enterprise threatmonitor - ibm
TRANSCRIPT
ESNC ESNCESNCSecurity Solutions for SAP Applications
SAP Security Monitoring with IBM QRadar and Enterprise Threat Monitor
www.enterprise-threat-monitor.com
Enterprise ThreatMonitor™
!
Security Breaches Are a Big Problem Worldwide
The US Investigation Services (USIS) Breach Confidential data for 27,000 Department of Homeland Security (DHS) employees breached through SAP system. USIS’s DHS contract canceled; company filed for bankruptcy.
Recent IBM study shows average data breach is costly $3.79 million is the average total cost of a single data breach. 23% increase in total cost associated with data breach since 2013. Ebay, JP Morgan Chase, British Airways, UPS suffered major data breaches
Source: http://www.nextgov.com, IBM - 2015 Cost of Data Breach Study
Hackers Stole over $80 Million from Bangladesh Central Bank this March
87% of the Global 2000 companies rely on SAP
FI• Bank accounts• Pricing
strategy
HR• Salary infos• PII• SSN
BW• Vendors• Strategy
details
CRM • Customer info• Credit cards
SRM• RfPs, bids• Business
negotiations• Supplier info
SAP is the heart of the enterprise
- Sensitive data is stored on SAP - Hackers are constantly discovering new
methods to attack business systems
CONFIDENTIAL AND PROPRIETARY
Someone steals the password of a service user and uses it to download customer master data?
Someone uses debug/replace to bypass authorization checks and delete/change business data?
An external consultant misuses his rights and views sensitive employee salary information?
Blind spot: User activity and insider threats
****
$
Can you detect if…
CONFIDENTIAL AND PROPRIETARY
Introducing Enterprise Threat Monitor for SAP Applications
Find the hackers in your SAP landscape
- Identify attacks in real time. - Analyze threats quickly and neutralize
before they can cause serious damage.
Enterprise ThreatMonitor™
CONFIDENTIAL AND PROPRIETARY
ETM has over 300 high quality SAP threat detection cases ready for QRadar
- Uses its built-in threat detection patterns to detect suspicious activities and attacks
- Eliminates false positives by its adaptive noise reduction engine
- Resulting high quality, pre-correlated offenses are sent to QRadar
Enterprise ThreatMonitor™
SAP specific correlation
IBM QRadar IntegrationHR
ERP CRM
ETM sends alerts in real-time
Secure Portal
CONFIDENTIAL AND PROPRIETARY
Sample Use Cases
- SAP debugging is used for bypassing transaction authorizations - An unauthorized user assigned a critical SAP role to another user - A user downloaded customer master or payroll data to its PC - Users are sharing their SAP accounts - Failed logons of multiple SAP users from the same workstation - A production SAP system is opened to changes - An HR terminated employee's SAP account is used for
connecting to an SAP system
Find out if:
CONFIDENTIAL AND PROPRIETARY
QRadar Integration Steps
- Download Enterprise Threat Monitor: • https://www.enterprise-threat-monitor.com/download
- Follow the steps for connecting to SAP: • https://www.enterprise-threat-monitor.com/installation
- Use built-in SIEM wizard to add your QRadar system. - Import ETM log source extension and configure event
properties, QID mappings, and QRadar specific settings using ETM’s step-by-step guide.
- DONE!
From 0 to real-time SAP security monitoring
SAP specific correlation
Enterprise ThreatMonitor™
ESNC ESNCESNCSecurity Solutions for SAP Applications
Thank you
EnterpriseThreatMonitorisaregisteredtrademarkofESNCGmbH,Germany.ThisdocumentcontainsreferencestoproductsofSAPSE.SAP,ABAP,SAPGUIandothernamedSAPproductsandassociatedlogosarebrandnamesorregisteredtrademarksofSAPSEinGermanyandothercountriesintheworld.HPandArcSightareregisteredtrademarksofHewleF-PackardDevelopmentCompany,L.P.SplunkisaregisteredtrademarkofSplunk,Inc.IBMandQRadararetrademarksofInternaMonalBusinessMachinesCorporaMon.Thecontentsofthisdocumentisproprietary.
www.esnc.de |
Nördliche Münchnerstr. 15a, 80807 Grunwald by Munich/Germany
1355 Market Street – Suite 488 San Francisco, California/USA
Try ETM 14 days for free www.enterprise-threat-monitor.com