Updates on the smarterSec Security Platform from July 2023
As the digital attack surface continues to evolve, it’s crucial to stay ahead of the curve in terms of cybersecurity. That’s why we are excited to share with you the advancements we’ve made to our platform to better protect our customers from cyber threats. In this blog series, we will continuously highlight the newest features and updates that make the smarterSec Security Platform even more powerful for safeguarding your digital assets. From enhanced threat detection to improved user experience, our improvements will help our customers to stay one step ahead of potential security breaches. Whether you’re a current user or just interested in learning more about smarterSec, this blog series is for you. Your feedback is more than welcome. So, join us as we take a closer look at the latest innovations for the smarterSec Security Platform.
If you want to dive deeper into the functionalities of the smarterSec Security Platform, you can find more information here: https://smartersec.com/smartersec-security-platform/
New features & improvements
Main feature(s)
New target: SAP Cloud Connector
Support for scanning the SAP Cloud Connector with our platform was added.
This includes the following new testcases:
- A corporate LDAP system must be set up
- A service user must be created and used for technical connections
- CPIC trace level must be properly set
- Insecure Cipher Suites
- Proper use of trust store allowlist
- Use of default UI certificate
New target: SAP Business Technology Platform (BTP)
We now officially support SAP BTP as a new source system.
This includes the following new testcases:
- Assignment of critical roles and privileges
- Attempted brute force attack on service instances
- Change of critical configuration (e.g.: such as audit log configuration)
- Authorization token request from unknown destination
- Activation of critical service instances
Minor feature(s)
User Administration and Permissions
- Allowed end users can now register on our central platform service.
- From the central platform service, granted users can register a global account for their company. Other users can be added to this account by the administrating user.
- A global account can contain multiple subaccounts, they can now automatically be spawned (if licensed). Users that are assigned to the global account can be added to the tenant applications with the corresponding privileges.
- Users that no longer exist are automatically removed from global and subaccounts.
- User roles and privileges can be administrated at any time.
- Note: Data and network access is strictly limited and separated logically and physically to the customer’s scope.
Portable platform version for initial risk assessments
We are now supporting a non-distributed version of our platform. The lightweight installation setup can run on any Windows or Linux computer and can even be launched from trusted USB-devices without any additional software installation.
Additional changes – Testcases
Netweaver:
- New: Transports created in productive environments.
- Several improvements to reduce data selection and improve our recommendations.
SAP Cloud Connector:
- Initial testcases from #main-features
SAP BTP:
- Initial testcases from #main-features
Minor improvements
- Improved testcase descriptions / documentation
- Extended installation documentation & installation script with new scenario
- Renamed several testcase categories to improve self-explanatory wording.
Bug Fixes
- Minor improvements in the UI/UX (formatting issues)
- Mitigation of typos and misleading error messages.
- Implemented a fallback solution for potentially missing function modules in SAP (to improve backwards-compatibility)
Sneak peek & what next
For our next development sprint, the main feature we are focusing on integrating into our smarterSec Security Platform is:
Monitoring
We would like to improve the user experience regarding the monitoring capabilities. Already scheduled scans will soon be configurable outside the admin panel (own view). Additionally, there will be more filtering options for testcases inside the dashboard overview. Last but not least, we will improve the selection and processing for log-based testcases.
SAP BTP
We are planning to extend the configuration properties for SAP BTP source systems to improve scheduled scans for multiple service instances at a time.
Testcase configuration
Testcases configurations will be available for more users. Custom values / policies that differ from our recommendation will be configurable for each target (new role).
We will update you on our new platform features regularly here in this blog – stay tuned and give us a follow on LinkedIn to not miss any further updates!
Related topics: Managed Security Service for the smarterSec Security Platform // smarterSec Security Platform