Vulnerabilities / Threats

2/28/2019
12:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IBM X-Force Red Adds Onapsis to Uncover Critical Vulnerabilities

Onapsis ERP technology will help IBM identify exploitable vulnerabilities in business-critical applications like SAP and Oracle.

Boston, MA - February 28, 2019 - Onapsis, the global leaders in ERP cybersecurity and compliance, today announced IBM Security’s team of veteran hackers, X-Force Red, will use its ERP technology to help organizations identify exploitable vulnerabilities in their business-critical applications. X-Force Red will use Onapsis’ ERP technology when performing vulnerability assessments and penetration testing against SAP and Oracle applications to help quickly uncover known and unknown vulnerabilities. 

Customers can access X-Force Red’s services through the X-Force Red Portal, the team’s cloud-based communications and collaboration platform.  Using the X-Force Red Portal, customers can sign up for tests and assessments, check their status, view findings as they are uncovered, view remediation recommendations, and communicate directly with X-Force Red testers, eliminating time-consuming back and forth and the manual sharing of spreadsheets. 

“We are very excited to be a part of X-Force Red’s vulnerability assessment offering. In the face of explosive growth in attacks to ERP systems, as evidenced by the US Department of Homeland Security releasing two critical alerts in the past three years, organizations have realized they must incorporate ERP continuous vulnerability assessment and monitoring into their security programs. With Onapsis’ patented ERP cybersecurity technology, combined with X-Force Red’s security expertise and attacker mindset, organizations can now quickly understand their security posture, and receive actionable information on how to ensure the core of their business is secure,” said Mariano Nunez, CEO and Co-founder, Onapsis Inc. 

“SAP and Oracle ERP are applications that many organizations use for sensitive business processes,” said Charles Henderson, Global Partner and Head of X-Force Red. “Because of their importance and the kind of data they hold, it is crucial these applications are scanned and tested continuously so that critical vulnerabilities can be remediated before attackers find them. Our collaboration with Onapsis will make that mission come to fruition.”   

X-Force Red delivers vulnerability assessment and security testing programs that focus on uncovering vulnerabilities across applications, hardware, personnel, internet-connected devices, networks, cars, ATMs, blockchain and just about everything else. The team is comprised of veteran hackers who apply the same tools, techniques, practices and mindset as attackers, uncovering exploitable vulnerabilities that may lead criminals to the crowned jewels.

This collaboration further highlights Onapsis’ increased effort on growing the global ERP security partner ecosystem. Onapsis also works closely with the IBM Security Services group for protecting, continuous monitoring, addressing compliance and enabling cloud migrations of some of the world’s largest organizations.

About Onapsis

Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis's solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform™, which is the most widely-used SAP-certified cybersecurity solution on the market. Unlike generic security products, Onapsis's context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs, who continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™. This patented technology is well known, industry wide, and has gained Onapsis recognition on the Deloitte Technology Top 500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.

For more information, please visit www.onapsis.com, or connect with us on TwitterGoogle+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.