Security

New SAP Tokenization Standards Lifting Credit Card Security in 2018

The most recent PCI standards have introduced new complications for organizations handling digital payment systems. PCI Requirement 3 prohibits storing unsecured credit card information. Penalties for failing to do so can expose them to fines of $500,000 or more. Meeting PCI Requirement 3 standards isn’t just important to avoid regulatory sanctions. Organizations that satisfy Requirement 3 are significantly less likely to experience security breaches. One survey found that only 32.7 …

Read More »

What remains unsolvable in security (Part 2 of 2)

As we round up the year, I am summarizing my thoughts and observations in 2017 as a personal reflection. In the second part of the series, I will share two more observations of what I consider as unsolvable aspects in security. Observation #3: Better communication is a starter, but does not guarantee results In many security literature today, there is a constant call for better coordination and collaboration to improve …

Read More »

Troubleshooting Authentication Problems on SAP platforms – New Guided Answer

Guided Answers is an application that helps you troubleshoot and find solutions to known problems. More information about Guided Answers can be found here. Across the SAP product portfolio seamless authentication and access for an end user is a must. For SAP administrators and consultants, this can mean integrations with different and unfamiliar products/systems and technologies. SAP Product Support have published a Guided Answer to help you with resolving common …

Read More »

Severe Computer Infection Returns

My recent ransomware case that ended up badly. A friend of mine has recently contacted me asking to help with a crypto-virus. His company has been hit by a ransomware. Virus managed to infect two networks, running files (VHDs) mostly. So, all files got encrypted and became unusable. The infection came via an email. It was a fake invoice with malicious MS Word file attached. Once my friend downloaded the …

Read More »

SAP Security Patch Day – January 2018

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his SAP landscape. On 9th of January 2018, SAP Security Patch Day saw the release of 3 Security Notes. Additionally, there …

Read More »

SAP Security Patch Day – December 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his SAP landscape. On 12th of December 2017, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 4 …

Read More »

SAP Cyber Threat Intelligence report – January 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways The first set of SAP Security Notes in 2018 consists of 10 patches with the majority of them rated medium. Missing authorization check is the most common …

Read More »

Read Access Logging (RAL) Configuration

Dear all, In the context of General Data Protection Regulation (GDPR) in the EU (European Union) region, we explored tools to monitor and log the read access to sensitive data We have used simple use case recording / logging the access to USR02 table via SE16 transaction code. What is Read Access Logging (RAL)? Read Access Logging (RAL) is used to monitor and log read access to sensitive data. This …

Read More »

Join us at the SAP Insider Conferences 2018!

Join our security experts at the SAP Insider events coming up in 2018! Conference season kicks off with GRC 2018, taking place February 12-15 at the Wynn Hotel in Las Vegas. GRC 2018 is co-located with Financials 2018. Next is Basis & SAP Administration 2018 at the Bellagio Hotel in Las Vegas, February 26 – March 1. The event is co-located with BI & HANA 2018. The SAP Insider events …

Read More »

SAP Security Patch Day – December 2017

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his SAP landscape. On 12th of December 2017, SAP Security Patch Day saw the release of 11 Security Notes. Additionally, there were 4 …

Read More »