SAP platforms run the most critical business processes of the largest organizations of the world. These systems manage vital information for the business every-day operations, making them an attractive target for cyber-criminals and fraudsters. If breached, organizations can become susceptible to espionage, sabotage and fraud attacks that would result in severe economic losses.
Mariano Nuez Di Croce, Director of R&D, explains: "For several years, the Auditing and IT Security industries have considered that the deployment of SoD controls was enough to enforce the security of SAP systems". He adds that while this kind of controls is of absolute importance to the overall security of the SAP landscape, they are not enough: "there are many other threats that are overlooked and involve much higher levels of risk, such as the security vulnerabilities in the technological components that build up SAP platforms".
"Onapsis X1 allows organizations to perform continuous security assessments of their ERP platforms, helping them reduce audit costs, enforce compliance requirements and decrease financial fraud risks", commented Victor Montero, Onapsis Director of Executive Operations.
Backed by the industrys most comprehensive knowledge base of SAP security risks and an innovative patent-pending technology, the solution works by remotely connecting to every SAP component in the network, executes assessment modules to detect existing risks and provides a solid set of actionable reports, ranging from highly detailed vulnerability information and remediation plans to executive summaries suitable for higher management levels.
One of the most interesting features of the product is its BizRisk Illustration technology, which allows security officers to "demonstrate the business impact of existing technical weaknesses, explaining risk in a language that key business stakeholders do understand", Mr. Nuez Di Croce said.
While the product currently supports SAP solutions, features for the security evaluation of other popular ERPs, such as the ones provided by Oracle and Microsoft, are currently under development.
More information about Onapsis X1 can be found at www.onapsis.com/x1.