Updates: smarterSec Security Platform 05/23

Updates on the smarterSec Security Platform from May 2023

Welcome to our new blog series covering the latest update (new features and improvements) for the smarterSec Security Platform! As the digital attack surface continues to evolve, it’s crucial to stay ahead of the curve in terms of cybersecurity. That’s why we are excited to share with you the advancements we’ve made to our platform to better protect our customers from cyber threats. In this series, we will highlight the newest features and updates that make the smarterSec Security Platform even more powerful for safeguarding your digital assets. From enhanced threat detection to improved user experience, our improvements will help our customers to stay one step ahead of potential security breaches. Whether you’re a current user or just interested in learning more about smarterSec, this blog series is for you. Your feedback is more than welcome. So, join us as we take a closer look at the latest innovations for the smarterSec Security Platform.

With the beginning of our new blog series, we would like to give you a short introduction on what the smarterSec Security Platform is all about and why it is different from other security solutions on the market.

What is the smarterSec Security Platform (SSP)?

The smarterSec Security Platform is a zero-footprint solution to analyze business-critical SAP IT-infrastructure. It was designed with the focus to cover a complete SAP landscape (NetWeaver, S/4HANA, Cloud Connector, etc.) and does not require any installation of additional software or add-ons within your SAP environment to operate.

Instead, it uses remote scanning techniques to receive information about the system and identify potential vulnerabilities, misconfigurations, and other security issues as well as GDPR violations. This approach allows comprehensive security monitoring without impacting the performance or stability of a source-system and provides near real-time threat detection and analysis capabilities.

The smarterSec Security Platform can be operated on-premise or in the cloud, by the customer or by smarterSec in combination with a Managed Security Service.  

Figure 1: smarterSec Security Platform capabilities

Further details about the smarterSec Security Platform can be found here: smarterSec Security Platform

New features & improvements

Main feature
Security Dashboard

The main feature we lately implemented into our platform is the smarterSec security dashboard. smarterSec’s Security Dashboard which is implemented into our platform will provide in-depth reporting functions. This will help to enable detection, remediation, and prevention of cyber threats caused by vulnerabilities in system settings. Based on the input from our platform users and our internal requirements, we implemented the following components into our central dashboard:

  • General Security & Compliance status of the complete SAP system landscape
    • Trending, Heatmap, Pie Chart, Filtering on severity and/or test case categories
  •  Security & Compliance status of the connected SAP systems (drill-down)
    • Trending, Heatmap, Pie Chart, Filtering on severity and/or test case categories
    • Testcase execution history, that shows when and how regular testcases were executed
    • Security state report (Status reporting for explicit date)

 You can get a first look at the smarterSec security dashboard below:

Figure 2: Dashboard overview – trending, heatmap, pie chart

Minor features

Besides our main feature, we always include several minor features into our development sprints. You can find some highlights of minor features we implemented during the last sprint as follows:

  • Improved result view

Figure 3: Result view – smarterSec Security Platform

  • Improved Testcase descriptions / documentation

Figure 4: Test case documentation (example)

  • Improved export functionality

Figure 5: Export function scan results

New Testcases
  • Users with developer key in production
  • Users with Role SAP_AUDITOR

Testcase Improvements

The following Testcases have been improved in different areas:

  • Unwanted SICF node
  • Active modifications in SAP Standard Workbench Objects
  • Checks days between delivery and implementation of package
  • Weak password hashes

Bug Fixes
  • Scan engine limitation in regards of data sources
  • Docker Desktop admin privileges for the on-premise installation

Sneak peek & what we are working on next

For our next sprint, the main feature we are focusing on for our smarterSec Security Platform will be the integration of the

  • SAP Cloud Connector

The goal is to enable our platform to analyze the configuration, set-up, and connections of the SAP Cloud Connector in all related security and compliance aspects.

This was requested one of the most important features as the SAP Cloud Connector connects basically to all main SAP systems and if compromised all the configured SAP systems are in danger too.

We will update you on our new platform features regularly here in this blog – stay tuned and give us a follow on LinkedIn to not miss any further updates!

Questions or concerns about anything we’ve rolled out lately?

Please get in touch with us directly!

Related topics: Managed Security Service for the smarterSec Security Platform // smarterSec Security Platform