The global and independent platform for the SAP community.

SAP and OT Security: Hacker Defense Tricks

Cyberattacks on SAP systems and operational technology (OT) can have devastating consequences for companies: from delays in operations to the shutdown of all processes. The following tricks help to ward off hackers.
Andreas Nolte, Arvato Systems GmbH
August 2, 2023
it security header
avatar
This text has been automatically translated from German to English.

Tip 1: Taking a holistic view of SAP and OT security. To effectively secure their own business, companies must understand SAP and OT security as a business process that involves all relevant departments. This is the only way to develop strategies and derive suitable practical measures from them - such as the use of the appropriate security technology. If cybersecurity is understood as a critical business process, its course must be carefully modeled, controlled with metrics, monitored with tools, and continuously optimized. 

Tip 2: Involve management, IT and production. Understanding OT and SAP security in a process-oriented way means that all relevant teams enter into a dialog. This applies above all to management, IT and production, including the blue collar workers. After all, they know exactly how a possible shutdown of machine A will affect production line B. Management, on the other hand, sometimes lacks a precise idea of how important SAP and OT security are for smooth business operations. The IT department can help to convey this understanding and promote dialog.

Tip 3: Monitoring systems across the board with new methods. SAP and OT security also require powerful security solutions and modern, cross-system detection instead of the previous network analysis. Two new methods have been established for processing sensory data from different sources. An Endpoint Detection and Response (EDR) tool can be used to record events, such as the opening of a file or an established network connection, on end devices such as PCs, notebooks, tablets and smartphones. Extended Detection and Response (XDR) also allows data to be automatically captured and linked across multiple attack vectors - whether emails, identities, servers, cloud workloads or networks.

Tip 4: Deploy reliable platform solutions. The solutions of the established hyperscalers have proven themselves as platforms. Microsoft, in particular, offers a comprehensive security product range with a large number of prefabricated components that can be easily put into operation and configured for individual company purposes as needed: from protecting users and securing various operating scenarios to special use cases such as OT and SAP security. What's more, such platforms are more efficient to integrate than standalone solutions.

Tip 5: Automated, intelligent defense. Managed detection and response services from a specialized Cyber Security Defense Center (CSDC) are recommended, at the heart of which is Microsoft Threat Monitoring for SAP. Data from complex SAP landscapes can be consolidated via a sensor so that it is available for further processing in the cloud-native SIEM system Microsoft Sentinel. When connected to various SAP log sources, the sensor captures all data flowing into Sentinel via an API. If the tool detects a threat, it generates corresponding alerts. Standardized rules form the basis for (partially) automated SOAR (Security Orchestration, Automation and Response) processes: When an alert is received, the recorded event data is analyzed and predefined measures are started.

Conclusion

In order not to give hackers a chance, companies must be better armed. This can only succeed if they internalize the practical relevance of their IT and OT, derive concrete protection goals from this and take measures such as implementing a modern, high-performance security solution. More information on this topic can be found in the white paper "Cyber Security - Shaping the digital transformation securely".

https://e3magpmp.greatsolution.dev/partners/arvato-systems-gmbh/

avatar
Andreas Nolte, Arvato Systems GmbH

Andreas Nolte is Head of Cyber Security at Arvato Systems GmbH


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.