As the digital attack surface continues to evolve, it’s crucial to stay ahead of the curve in terms of cybersecurity. That’s why we are excited to share with you the advancements we’ve made to our platform to better protect our customers from cyber threats. In this blog series, we will continuously highlight the newest features and updates that make the smarterSec Security Platform even more powerful for safeguarding your digital assets. From enhanced threat detection to improved user experience, our improvements will help our customers to stay one step ahead of potential security breaches. Whether you’re a current user or just interested in learning more about smarterSec, this blog series is for you. Your feedback is more than welcome. So, join us as we take a closer look at the latest innovations for the smarterSec Security Platform.
If you want to dive deeper into the functionalities of the smarterSec Security Platform, you can find more information here: smarterSec Security Platform
New features & improvements
Main features
Enhanced SAProuter Support
We added support for additional operating systems. The smarterSec Security Platform now supports all operating systems that are maintained by SAP. The documentation sections “How to reproduce” and mitigation strategies are now individualized for each target operation system.
Configurable SIEM Integration
As our Security Platform is only one building block in a holistic security approach, customers often want to integrate it with their centralized SIEM system. That is why the integration with the SIEM systems was added to the platform some time ago. Now there are different SIEM systems, and they expect different formats, for example LEEF or CEF. To simplify the setup of the SIEM integration, a configuration panel was added to the platform. This allows you to enable the SIEM integration and select the desired SIEM format.
Hide exempted Findings from the Result Table
As a customer, I have the option of accepting the risk of a finding and exempting it. This can be done either in the smarterSec Security Platform (SSP) or directly in the SAP system. The SSP still shows the findings for audit purposes but marks them as exempt. To provide a clearer picture of the findings, the ability to hide exempt findings has been added.
Enable pre-delivered Scenarios
A scenario is a collection of different Testcases that have been selected for scanning. They simplify the work with manual scans. For example, during a mitigation project, you want to assess the progress of the project and only scan some specific Testcases. To avoid having to select them again and again, you can create a scenario and simply load it for a scan.
This release we added two pre-delivered scenarios. One to select all Testcases based on the DSAG Prüfleitfaden and one to select the Secure-by-Default Testcases.
Content
SAP NetWeaver AS ABAP
There have been over 50 Testcase additions and enhancements for this target type. The main categories for this release were ACL Files, UCON, Logging, and GDPR. Other categories that were affected are: Patch Management, RFC Connections, ICF Cookies, TMS Parameters and User Accounts.
We will update you on our new platform features regularly here in this blog – stay tuned and give us a follow on LinkedIn to not miss any further updates!
Related topics: Managed Security Service for the smarterSec Security Platform // smarterSec Security Platform