Why SAP Customers Need Fine-Grained Control And Visibility?

    Onapsis recently discovered a critical vulnerability of the SAP (CVE-2020-6287 or RECON), which gives attackers complete control over vulnerable business applications. It enables hackers to gain unauthenticated access to SAP, and then create new user accounts with privileges of admin (superuser). A malicious hacker can inflict massive damages with these privileges, including stealing data, changing bank account numbers, altogether sabotaging systems, etc.

    RECON and 10KBLAZE Share Similarities

    Very similar to the 10KBLAZE vulnerability of 2019, the RECON vulnerability attacks the confidentiality, availability, and integrity of the SAP ERP data and processes. Both RECON and 10KBLAZE leverage a lack of visibility and control while targeting SAP data security.

    The recommendations of the Cybersecurity and Infrastructure Security Agency (CISA) for SAP products users and administrators focus on the need for monitoring systems, transactions, accounts creation, and access to and usage of data. This is where many SAP ERP customers struggle as achieving fine-grained controls and visibility are complex and, at times, prohibitive with native functionality.

    Fine-Grained Visibility and Control: The Second Layer of Defense

    RECON and 10KBLAZE highlight the inadequacy of a single, static layer of security within SAP in combating modern-day SAP data security threats. SAP ERP customers need to add another layer of defense with an all-encompassing suite of fine-grained, risk-aware access controls, and adequate monitoring of data access and usage.

    The following suggestions will help you minimize your threat surface and the risks that RECON and future vulnerabilities may pose: 

    In a dynamic security environment, in addition to recommended security patches (that are a must), attribute-based access controls (ABAC) are essential.

    RECON and 10KBLAZE both take advantage of the vulnerabilities in SAP’s open, internet-facing (think remote access) components. The implementation of data-centric, risk-aware controls using ABAC is recommended. ABAC prevents specific transactions such as user provisioning when access originates from IP addresses that are untrusted (or IP addresses outside of your whitelist), specific geographic locations, beyond work hours, mobile devices, and many other contextual attributes. Fine-grained visibility and control can be implemented to block high-risk activity, such as creating a user account (or privilege changes) when access comes from outside the corporate network, and those activities that match the patterns of RECON attacks.

    Visibility into Data Access and Usage: Essential to Address Configuration Gaps

    Both RECON and 10KBLAZE focus on creating unauthorized, high privilege user accounts. In this scenario, a real-time analytics solution that captures and visualizes data access and usage is needed. This is essential to monitor user provisioning activities such as user creation/deletion, and changes in role/profile. Minimizing the damage by reducing the amount of time a threat goes undetected calls for the earliest possible risk detection.

    Preparing for Next Critical SAP Vulnerability by Layering Your Defenses

    RECON is not the first critical vulnerability, nor will it be the last, to affect SAP. While security patches are available to ensure SAP data security, these may take time and resources to implement, leading to significant downtime for production systems. The time required to apply the patches also depends on the complexity and the components involved. Keep up to date on system updates anyway, but bugs such as RECON and 10KBLAZE serve as a reminder that patches are not enough to ensure complete SAP data security.

    Recent Articles

    Identity and Access Management: Some Challenges

    In today's digital age, there are more apps that are cloud-based, more resources, more devices, and more users. 94 percent of Chief...

    Insider Threats: Some Ways Of Detection and Prevention

    The leading cause of data breaches worldwide is insider attacks, and it is also among the most expensive. As per a recent...

    Strategies To Deal With Identity Management Oversights

    In today's digital age, the foundations of companies' cybersecurity are focused on 'identity.' In fact, the new digital perimeter is identity. Businesses...

    Tips To Prevent Business Risks in SAP Transactions With Access Control

    Since SAP's controls that are harnessed by fraudsters have certain crucial vulnerabilities, SAP transactions could be a fertile ground for data theft...

    Tips To Enable Easy Access To ERP Applications

    In this digital era, enabling mobile access to ERP data is one of the main priorities for many enterprises. And it has...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox