Legacy ERP Systems: Impediments To Quick Incident Response

    The investigation and resolution of many ERP incidents takes a long time. As workers face major obstacles in addressing incidents in a timely manner, it is challenging to provide business lines with outstanding customer service.

    The timely resolution of ERP incidents has three major obstacles.

    1: Legacy ERP logs don’t inform you about access to data

    Most individuals using an ERP software such as PeopleSoft do not know who does what, who accesses what information, or, most importantly, why. You probably need to find out first if this is something the user did or if hackers got access to the computer, and you will need to figure out whether this is an internal job or an external attack.

    And whereas the logs can show you the right way, in most instances, the legacy ERP logs are not intended to provide detailed information about who accessed or even viewed something confidential. This results in the second hurdle.

    2: Disparate ERP logs

    ERP logs are intended for troubleshooting, not tracking granular tasks, leading to the failure of corporations and company departments to realize what their employees are doing inside the applications. In PeopleSoft, here’s an example of all the native logs you may find:

    1. App Server

    2. Database

    3. PIA (Web Server)

    4. Identity Provider (SAML, LDAP, ADFS)

    5. Process Scheduler

    6. Load Balancer

    7. Firewall

    8. Host O/S Logs

    There is probably more than one of these servers in your business where these logs reside. For the program, you might have many computers, web servers, and so on. And there is no connection between that data, so you have little relative background to start your investigation.

    Here is an example of logs being used for the App Server and Web Server. Since you do not know the OPRID on the Web server, you are unable to identify the person who signed in. All you have is the IP address and a timestamp. You need to visit the App Server and check the login or log-out of your OPRID, timestamp, and IP address and try to match that information with similar Web Server information.

    3: Log data that lacks context

    When the team has gathered data from the logs and assembled information from other sources, the final step is to evaluate it and make a best guess so that an action item can be generated. How actionable and useful is a list of raw data, such as IP addresses, user IDs, device locations, completed transactions, etc., if you are unable to bring the data into a human context?

    The Solution

    Clear, actionable insight is needed to provide the organization with an understanding of what happened to their ERP data. Data protection and analytics applications that log granular user data access compare existing ERP logs, enrich data with contextual attributes (who, where, when, what device, etc.), and display access and usage of ERP data on the dashboard are available. Now, security teams can easily look at data access from user IDs, IP addresses, locations of machines, accessed websites, etc., and very quickly understand the truth behind an incident. Without background, you lack insight. Context presents actionable insights on access to and use of data. The organization is backed by actionable insights and gives value to key stakeholders.

    Recent Articles

    Em ganho para isso

    Corrigir esses jogos pode não ser tão emocionante quanto os caça-níqueis de televisão, alguns desses jogos de cassino merecem atuação. Por último, os benefícios...



    Schließlich können Sie

    Darüber hinaus zeichnen sich Echtgeld-Pot-Slots durch schöne Kunst und Vokale aus. Um zu entscheiden, welches Casino die Außenflanke für Sie ist, nehmen Sie dasjenige, das...

    Identity and Access Management: Some Challenges

    In today's digital age, there are more apps that are cloud-based, more resources, more devices, and more users. 94 percent of Chief...

    Insider Threats: Some Ways Of Detection and Prevention

    The leading cause of data breaches worldwide is insider attacks, and it is also among the most expensive. As per a recent...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox