business intelligence, budgeting, planning
and forecasting.
"Improperly configuring SAP HANA has a huge impact on security, as there
are many aspects of this product that by default, in certain versions,
do not have the most effective security measures in place. For example,
Internal Communication Interfaces were not designed to be used by the
end user and, therefore, do not include security measures such as
encryption or authentication in versions prior to SPS10. If left
unsecured, an attacker could access any communication ports to perform
espionage, sabotage, and fraud attacks," said Nahuel D. Sánchez, Author
and SAP Security Researcher, Onapsis.
Within SAP HANA are Internal Communication Channels that allow
communication between different processes that comprise the SAP HANA
platform as well as between hosts and systems. The specific purpose of
each internal communication channel depends on the quantity of host
deployments, as well as system replication scenarios.
Onapsis SAP Security In-Depth (SSID) publications detail innovative
security aspects of business-critical applications as identified by the
Onapsis Research Labs. Each release analyzes the unique risks introduced
to these applications and the different mitigation strategies that allow
organizations to protect their SAP implementations. Following SAP
HANA System Security Review Part 1, which focuses on understanding
the HANA layout, this new edition takes a deep-dive into
technical concepts to fully explain how to properly confgure critical
aspects of SAP HANA.
SAP HANA System Security Review Part 2 is available for
download at: https://www.onapsis.com/research/publications/volume-xii-sap-hana-system-security-review-part-2.
About Onapsis Research Labs™
SAP and Oracle (News - Alert) Security Threat Intelligence is produced by Onapsis
Research Labs, a team of leading security experts who combine in-depth
knowledge and experience to deliver technical analysis with business
context, and provide sound security judgment to the market. The team
works closely with SAP and Oracle product security teams to responsibly
deliver the information to customers and has released over 150
advisories to date, with over 35 affecting SAP HANA; has consulted on
impact with over 180 Onapsis enterprise customers; and regularly
presents at leading security and SAP conferences around the world.
Onapsis was the first to deliver "SAP Security In-Depth" publications
that provide detailed analysis on security risks impacting SAP and SAP
HANA.
About Onapsis
Onapsis provides the most comprehensive solutions for securing SAP and
Oracle enterprise applications. As the leading experts in SAP and Oracle
cyber-security, Onapsis' patented solutions enable security and audit
teams to have visibility, confidence and control of advanced threats,
cyber-risks and compliance gaps affecting their enterprise applications.
Headquartered in Boston, MA, Onapsis serves over 200 customers,
including many of the Global 2000. Onapsis' solutions are also the
de-facto standard for leading consulting and audit firms such as
Accenture, Deloitte, E&Y, IBM (News - Alert), KPMG and PwC. Onapsis solutions include
the Onapsis Security Platform, which is the most widely-used
SAP-certified cyber-security solution in the market. Unlike generic
security products, Onapsis' context-aware solutions deliver both
preventative vulnerability and compliance controls, as well as real-time
detection and incident response capabilities to reduce risks affecting
critical business processes and data. Through open interfaces, the
platform can be integrated with leading SIEM, GRC and network security
products, seamlessly incorporating enterprise applications into existing
vulnerability, risk and incident response management programs. These
solutions are powered by the Onapsis Research Labs, which continuously
provide leading intelligence on security threats affecting SAP and
Oracle enterprise applications. Experts of the Onapsis Research Labs
were the first to lecture on SAP cyber-attacks and have uncovered and
helped fix hundreds of security vulnerabilities to-date affecting SAP
Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well
as Oracle JD Edwards and Oracle E-Business Suite platforms.
Onapsis has been issued U.S. Patent No. 9,009,837 entitled "Automated
Security Assessment of Business-Critical Systems and Applications,"
which describes certain algorithms and capabilities behind the
technology powering the Onapsis Security Platform™ and Onapsis X1™
software platforms. This patented technology is recognized industry wide
and has gained Onapsis the recognition as a 2015 SINET 16 Innovator.
For more information, please visit www.onapsis.com,
or connect with us on Twitter,
Google+,
or LinkedIn.
Onapsis and Onapsis Research Labs are registered trademarks of Onapsis,
Inc. All other company or product names may be the registered trademarks
of their respective owners.
View source version on businesswire.com: http://www.businesswire.com/news/home/20160824005235/en/
[ Back To Mobile World Congress's Homepage ]
|