ERPScan (system)

The Digital Security company announced in May, 2011 release of the new product Erpskan the scanner of security of SAP - the innovation product for a comprehensive protection of the SAP platform. A system allows to scan servers of SAP on existence of program vulnerabilities, errors of a configuration, critical powers, to carry out the assessment on compliance to relevant standards and recommendations, including the recommendations of SAP, and to analyze risks.

The Erpskan scanner which is quickly deployed and integrated into any network allows to check basic security settings of SAP in 5 minutes. Using unique technologies, he demands the minimum privileges in a system on reading separate tables that excludes even a theoretical possibility of harming the scanned system.

At the same time this powerful solution of the corporate level with a set of thin settings and support of multi-user work. In it it is possible to create individual profiles of scannings for the different systems, to group systems in any categories and to appoint the schedule of scannings that will allow to manage security of SAP systems on a centralized basis.

The convenient client-server architecture with the thin client on the Adobe Flex platform allowing to manage the scanner without installation of the additional software by means of any browser with Flash support, and the multiplatform server engine developed on JAVA will allow to install a system on any OS.

Erpskan the scanner of security of SAP has such main advantages for business as:

• Reduction of auditing costs at the expense of the module Compliance implementing the checks executed by the companies of Big Four.
• Reduction of training costs of employees at the expense of the integrated knowledge base.
• Protection against the remote hacker attacks due to scanning to the known vulnerabilities and vulnerabilities of zero day.
• Protection against the insider attacks at the expense of the analysis of critical powers.

2016: Integration of Erpskan and Splunk

On February 5, 2016 the Digital Security company announced integration of a monitoring system of security of Erpskan Security Monitoring Suite and the Splunk platform.

Splunk is the platform for control, the analysis and visualization in real time of the Big Data generated by the computer arriving from websites, applications, servers, networks, sensors and mobile devices.

Erpskan Security Monitoring Suite for SAP collects information on vulnerabilities, configuration errors, problems of the source code and the conflicts of distribution of powers. Within integration of a problem, detected by the scanner, can be controlled using Splunk Enterprise that provides more complete analysis of security of all infrastructure.

In spite of the fact that in Russia Splunk does not enjoy wide popularity yet, there are all bases to believe that it has big perspectives. Advantages of this solution for certain will shortly estimate the companies which need to process and conveniently to provide huge separate data from hundreds of thousands of devices. Many large banks and the telecom companies already use this platform not only for problems of cybersecurity, but also in general for IT, business. Our purpose - to provide them information on SAP security and risks, critical for business, in a type, convenient for decision making. Ilya Medvedovsky, CEO of Digital Security

The integrated solution of Erpskan Security Monitoring Suite and Splunk Enterprise provides data on risk management and detection of incidents. It helps specialists of cybersecurity - to reveal threats, to investigate them and to react quickly and effectively.

Properties of the solution

• Wide level of scalability. Security management of business applications from one point in which the complete information about security of ERP systems accumulates and analyzed.
• Saving of time on daily transactions. Risk management at the enterprise level due to consolidation of information from 7000+ of checks of a configuration and 3000+ of checks of vulnerabilities from each system of SAP in one point and also enhanced capabilities of the reporting from Splunk.
• Detailed technical data. Data on vulnerabilities in modules ERP SRM CRM, HRM and industry solutions from SAP, collected using Erpskan, together with information on security of all landscape provided by the solution Splunk.

Heads from the sphere of information security want to manage easily the systems by means of 2-3 key platforms (for example SIEM, GRC and ITSM). Our purpose - to help them to solve this problem. This partnership continues our global strategy consisting in integration as with key players in the market of security systems, and with perspective startups in this area for the purpose of creation of a security system SAP. Alexander Polyakov, technical director of Digital Security

2015: ERPскан SAP Security Intelligence

On October 8, 2015 the Digital Security company provided the product Erpskan SAP Security Intelligence - the software solution for detection and reaction to "zero day attacks" (zero-day attack), abnormal activity of users and other critical events in the SAP systems of large corporations.

10 main types of vulnerabilities for the SAP (2014) systems

Using Erpskan SAP Security Intelligence it is possible to monitor all lot of the attacks grouped in time, a source and other signs. The functionality of a product helps to define events of search of passwords, not authorized start of RFC services, attacks on web resources (XSS, SQL Injection, Buffer overflow and others), an authentication bypass, to define - who and when, made what transactions, started RFC programs, web services. Detect from what IP addresses the input is made (insiders, violation the politician).

The solution expands functionality of the operating SIEM systems. The product is intended detection in a short time, the analysis and elimination of security concerns, following the concept of "Real Time Security Intelligence" stated to Gartner.

Developers consider Erpskan SAP Security Intelligence some kind of addition of the previous product of the company - Erpskan Security Monitoring Suite for SAP focused on search, the analysis and closing of vulnerabilities in all areas of security of ERP systems: from vulnerabilities and the source code prior to the conflicts of powers.

2012: Erpskan Security Scanner for SAP 2.0

The Digital Security company, the partner of SAP AG in detection and closing of vulnerabilities, announced in April, 2012 release of Erpskan Security Scanner for SAP 2.0 — the complete solution for permanent monitoring of all areas of security of SAP, from search of vulnerabilities and errors of a configuration before verification of the ABAP code and the analysis of critical powers.

One of the most important Erpskan of features of the new version — the new module for static analysis of code safety of ABAP. Now Erpskan provides both assessment of security of the platform, and the analysis of the code. Besides, the number of the anonymous checks available in the mode of testing for penetration is considerably increased that facilitates for the companies a problem of search of problems without input of authentication data, says Digital Security.

"Today almost all transactions, critical for business, such as purchases, management of warehouse resources, personnel management, financial statements and many other things and also all data connected with these transactions are stored in a SAP system. Therefore a main goal of the malefactor, whether it be the hacker or the insider, becomes illegal access to SAP for implementation of these or those fraudulent manipulations with resources of the company — Alexander Polyakov, the technical director of Digital Security noted. — In spite of the fact that the popularity of a subject of security of SAP grows in community of specialists in cybersecurity, the companies are still vulnerable to the external and internal attacks. At the moment the SAP company produces more than 2 thousand notifications on security, each of which corrects one or more vulnerabilities. And it is a lot of, especially considering that only one vulnerability can be enough to get access to all information, critical for business. The example was shown at the Black Hat conference last summer. Besides, almost in each company own programs in the ABAP language are developed, and they may contain vulnerabilities and program tabs left by developers too".

As believe in Digital Security, Erpskan can be useful to the most different clients if they want to reduce the costs and to get various advantages. In particular, specialists in cybersecurity can adjust effective monitoring of security of the systems of SAP and further prevent the insider and hacker attacks. In turn, the staff of SAP can configure privileges, critical for business, and control development taking into account use of preventive measures.

"Still it was necessary to apply several different solutions to protection of SAP against threats, now all of them are integrated" — Medvedovsky Ilya, the director of Digital Security added.