SlideShare una empresa de Scribd logo

The importance of applying SAP patches (Joris van de Vis)

Twan van den Broek
Twan van den Broek

Most of us apply the monthly patches for our Operating system (Macbooks, windows systems, etc). But what about the monthly security patches for our SAP systems? Many SAP running organisations don't do this as regular as they should. Some topics I'd like to discuss with the audience are; - Why don't they do that? - What are the risks involved? - How to improve things?

Tecnología
1 de 17
Descargar para leer sin conexión
The importance of applying SAP patches
ERP Security • Experts in SAP Security assessments and hardening • Worldwide top 5 found SAP Security research • Regular presenters on SAP Security • Developer Protect4S • Founded in 2010 • Several business partners in BeNeLux • Our mission is to raise the level of security of mission-critical SAP platforms with a minimal impact on daily business. Affiliations: Partners: “ERP-SEC works closely together with SAP to reduce risk in their customers systems. ERP-SEC was invited twice by SAP’s global security team in Walldorf to present on their ongoing SAP Security research”
Introduction • Results security assessments over the years are not good • Risk increased because of a more connected world • The question is not if you need to secure your SAP landscape, but HOW • Why? Fraud Sabotage Theft
0 100 200 300 400 500 600 700 800 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 SAP Security notes Findings of SAP and external researchers had lead to many patches: >4000 SAP SECURITY NOTES in total
Just 1 missing note can hurt you Game over… • Demotime
Just 1 missing note can hurt you Game over… • Demotime
Just 1 missing note can hurt you Game over… • Demotime
Typically seen at customers (no joke) • Customers apply SP Stack once every year or less • Some do SAP Security notes in between • Most do not apply SAP Security notes on monthly basis • Risk-window is long; months or even years • (Keep in mind: SAP Security notes are easy to Reverse Engineer) Long Risk-window
Long Risk-window
Your participation is appreciated: https://nl.surveymonkey.com/r/RM97TYC SAP Security notes survey
But what do they mean? • 42 • 895 Some numbers Min. number of days it took SAP to fix one of our >70 reported issues Max. number of days it took SAP to fix one of our >70 reported issues
A challenge for SAP customers • Testing • Securing SAP systems is complex and time consuming • Time-consuming task: implementing SAP Security notes • Up-to-now a manual, repetitive task • SAP notes released on a monthly base by dozens • Awareness • Time • Budget • Knowledge • …. Some reasons for bad patchmanagement
To know what SAP Security notes you are missing there are a few options: • SAP Marketplace – Security notes launchpad  Match manually with systems • SAP Solution Manager – System Recommendations • 3rd party tooling Solutions?
Our Solution
Business Benefits Apply up to 75 % of SAP Security notes automatically to • Drastically reduce boring, manual, repetetive activities • Have better secured SAP systems (Patch frequentie can be raised) • Save time and focus on other security items • Have better compliance SAP Security notes
SAP, R/3, ABAP, SAP GUI, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. The authors assume no responsibility for errors or omissions in this document. The authors do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. The authors shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of this document. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content, and SAP Group shall not be liable for errors or omissions with respect to the materials. No part of this document may be reproduced without the prior written permission of ERP Security BV. © 2017 ERP Security BV. Disclaimer
The importance of applying SAP patches (Joris van de Vis)

Recomendados

Introduction to Puppet Enterprise- UK (02/25/2016)
Introduction to Puppet Enterprise- UK (02/25/2016)Introduction to Puppet Enterprise- UK (02/25/2016)
Introduction to Puppet Enterprise- UK (02/25/2016)
Puppet
 
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
Tori Wieldt
 
Sage Schweiz - Cleosolutions.ch
Sage Schweiz - Cleosolutions.chSage Schweiz - Cleosolutions.ch
Sage Schweiz - Cleosolutions.ch
robalddicardo
 
Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1
Puppet
 
Critical Considerations for Continuous Delivery 04.09.2018
Critical Considerations for Continuous Delivery 04.09.2018Critical Considerations for Continuous Delivery 04.09.2018
Critical Considerations for Continuous Delivery 04.09.2018
Claire Priester Papas
 
Intro to PE 01/26/2016 UK
Intro to PE 01/26/2016 UKIntro to PE 01/26/2016 UK
Intro to PE 01/26/2016 UK
Puppet
 
Introduction to Puppet Enterprise- 03/03/2016
Introduction to Puppet Enterprise- 03/03/2016Introduction to Puppet Enterprise- 03/03/2016
Introduction to Puppet Enterprise- 03/03/2016
Puppet
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
 

Recomendados

Introduction to Puppet Enterprise- UK (02/25/2016)
Introduction to Puppet Enterprise- UK (02/25/2016)Introduction to Puppet Enterprise- UK (02/25/2016)
Introduction to Puppet Enterprise- UK (02/25/2016)
Puppet
 
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously! Defining the Principles, Habits, and Practices of Site Reliabilit...
Tori Wieldt
 
Sage Schweiz - Cleosolutions.ch
Sage Schweiz - Cleosolutions.chSage Schweiz - Cleosolutions.ch
Sage Schweiz - Cleosolutions.ch
robalddicardo
 
Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1
Puppet
 
Critical Considerations for Continuous Delivery 04.09.2018
Critical Considerations for Continuous Delivery 04.09.2018Critical Considerations for Continuous Delivery 04.09.2018
Critical Considerations for Continuous Delivery 04.09.2018
Claire Priester Papas
 
Intro to PE 01/26/2016 UK
Intro to PE 01/26/2016 UKIntro to PE 01/26/2016 UK
Intro to PE 01/26/2016 UK
Puppet
 
Introduction to Puppet Enterprise- 03/03/2016
Introduction to Puppet Enterprise- 03/03/2016Introduction to Puppet Enterprise- 03/03/2016
Introduction to Puppet Enterprise- 03/03/2016
Puppet
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
 
sps1-RecordOfAchievement
sps1-RecordOfAchievementsps1-RecordOfAchievement
sps1-RecordOfAchievement
Kevin Dass
 
Inflectra CodeCamp Internship Introduction
Inflectra CodeCamp Internship IntroductionInflectra CodeCamp Internship Introduction
Inflectra CodeCamp Internship Introduction
Adam Sandman
 
Tehnoloģijas. 3. sesija
Tehnoloģijas. 3. sesijaTehnoloģijas. 3. sesija
Tehnoloģijas. 3. sesija
Lielvārds
 
Scm webinar digital transformation
Scm webinar digital transformationScm webinar digital transformation
Scm webinar digital transformation
Panaya
 
Agile Management with ITPP
Agile Management with ITPPAgile Management with ITPP
Agile Management with ITPP
Smidigkonferansen
 
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
CodeScience
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
Puppet
 
SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018
jvandevis
 
Short introduction to SAP security research (sitNL)
Short introduction to SAP security research (sitNL)Short introduction to SAP security research (sitNL)
Short introduction to SAP security research (sitNL)
Twan van den Broek
 
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
jvandevis
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
Achim D. Brucker
 
SAP all cloud connect - innovate your future making change your advantage
SAP all cloud connect - innovate your future making change your advantageSAP all cloud connect - innovate your future making change your advantage
SAP all cloud connect - innovate your future making change your advantage
Ian Grant-Smith
 
Protect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksProtect Your Customers Data from Cyberattacks
Protect Your Customers Data from Cyberattacks
SAP Customer Experience
 
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
SAP Analytics
 
SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best
SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best
SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best
Erptac Bangalore
 
SAP WPB
SAP WPBSAP WPB
SAP WPB
ALB301608
 
SAP WPB
SAP WPBSAP WPB
SAP WPB
ALB301608
 
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
Kevin Cox
 
Innovate and Extend with an Agile Digital Enterprise Platform
Innovate and Extend with an Agile Digital Enterprise PlatformInnovate and Extend with an Agile Digital Enterprise Platform
Innovate and Extend with an Agile Digital Enterprise Platform
Vladimir Pavlov
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial Tools
Achim D. Brucker
 
26764 Waldemar Adams 151116 BCN SAP Select
26764 Waldemar Adams 151116 BCN SAP Select26764 Waldemar Adams 151116 BCN SAP Select
26764 Waldemar Adams 151116 BCN SAP Select
Waldemar Adams
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
Achim D. Brucker
 

Más contenido relacionado

La actualidad más candente

sps1-RecordOfAchievement
sps1-RecordOfAchievementsps1-RecordOfAchievement
sps1-RecordOfAchievement
Kevin Dass
 

La actualidad más candente (7)

sps1-RecordOfAchievement
sps1-RecordOfAchievementsps1-RecordOfAchievement
sps1-RecordOfAchievement
 
Inflectra CodeCamp Internship Introduction
Inflectra CodeCamp Internship IntroductionInflectra CodeCamp Internship Introduction
Inflectra CodeCamp Internship Introduction
 
Tehnoloģijas. 3. sesija
Tehnoloģijas. 3. sesijaTehnoloģijas. 3. sesija
Tehnoloģijas. 3. sesija
 
Scm webinar digital transformation
Scm webinar digital transformationScm webinar digital transformation
Scm webinar digital transformation
 
Agile Management with ITPP
Agile Management with ITPPAgile Management with ITPP
Agile Management with ITPP
 
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
10 Tips to Pass Salesforce Security Review (and Steps to Take If You Don’t!)
 
Introduction to Puppet Enterprise
Introduction to Puppet EnterpriseIntroduction to Puppet Enterprise
Introduction to Puppet Enterprise
 

Similar a The importance of applying SAP patches (Joris van de Vis)

Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
Achim D. Brucker
 
SAP all cloud connect - innovate your future making change your advantage
SAP all cloud connect - innovate your future making change your advantageSAP all cloud connect - innovate your future making change your advantage
SAP all cloud connect - innovate your future making change your advantage
Ian Grant-Smith
 
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
SAP Analytics
 
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
Kevin Cox
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
Achim D. Brucker
 
Sitnl 2012 erp security
Sitnl 2012 erp securitySitnl 2012 erp security
Sitnl 2012 erp security
jvandevis
 

Similar a The importance of applying SAP patches (Joris van de Vis) (20)

SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018SAP Inside Track Frankfurt 2018 #Sitfra 2018
SAP Inside Track Frankfurt 2018 #Sitfra 2018
 
Short introduction to SAP security research (sitNL)
Short introduction to SAP security research (sitNL)Short introduction to SAP security research (sitNL)
Short introduction to SAP security research (sitNL)
 
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
Erp security joris-van_de_vis_sap_security_sitnl_2015_v0.2
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
 
SAP all cloud connect - innovate your future making change your advantage
SAP all cloud connect - innovate your future making change your advantageSAP all cloud connect - innovate your future making change your advantage
SAP all cloud connect - innovate your future making change your advantage
 
Protect Your Customers Data from Cyberattacks
Protect Your Customers Data from CyberattacksProtect Your Customers Data from Cyberattacks
Protect Your Customers Data from Cyberattacks
 
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
#askSAP Analytics Innovations Community Call: SAP Predictive Analytics
 
SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best
SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best
SAP TRAINING MATERIAL FREE DOWNLOAD - ERPTAC is best
 
SAP WPB
SAP WPBSAP WPB
SAP WPB
 
SAP WPB
SAP WPBSAP WPB
SAP WPB
 
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
2011 BtoB Magazine Net Marketer Seminar "Digital branded experiences"
 
Innovate and Extend with an Agile Digital Enterprise Platform
Innovate and Extend with an Agile Digital Enterprise PlatformInnovate and Extend with an Agile Digital Enterprise Platform
Innovate and Extend with an Agile Digital Enterprise Platform
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial Tools
 
26764 Waldemar Adams 151116 BCN SAP Select
26764 Waldemar Adams 151116 BCN SAP Select26764 Waldemar Adams 151116 BCN SAP Select
26764 Waldemar Adams 151116 BCN SAP Select
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
 
Stefan Van der Wilt - How can SuccessFactors Analytics support the HR line of...
Stefan Van der Wilt - How can SuccessFactors Analytics support the HR line of...Stefan Van der Wilt - How can SuccessFactors Analytics support the HR line of...
Stefan Van der Wilt - How can SuccessFactors Analytics support the HR line of...
 
SAP Customer Success Profile: Maximizing Productivity with SAP Gateway Produc...
SAP Customer Success Profile: Maximizing Productivity with SAP Gateway Produc...SAP Customer Success Profile: Maximizing Productivity with SAP Gateway Produc...
SAP Customer Success Profile: Maximizing Productivity with SAP Gateway Produc...
 
protect4s-product-sheet
protect4s-product-sheetprotect4s-product-sheet
protect4s-product-sheet
 
Sitnl 2012 erp security
Sitnl 2012 erp securitySitnl 2012 erp security
Sitnl 2012 erp security
 
Sitnl 2012 erp security
Sitnl 2012 erp securitySitnl 2012 erp security
Sitnl 2012 erp security
 

Más de Twan van den Broek

How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
Twan van den Broek
 
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Twan van den Broek
 
Building an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversityBuilding an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversity
Twan van den Broek
 

Más de Twan van den Broek (20)

How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
How SAP Leonardo is empowering animal wellbeing (Leon / Harmen)
 
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
Can you keep up with SAP Analytics Cloud? (Martijn van Foeken)
 
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)SAP Data Hub – What is it, and what’s new? (Sefan Linders)
SAP Data Hub – What is it, and what’s new? (Sefan Linders)
 
SAP HANA SQL Data Warehousing (Sefan Linders)
SAP HANA SQL Data Warehousing (Sefan Linders)SAP HANA SQL Data Warehousing (Sefan Linders)
SAP HANA SQL Data Warehousing (Sefan Linders)
 
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
SAP analytics as enabler for the intelligent enterprise (Iver van de Zand)
 
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
Beyond OData introducing the xmla model for ui5 (Roland Bouwman)
 
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
Integrating SAPUI5 with ArcGIS Maps (Leon van Ginneken)
 
SQL Data Warehousing in SAP HANA (Sefan Linders)
SQL Data Warehousing in SAP HANA (Sefan Linders)SQL Data Warehousing in SAP HANA (Sefan Linders)
SQL Data Warehousing in SAP HANA (Sefan Linders)
 
SAP Predictive Analytics (Nico van der Hoeven)
SAP Predictive Analytics (Nico van der Hoeven)SAP Predictive Analytics (Nico van der Hoeven)
SAP Predictive Analytics (Nico van der Hoeven)
 
Blockchain for the Enterprise
Blockchain for the EnterpriseBlockchain for the Enterprise
Blockchain for the Enterprise
 
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
DIR - A tribute to Standards and Guidelines... (Laurens van Rijn)
 
Building an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversityBuilding an innovation culture - Powered by diversity
Building an innovation culture - Powered by diversity
 
SAP Leonardo / Machine Learning (Iver van de Zand)
SAP Leonardo / Machine Learning (Iver van de Zand)SAP Leonardo / Machine Learning (Iver van de Zand)
SAP Leonardo / Machine Learning (Iver van de Zand)
 
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
SAP TechEd recap (Ronald Konijnenburg / Sven van Leuken)
 
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
Masterclass Mendix (Jan Penninkhof / Twan van den Broek)
 
Masterclass Machine Learning (Ronald Kleijn)
Masterclass Machine Learning (Ronald Kleijn)Masterclass Machine Learning (Ronald Kleijn)
Masterclass Machine Learning (Ronald Kleijn)
 
SAP Run Live Truck - SAP Cloud Platform use cases
SAP Run Live Truck - SAP Cloud Platform use casesSAP Run Live Truck - SAP Cloud Platform use cases
SAP Run Live Truck - SAP Cloud Platform use cases
 
Recap SAP Inside Track NL (sitNL)
Recap SAP Inside Track NL (sitNL)Recap SAP Inside Track NL (sitNL)
Recap SAP Inside Track NL (sitNL)
 
Welcome at SAP Inside Track NL (sitNL)
Welcome at SAP Inside Track NL (sitNL)Welcome at SAP Inside Track NL (sitNL)
Welcome at SAP Inside Track NL (sitNL)
 
Finding ABAP
Finding ABAPFinding ABAP
Finding ABAP
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

The importance of applying SAP patches (Joris van de Vis)

  • 2. ERP Security • Experts in SAP Security assessments and hardening • Worldwide top 5 found SAP Security research • Regular presenters on SAP Security • Developer Protect4S • Founded in 2010 • Several business partners in BeNeLux • Our mission is to raise the level of security of mission-critical SAP platforms with a minimal impact on daily business. Affiliations: Partners: “ERP-SEC works closely together with SAP to reduce risk in their customers systems. ERP-SEC was invited twice by SAP’s global security team in Walldorf to present on their ongoing SAP Security research”
  • 3. Introduction • Results security assessments over the years are not good • Risk increased because of a more connected world • The question is not if you need to secure your SAP landscape, but HOW • Why? Fraud Sabotage Theft
  • 4. 0 100 200 300 400 500 600 700 800 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 SAP Security notes Findings of SAP and external researchers had lead to many patches: >4000 SAP SECURITY NOTES in total
  • 5. Just 1 missing note can hurt you Game over… • Demotime
  • 6. Just 1 missing note can hurt you Game over… • Demotime
  • 7. Just 1 missing note can hurt you Game over… • Demotime
  • 8. Typically seen at customers (no joke) • Customers apply SP Stack once every year or less • Some do SAP Security notes in between • Most do not apply SAP Security notes on monthly basis • Risk-window is long; months or even years • (Keep in mind: SAP Security notes are easy to Reverse Engineer) Long Risk-window
  • 10. Your participation is appreciated: https://nl.surveymonkey.com/r/RM97TYC SAP Security notes survey
  • 11. But what do they mean? • 42 • 895 Some numbers Min. number of days it took SAP to fix one of our >70 reported issues Max. number of days it took SAP to fix one of our >70 reported issues
  • 12. A challenge for SAP customers • Testing • Securing SAP systems is complex and time consuming • Time-consuming task: implementing SAP Security notes • Up-to-now a manual, repetitive task • SAP notes released on a monthly base by dozens • Awareness • Time • Budget • Knowledge • …. Some reasons for bad patchmanagement
  • 13. To know what SAP Security notes you are missing there are a few options: • SAP Marketplace – Security notes launchpad  Match manually with systems • SAP Solution Manager – System Recommendations • 3rd party tooling Solutions?
  • 15. Business Benefits Apply up to 75 % of SAP Security notes automatically to • Drastically reduce boring, manual, repetetive activities • Have better secured SAP systems (Patch frequentie can be raised) • Save time and focus on other security items • Have better compliance SAP Security notes
  • 16. SAP, R/3, ABAP, SAP GUI, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. The authors assume no responsibility for errors or omissions in this document. The authors do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. The authors shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of this document. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content, and SAP Group shall not be liable for errors or omissions with respect to the materials. No part of this document may be reproduced without the prior written permission of ERP Security BV. © 2017 ERP Security BV. Disclaimer