Service description

Installation of the smarterSec Security Platform

Whether you want us to operate the smarterSec Security Platform in the cloud (hosted by smarterSec on German servers) or on-premise in your IT environment, we realize the full installation and initial setup to become operational.

Connection of the SAP sytems

After the initial installation, we ensure a smooth connection of the licensed SAP systems in scope and provide the neccessary SAP role(s) with pre-defined authorizations to enable scanning.

Please refer to smarterSec Security Platform to get an overview of all SAP infrastructure components that can be analyzed and monitored.

Configuration of the platform

Another important aspect of our Managed Security Service is the configuration of regular scan cycles. The scan cycles are customized according to your compliance requirements or executed according to predefined standards, which include specifications of various acknowledged industry standards. We can customize the scan cycles for each individual scan and run them at any defined frequency.

Initial security, compliance and GDPR analysis

To ensure that the Managed Security Service is perfectly tailored to your needs, we perform a complete initial analysis for all SAP systems in scope. The analysis includes the identification of security & compliance vulnerabilities as well as potential risks through non-compliance GDPR data.

Presentation of the most critical results

The most critical results of the initial analysis will be presented in a 2-hour meeting, explaining the risks behind the identified vulnerabilities. In certain cases we build exploits to highlight the criticality of dedicated vulnerabilities in your SAP systems.

Recommendations for action to mitigate vulnerabilities

For every identified security vulnerability and compliance risk, we give recommendation with guidelines on how to remediate the vulnerabilities and risks inside your SAP systems. We also give mitigation advices to tackle “low-hanging fruits” – vulnerabilities and risks that do not require a lot of time to mitigate but have a high impact on the system security and compliance.

Continuous security, compliance and GDPR analysis

In the daily security operation, we continuously monitor all connected SAP systems within your landscape for vulnerabilities and threats. The defined scan cycles are customized according to your internal requirements or executed according to predefined best practices. We also provide our customers with technical support at all times, ready to answer any questions and provide assistance to ensure the security of the customer’s SAP systems at all times.

Alerting of critical events (zero-day exploits)

In case of zero-day exploits, we proactively inform the responsibles on customer side and advice to take action. Most of the times, we are already aware of new exploits in the SAP ecosystem before they are publicly announced.

Reporting and trending (incl. delta)

As a customer, you receive regular reportings on all security- and compliance-related activities that took place in the SAP system landscape during a pre-defined time frame (weekly, monthly, quarterly). These reports are produced in an understandable format and contain a summary of the most important events, vulnerabilities and recommendations for mitigation of security vulnerabilities and compliance risks. The reporting consists of the following:

• Detailed security audit report (word)
• Management summary (PDF)
• Test case details as CSV or JSON
• Delta analysis for defined time frame (customizable)
  
  

Security Strategy Meetings

In quarterly security strategy meetings we will highlight the overall security and compliance status of your SAP system landscape and discuss the next mitigation steps. During these meetings, we will provide specific guidance and act as a trusted advisor to answer all your questions.

Our SLAs ensure that the services provided meet the needs and requirements of our customers. The SLAs cover availability as well as response times to requests and more. Predefined SLAs are an important part of ensuring smooth cooperation with our customers and providing consistently high quality services.

In summary, the Managed Security Service with smarterSec Security Platform offers a comprehensive security package that provides you with continuous monitoring of your SAP system landscape, detection and mitigation of vulnerabilities as well as transparent control over all SAP security- and compliance-related activities within the organization.

Related topics: smarterSec Security Platform // Managed Security Service for SAP Enterprise Threat Detection