Governance, Risk and Compliance - · PDF fileor AP® HANA SAST GRC Suite –...
Transcript of Governance, Risk and Compliance - · PDF fileor AP® HANA SAST GRC Suite –...
Ready for
SAP® HANA
SAST GRC Suite –Governance, Risk and Compliance
Security is simplyA GOOD FEELING
The integrated soluti on for SAP® Security and Compliance Management:n Identi fi es risksn Eliminates security vulnerabiliti esn Sati sfi es statutory requirements
Secu
rity
Gap
2010 2011 2012 2013 2014 2015
Existi ng vulnerabiliti es must be closed.All preventi ve security measures demand a constant monitoring.
SAP® Technology complexity
Hacking skills and tools
SAP® Guideline Security Level
Security of SAP® Systems
Increasing complexity amplifi es your risk
The increasing complexity of SAP® system landscapes and
faulty confi gurati ons can lead frequently to serious security
vulnerabiliti es. Installing new soft ware components also
poses the risk of overlooking security vulnerabiliti es.
With standard administrati ve features the risks for a
company are barely manageable. However, not only your
IT systems and your company’s economic existence are
at risk: Managing directors, boards of management and
executi ves can be held responsible for damage arising from
inadequate security control.
SAP® ERPSAP® BISAP® CRMSAP® SCM ... Netweaver
Five rules for security and compliance
1. Identi fy risks2. Defi ne validati on rules3. Conduct analyses4. Eliminate weaknesses5. Defi ne additi onal audits
Comprehensive SAP® Compliance Management
Database
Applicati on
Operati ng system
Users
n Oraclen MS SQL Servern IBM DB2n MaxDBn SAPDB
over 40 risks
n Criti cal system setti ngsn System parametersn Confi gurable controlsn Module specifi c controlsn ABAP workbench & TMS
over 3.000 risks
n Unix systemsn Windows systems over 50 risks
n Criti cal authorizati onsn Comprehensive SoD matricesn Quality of the user master recordsn Standard profi les (SAP_ALL)n Inacti ve users
over 450 risks
Aimed trouble shooti ng provides security
akquinet has specifi cally developed SAST (System Audit and
Security Toolkit) GRC Suite for SAP® for you to counteract
such risks.
n All criti cal system acti viti es are monitored and assessed
on a cross-client basis in real ti me.
n Checks are carried out across the whole system.
n SAP® authorizati ons and setti ngs for the operati ng
system, database and system parameters are checked
and monitored.
akquinet threat
intelligence
SoD AnalysesVulnerability
and compliance scanSystem
confi gurati on
Real Time threat detecti on
SIEM Integrati on
User and role management
Emergency user logging
Reporti ng and analyti cs
SecurityRadar
SAST Management Cockpit
IBM QRadar
Extracti on of all
SAP® relevant log data
SAST GRC Suite
SAST GRC Suite
SAST Audit
AdminTrack
Super User Access
Management
SAST Audit
SystemTrack
Baseline System Security Analyses
SASTAudit
UserTrack
Authorizati on and SoD Analyses
SAST RiskTrack
Periodic Access Review and
Risk Monitoring
SAST Role
Opti mizer
SAP® Role Management
SAST Download Observer
Data Leakage Preventi on
(DLP)
SASTUser Access
Management
Compliant User
Provisioning
SAST AT HCM
DisplayTrack
IntranetPassword
Reset
Overview of the SAST modules
AdminTrack: Secure emergency user procedure
Monitor privileged users, such as emergency users, and their
accesses in your SAP® system without gaps. All transacti ons,
system changes and criti cal acti viti es are re corded in a tamper-
proof audit record.
SAST AT HCM DisplayTrack: The logging of read access to SAP® HCM data
With the SAST AdminTrack plus module, akquinet is the fi rst
SAP®-certi fi ed consulti ng partner to off er a reliable soluti on
that logs read access by privileged users to SAP® HCM data
and provides detailed informati on on this.
SystemTrack: Completely protected SAP® systems
Analyze and opti mize the security of your SAP® system auto-
mati cally and in real ti me. The module examines all levels of
your SAP® system including operati ng system and database
parameters as well as criti cal OSS Notes using more than 3,000
checks. This allows you to detect security vulnerabiliti es at an
early stage. Even the code of self-developed ABAP programs
is examined by the SAST SystemTrack to identi fy potenti al
vulnerabiliti es in the source code.
UserTrack: Authorizati on analysis in real ti me
Check authorizati ons across clients and systems. Auditors
will receive qualifi ed assessments from ‘one’ workstati on
and can therefore monitor and evaluate criti cal SAP® au-
thorizati ons, combinati ons, processes and SoD frameworks
using pre-confi gured and freely confi gurable SoD matrices.
SAST will detect criti cal authorizati ons in real ti me as soon
as a role is defi ned.
Extracti on of all SAP®
relevant log data
SAST Interface Analyzer
(Add on)
SASTManagement
CockpitSecurityRadar
+
RiskTrack: Monitoring of risks and miti gati ng controls
Manage identi fi ed risks centrally and assign them to the
responsible user departments. With a simple mouse-click
identi fi ed risks relati ng to authorizati on and SoD evaluati on
and technical system inspecti on can be transferred directly
from the analyses to the risk memory for further processing.
Role Opti mizer: Automati c generati on of SAP® roles
Analyze and manage existi ng roles with regard to T-code use
and perform mass role creati on and change. As part of this
module, we provide you with over 700 confl ict-free sample
roles for SAP® ERP.
Download Observer: Protecti on against theft of data from SAP® systems
All downloads from SAP® are monitored and logged
transparently in a way that ensures that the informati on can
be used as evidence. This provides you with an eff ecti ve tool
for protecti ng your company against industrial espionage and
any violati on of data protecti on regulati ons.
SAST Security Radar: 360° real-ti me monitoring of your SAP® systems (SIEM)
With this extensive Security Informati on and Event Manage-
ment (SIEM) soluti on, you get an overview of the security
status of all your SAP® systems at the touch of a butt on.
User Access Management: Audit-proof management of users, roles and rights
Map customized workfl ows for the requesti ng and approv-
ing of users and authorizati ons in your SAP® system. As an
additi onal functi on, we off er coupling with an intranet pass-
word reset and you can integrate an IDM system.
Intranet Password Reset: Self-service for simple password resets
Simplify the implementati on of strict password guide-
lines and eliminate the costs for help desk calls. The in-
tranet-based self-service directly enables the user to reset
personal passwords, eliminati ng long, ti me-intensive re-
quest processes involving the help desk.
Management Cockpit: The integrated soluti on for risk analysis and control
Display and analyze IT auditor results clearly and depict
developments over ti me. You will be able to identi fy the risk
situati on in your SAP® system landscape at a glance.
SAST Interface Analyzer: Analysis and safeguarding of SAP® system interfaces
Check inbound and outbound connecti ons and relati onships
and get a graphical, cross-system overview of interfaces.
Benefits of the SAST GRC Suite:
n SAST is fully integrated into SAP®:
n Speedy installation, you are operational
within hours
n Intuitive operation thanks to the GUI
customized for SAP®
n Protection of company data, these remain
in your SAP® system
n 360° real-time monitoring of your SAP® systems
n SAST GRC Suite is SAP® certified
n SAST check functions and rules have been
certified by an economy auditing association
n Checks of the technical system security
of ABAP and JAVA environments
n SAP® download content is completely
logged
n Available in 8 languages
What benefi ts does the SAST GRC Suite provide?
Due to the complete integrati on of SAST GRC Suite into SAP® you
n have an overview of the security status of your SAP® systems
at the touch of a butt on.
n only require a few days for installing our soft ware and training
your staff .
n save yourself the costs of the additi onal installati on of other
systems and computers and their operati on that other
products require.
n can verifi able reduce your authorizati on management eff orts
by using our pre-confi gured validati on rule sets and role
templates.
Database
Operati ng systemNetwork
SAP® Basis systemSAP® Authorizati ons
SAP® Confi gurable controls
Management Reporti ng and Transacti ons
Database/Infrastructure layer
Applicati on layer
Presentati on layer
Business process controls
General IT controls
akquinet AG
Paul-Stritter-Weg 5
22297 Hamburg
Tel: +49 (0)40 881 73-0
Fax: +49 (0)40 881 73-111
www.akquinet.de
For further information visit:
www.akquinet.de/sast
1504
. IW
S
Let‘s take the next step together
SAST protects valuable SAP® corporate data in significantly more
than 2,000 installations globally. Trust in the SAST security solutions
and akquinet’s consulting expertise – ask for our references!