Onapsis SAP tool traps security holes


Onapsis SAP tool traps security holes

Cliff Saran

Onapsis, a provider of enterprise resource planning (ERP) security software has released a product to assess security risks on production SAP systems.

Mariano Nuñez Di Croce, director of research and development at Onapsis, said, "For several years, the auditing and IT security industries have considered that the deployment of segregation-of-duties controls was enough to enforce the security of SAP systems.

"There are many other threats that are overlooked and involve much higher levels of risk, such as the security vulnerabilities in the technological components that build up SAP platforms."

In April, at the Black Hat Europe conference in Barcelona, Di Croce warned that default SAP installations, enabled anyone to connect to the SAP database and modify the system without detection.

The Onapsis X1 connects remotely to every SAP component in the network, executing assessment modules to detect existing risks, the company said. The tool produces a report, with vulnerability information and remediation plans.

In addition, Onapsis X1, includes a tool called BizRisk Illustration, which Di Croce said would enable an IT security officers to demonstrate the business impact of existing technical weaknesses."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy