Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/28/2019
12:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IBM X-Force Red Adds Onapsis to Uncover Critical Vulnerabilities

Onapsis ERP technology will help IBM identify exploitable vulnerabilities in business-critical applications like SAP and Oracle.

Boston, MA - February 28, 2019 - Onapsis, the global leaders in ERP cybersecurity and compliance, today announced IBM Security’s team of veteran hackers, X-Force Red, will use its ERP technology to help organizations identify exploitable vulnerabilities in their business-critical applications. X-Force Red will use Onapsis’ ERP technology when performing vulnerability assessments and penetration testing against SAP and Oracle applications to help quickly uncover known and unknown vulnerabilities. 

Customers can access X-Force Red’s services through the X-Force Red Portal, the team’s cloud-based communications and collaboration platform.  Using the X-Force Red Portal, customers can sign up for tests and assessments, check their status, view findings as they are uncovered, view remediation recommendations, and communicate directly with X-Force Red testers, eliminating time-consuming back and forth and the manual sharing of spreadsheets. 

“We are very excited to be a part of X-Force Red’s vulnerability assessment offering. In the face of explosive growth in attacks to ERP systems, as evidenced by the US Department of Homeland Security releasing two critical alerts in the past three years, organizations have realized they must incorporate ERP continuous vulnerability assessment and monitoring into their security programs. With Onapsis’ patented ERP cybersecurity technology, combined with X-Force Red’s security expertise and attacker mindset, organizations can now quickly understand their security posture, and receive actionable information on how to ensure the core of their business is secure,” said Mariano Nunez, CEO and Co-founder, Onapsis Inc. 

“SAP and Oracle ERP are applications that many organizations use for sensitive business processes,” said Charles Henderson, Global Partner and Head of X-Force Red. “Because of their importance and the kind of data they hold, it is crucial these applications are scanned and tested continuously so that critical vulnerabilities can be remediated before attackers find them. Our collaboration with Onapsis will make that mission come to fruition.”   

X-Force Red delivers vulnerability assessment and security testing programs that focus on uncovering vulnerabilities across applications, hardware, personnel, internet-connected devices, networks, cars, ATMs, blockchain and just about everything else. The team is comprised of veteran hackers who apply the same tools, techniques, practices and mindset as attackers, uncovering exploitable vulnerabilities that may lead criminals to the crowned jewels.

This collaboration further highlights Onapsis’ increased effort on growing the global ERP security partner ecosystem. Onapsis also works closely with the IBM Security Services group for protecting, continuous monitoring, addressing compliance and enabling cloud migrations of some of the world’s largest organizations.

About Onapsis

Onapsis cybersecurity solutions automate the monitoring and protection of your SAP and Oracle applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis's solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC.

Onapsis solutions include the Onapsis Security Platform™, which is the most widely-used SAP-certified cybersecurity solution on the market. Unlike generic security products, Onapsis's context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs.

These solutions are powered by the Onapsis Research Labs, who continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. Onapsis has been issued U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™. This patented technology is well known, industry wide, and has gained Onapsis recognition on the Deloitte Technology Top 500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.

For more information, please visit www.onapsis.com, or connect with us on TwitterGoogle+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis, Inc. All other company or product names may be the registered trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0173
PUBLISHED: 2019-08-19
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
CVE-2019-11140
PUBLISHED: 2019-08-19
Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11143
PUBLISHED: 2019-08-19
Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11145
PUBLISHED: 2019-08-19
Improper file verification in Intel? Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11146
PUBLISHED: 2019-08-19
Improper file verification in Intel? Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.