SAP and OT Security: Hacker Defense Tricks
Tip 1: Taking a holistic view of SAP and OT security. To effectively secure their own business, companies must understand SAP and OT security as a business process that involves all relevant departments. This is the only way to develop strategies and derive suitable practical measures from them - such as the use of the appropriate security technology. If cybersecurity is understood as a critical business process, its course must be carefully modeled, controlled with metrics, monitored with tools, and continuously optimized.
Tip 2: Involve management, IT and production. Understanding OT and SAP security in a process-oriented way means that all relevant teams enter into a dialog. This applies above all to management, IT and production, including the blue collar workers. After all, they know exactly how a possible shutdown of machine A will affect production line B. Management, on the other hand, sometimes lacks a precise idea of how important SAP and OT security are for smooth business operations. The IT department can help to convey this understanding and promote dialog.
Tip 3: Monitoring systems across the board with new methods. SAP and OT security also require powerful security solutions and modern, cross-system detection instead of the previous network analysis. Two new methods have been established for processing sensory data from different sources. An Endpoint Detection and Response (EDR) tool can be used to record events, such as the opening of a file or an established network connection, on end devices such as PCs, notebooks, tablets and smartphones. Extended Detection and Response (XDR) also allows data to be automatically captured and linked across multiple attack vectors - whether emails, identities, servers, cloud workloads or networks.
Tip 4: Deploy reliable platform solutions. The solutions of the established hyperscalers have proven themselves as platforms. Microsoft, in particular, offers a comprehensive security product range with a large number of prefabricated components that can be easily put into operation and configured for individual company purposes as needed: from protecting users and securing various operating scenarios to special use cases such as OT and SAP security. What's more, such platforms are more efficient to integrate than standalone solutions.
Tip 5: Automated, intelligent defense. Managed detection and response services from a specialized Cyber Security Defense Center (CSDC) are recommended, at the heart of which is Microsoft Threat Monitoring for SAP. Data from complex SAP landscapes can be consolidated via a sensor so that it is available for further processing in the cloud-native SIEM system Microsoft Sentinel. When connected to various SAP log sources, the sensor captures all data flowing into Sentinel via an API. If the tool detects a threat, it generates corresponding alerts. Standardized rules form the basis for (partially) automated SOAR (Security Orchestration, Automation and Response) processes: When an alert is received, the recorded event data is analyzed and predefined measures are started.
Conclusion
In order not to give hackers a chance, companies must be better armed. This can only succeed if they internalize the practical relevance of their IT and OT, derive concrete protection goals from this and take measures such as implementing a modern, high-performance security solution. More information on this topic can be found in the white paper "Cyber Security - Shaping the digital transformation securely".