从网络安全的角度来看,SAP系统与许多其他澳门赌场官方下载应用程序的处理方式不同. 大多数SAP安全团队都是孤立的,只能靠自己来实现安全目标. Since SAP is so integral to organizations, SAP安全目标不在现有的24/7网络安全团队的雷达上,为Linux或微软环境执行响应操作是不寻常的. SAP团队必须与组织内的其他网络安全小组集成,以使他们能够使用统一整个澳门赌场官方下载环境的安全方法.
Closing the SAP Security Gap
SAP is a unique application that requires the security apparatus to be SAP-aware. It is considered a type of black box. It has a separate communication protocol and messaging bus. 所有网络安全团队都需要意识到这一点,以缩小安全漏洞并阻止威胁在澳门赌场官方下载环境中持续存在. Closing the SAP security gap requires several steps:
- 在周边部署SAP感知网络安全,包括南北巡检和SAP路由器、外部网关等关键节点.
- Apply internal segmentation for east-west inspection. User connections must be segmented from direct database access, messaging servers and between application servers and other enterprise landscapes.
- 确保安全标识符(用于指定或标识受托人的具有可变长度的唯一且不可更改的标识符)内的预生产环境和生产环境.
缩小SAP差距还意味着要意识到IT安全事件如何影响事务时间, since SAP is transactional and latency-sensitive. 像这样, 网络安全团队可能无法依赖SAP的高性能分析设备(HANA)等数据库进行每一次检查. They need to manage inspections in a thoughtful and low-latency manner. 除了, 网络专业人员应该对SAP协议有很好的理解,以便能够识别是否与厚客户机或动态信息和动作网关(DIAG)协议进行通信. DIAG是一种专有协议,它支持客户机-服务器通信并将表示(例如.g., SAP graphical user interface [GUI]) and application (e.g., NetWeaver) layer in SAP systems.
充分解决SAP网络安全差距还需要意识到漏洞周期1 and knowing what needs to be done and when. Managing the vulnerability cycle requires a holistic approach to SAP security (i.e., going beyond formal authorization and access management controls).
There are 3 pillars for addressing the vulnerability cycle:
- 强化系统-确保配置得到验证,执行基线并保护自定义代码库.
- Establish continued monitoring-每当事件偏离预设基线时,安全团队必须得到警报,并定期更新检测签名.2
- Embed patching into the regular release cycle—At a minimum, patching must be performed monthly.
Patching is critical and should be performed routinely (e.g,. implementing security notes and upgrading vulnerable components on a monthly basis), even if patching is done virtually. 虚拟修补包括保持签名的最新状态,并了解SAP的常见漏洞暴露(cve). 它提供了一种基于主动报告威胁的漏洞类型来减轻未打补丁系统中的向量的方法. Virtual patching can be conducted inline while a transaction is happening, triggered by either an intrusion prevention system or an intrusion detection system.
Having accurate user information readily available is critical; every second counts between incident identification and incident response.
除了, SAP security alerts3 must be delivered in a universal format. When a cybersecurity operator receives an alert from SAP, 它应该是可以理解的,而不需要SAP专业人员的干预. Every alert needs to be relevant and actionable, 或者接收SAP警报将很快导致安全疲劳,并且监视将减少为针对遵从性流程的检查标记. Security alerts must also be associated with the correct contact. 例如, 通过标准支持通道创建的SAP用户与由未知来源注入系统的关键用户非常不同. 所有网络安全人员必须能够访问SAP数据库中正确的联系信息, because every user event is associated with the person responsible. Having accurate user information readily available is critical; every second counts between incident identification and incident response.
真实案例研究
As is the case with many cybersecurity challenges, 除了技术控制之外,安全团队还应该考虑任何人为因素. 安全事件可以是一个人犯了无心之过,也可以是无意中暴露了澳门赌场官方下载数据, 面对心怀不满的员工企图泄露关键安全相关信息的恶意内部攻击.
SAP can help enterprises pay attention to the human element of cybersecurity. 例如, 人力资源(HR)运营中心曾经是一个社会工程攻击的目标,该攻击旨在改变员工的个人银行账户凭据. 恶意网络攻击者的目标是拦截员工的直接存款付款,并将这些资金转移到另一个账户. Unfortunately, this incident was not reported until employee paychecks went missing.
Analyzing the threat revealed that the bank account information was stored in SAP. To help address the situation, 网络安全人员利用SAP专注于数据库中的特定员工领域. 如果字段改变了, 向员工发送一封电子邮件,通知他们银行账户更改,并要求他们确认或否认他们发起了更改. If denied, a response team will immediately address the issue. 使用SAP标签来众包事件响应服务的用户澳门赌场官方下载创建了一个绊线响应,以克服直接员工响应的技术障碍.
结论
A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, ciso必须充分了解SAP如何应用于IT澳门赌场官方下载和组织环境,以帮助他们实现所有安全目标. 除了, ciso需要亲自了解他们的SAP团队成员,这样他们才能整合他们,而不是把他们禁锢在孤岛中.
Finally, SAP must be secured to the same degree as other enterprise applications. 当有Linux的时候, 微软, or even a hybrid cloud incident, 网络安全团队有一个详细的行动计划,他们准备采取行动. SAP requires high-level consideration, 或者,业务的关键要素将容易受到恶意网络行为者的攻击——而没有明显的反应.
尾注
1 SecurityBridge。”Automate and Simplify Vulnerability Management for SAP Applications and Custom Code”
2 SecurityBridge。”Interface Traffic Monitor”
3 SecurityBridge。”SAP威胁监控”
伊凡芒
从1997年开始在SAP领域工作的经验丰富的SAP技术顾问. In 2012, he cofounded SecurityBridge. In his current role as chief technology officer (CTO), he is a motivated driver who inspires people and pushes technology, contributing to the continuous innovation of the SecurityBridge Platform. 近年来, Mans经常在SAP活动上发表演讲,宣传SAP的安全性.