Service description

Implementation

Installation of the smarterSec Security Platform

Whether you want us to operate the smarterSec Security Platform in the cloud (hosted by smarterSec on German servers) or on-premise in your IT environment, we realize the full installation and initial setup to become operational.

Connection of the SAP sytems

After the initial installation, we ensure a smooth connection of the licensed SAP systems in scope and provide the neccessary SAP role(s) with pre-defined authorizations to enable scanning.

Please refer to smarterSec Security Platform to get an overview of all SAP infrastructure components that can be analyzed and monitored.

Configuration of the platform

Another important aspect of our Managed Security Service is the configuration of regular scan cycles. The scan cycles are customized according to your compliance requirements or executed according to predefined standards, which include specifications of various acknowledged industry standards. We can customize the scan cycles for each individual scan and run them at any defined frequency.

Analysis

Initial security, compliance and GDPR analysis

To ensure that the Managed Security Service is perfectly tailored to your needs, we perform a complete initial analysis for all SAP systems in scope. The analysis includes the identification of security & compliance vulnerabilities as well as potential risks through non-compliance GDPR data.

Presentation of the most critical results

The most critical results of the initial analysis will be presented in a 2-hour meeting, explaining the risks behind the identified vulnerabilities. In certain cases we build exploits to highlight the criticality of dedicated vulnerabilities in your SAP systems.

Recommendations for action to mitigate vulnerabilities

For every identified security vulnerability and compliance risk, we give recommendation with guidelines on how to remediate the vulnerabilities and risks inside your SAP systems. We also give mitigation advices to tackle “low-hanging fruits” – vulnerabilities and risks that do not require a lot of time to mitigate but have a high impact on the system security and compliance.

SAP Security Roadmap

After the initial analyses and presentation of the results, we create a customized SAP Security Roadmap for our customers.

The SAP Security Roadmap serves as the basis for a step-by-step implementation of security improvements and the mitigation of vulnerabilities, based on a clear, prioritized action plan. This plan takes into account both technical and organizational aspects and serves as a guideline for the implementation of the recommended security measures.

You can find an overview of our SAP Security Roadmap Service at SAP Security Roadmap.

Security Operation

Continuous security, compliance and GDPR analysis

In the daily security operation, we continuously monitor all connected SAP systems within your landscape for vulnerabilities and threats. The defined scan cycles are customized according to your internal requirements or executed according to predefined best practices. We also provide our customers with technical support at all times, ready to answer any questions and provide assistance to ensure the security of the customer’s SAP systems at all times.

Alerting of critical events (zero-day exploits)

In case of zero-day exploits, we proactively inform the responsibles on customer side and advice to take action. Most of the times, we are already aware of new exploits in the SAP ecosystem before they are publicly announced.

Reporting and trending (incl. delta)

As a customer, you receive regular reportings on all security- and compliance-related activities that took place in the SAP system landscape during a pre-defined time frame (weekly, monthly, quarterly). These reports are produced in an understandable format and contain a summary of the most important events, vulnerabilities and recommendations for mitigation of security vulnerabilities and compliance risks. The reporting consists of the following:

• Detailed security audit report (word)
• Management summary (PDF)
• Test case details as CSV or JSON
• Delta analysis for defined time frame (customizable)
  
  

Hands-On Mitigation Sessions

In regular hands-on mitigation sessions, we work with our customers to remediate the identified vulnerabilities in the SAP system. This ensures continuous improvement of the security level and a transfer of know-how into the organization. Customers can rely on our expertise in eliminating vulnerabilities as we guide them step by step through defined remediation processes.

Security Strategy Meetings

In quarterly security strategy meetings we will highlight the overall security and compliance status of your SAP system landscape and discuss the next mitigation steps. During these meetings, we will provide specific guidance and act as a trusted advisor to answer all your questions.

Our SLAs ensure that the services provided meet the needs and requirements of our customers. The SLAs cover availability as well as response times to requests and more. Predefined SLAs are an important part of ensuring smooth cooperation with our customers and providing consistently high quality services.

In summary, the Managed Security Service with smarterSec Security Platform offers a comprehensive security package that provides you with continuous monitoring of your SAP system landscape, detection and mitigation of vulnerabilities as well as transparent control over all SAP security- and compliance-related activities within the organization.

Your benefits at a glance

• Continuous and automated monitoring of security- and compliance-relevant activities in your SAP system 
• Pre-defined reporting cycles on new vulnerabilities and changes within the SAP system (trending)
• Recommendations for action to remediate the vulnerabilities found and optimize the SAP system
• Hands-on mitigation sessions for the remediation of vulnerabilities including know-how transfer
• Flexible adaptation of guidelines to customer policies
• No installation or upgrades, no hardware and no internal analysis efforts

Related topics: smarterSec Security Platform // Managed Security Service for SAP Enterprise Threat Detection

Follow Us on Social Media