The Onapsis Security Platform is SAP-certified and is the first solution that combines a preventative, behavioral-based and context-aware detective approach for identifying mitigating security risks, compliance gaps and cyber-attacks on business-critical applications. These applications include ERP, CRM, HCM, SCM, SRM and BI solutions.
Through continuous monitoring, the Onapsis Security Platform delivers real-time visibility and protection for SAP applications, providing unmatched coverage across SAP NetWeaver ABAP, J2EE, HANA, Mobile and BusinessObjects platforms. It also provides compliance gap analysis and automates the security audit process for SAP applications. The platform integrates with network security, security management and SIEM solutions and workflows. Specific alarms can be sent and windows of vulnerability can be closed as detection and response actions are automatically triggered, including both alerting and actionable mitigation capabilities.
Onapsis provides vulnerability and threat research reports via the Onapsis Research Labs, a leading team of subject-matter experts. This team continuously delivers advanced threat protection to Onapsis customers. This integration ensures that the Onapsis Security Platform is updated to audit and detect the latest security and compliance risks to business-critical applications.
Built on top of the underlying platform are two solutions (sold separately) and an advanced threat protection subscription-based service. Combined, the complete solution set provides unparalleled vulnerability, compliance, attack detection and response capabilities:
· Vulnerability and Compliance Solution: Automatically discovers and maps all SAP infrastructure and generates graphical topology maps that analyze the interfaces between SAP systems. The solution automates the assessment of risks and vulnerabilities with the ability to tie business context into remediation planning processes. It also streamlines compliance gap analysis by automating audits of SAP applications and enforcing requirements based on policies, guidelines and industry regulations, such as SOX, PCI DSS, NERC, ISACA, SAP Security Guides and others.
· Detection and Response Solution: Continuously monitors for advanced threats and anomalous user behavior on SAP infrastructure. It provides real-time visibility into attacks with context provided by the Vulnerability and Compliance solutions. These capabilities help to determine if a detected attack is likely to result in a security breach. Real-time analytics reports detailing the likelihood and impact of threats against SAP systems are delivered to security operations teams. The solution leverages the most comprehensive knowledge-base of SAP-specific attack signatures and a proprietary SAP user monitoring engine. This allows organizations to detect malicious attacks to systems, including technical exploits or suspicious user activities. It also provides the ability to continuously monitor system configuration changes that may render organizations vulnerable to attack.
· Advanced Threat Protection Subscription: Proactively delivers attack information, through coordinated disclosure with SAP AG so subscribers receive automatic coverage against zero day threats for SAP systems not covered by traditional security tools. This works by incorporating the latest exploit protection from Onapsis Research Labs into the Detection and Response solution. In doing so, this reduces the window of vulnerability from months to hours, which allows SAP Basis teams to stay covered before patches become available.
Key functionality of the underlying Onapsis Security Platform:
· "Cloud ready" for MSSP
· Multi-tenancy
· Distributed architecture
· An open API for integration with third party security and compliance solutions
· Web-based user interface
· Role-based access controls
· Flexible asset tagging
· Secure storage and communication of sensitive data.
"Our research and engineering teams have been working with more than 130 customers and their Information Security, Compliance and SAP Basis teams to understand exactly what they need to be successful with SAP security. They have been asking for purpose-built solutions that are behavior-based, detective in nature, context-aware and provide detailed preventative methods to validate and prioritize potential risks on SAP business-critical applications. This new platform and its certification from SAP are in line with that vision and enable us to meet the needs of enterprise businesses across the globe," said Mariano Nunez, CEO and co-founder of Onapsis.