Security company builds intrusion detection system for SAP

The product, Onapsis IPS, is a set of signatures for IPS appliances tuned to detect SAP exploits

Security company Onapsis released on Wednesday a product that allows intrusion detection systems to recognize attacks against SAP applications holding critical financial and business data.

The product, called Onapsis IPS, is a collection of signatures, or tell-tale signs that a hacker may be trying to exploit an SAP system, said Mariano Nunez, CEO of Onapsis, headquartered in Boston. Onapsis conducts penetration testing and vulnerability assessment for SAP software.

Large enterprises use SAP's ERP (enterprise resource planning) and CRM (customer relationship management) software to manage payroll, invoices and supply chains, forming a central part of how a business is electronically managed. The applications handle very sensitive information.

In the last few years, SAP software has come under increasing scrutiny from security researchers and hackers, Nunez said. SAP has been releasing around 60 patches a month for its systems and has released more than 2,000 security patches since 2010.

The number of patches poses a problem for system administrators, who often must shut down the software and test it to make sure the patches work. It's complicated work that takes a long time.

"Many organizations don't apply SAP security patches promptly," Nunez said. "Some of them do not even apply them at all."

The time in between when an attack becomes public and when the patch is applied is an open window in which hackers could successfully attack. Although many companies have intrusion protection or detection systems (IPS/IDS), those systems are not tuned to detect SAP attacks.

To solve that problem, Onapsis has developed Snort signatures, which can be imported into most IPS/IDS appliances on the market. Nunez said Onapsis thought it was better to write signatures rather than build a separate appliance, he said.

Once the signatures are imported, administrators can decide then whether they want to stop an attack or be sent an alert when one is under way, Nunez said. SAP attacks are rarely publicized widely, which has lead to a lower awareness for enterprises even though a breach could have a significant impact on their business if data was compromised.

"What we found is many organizations told us they have never been hacked but they don't have any security auditing feature enabled," Nunez said. "The only truth is they really don't know. The fact they have never seen any alerts really doesn't mean it is not happening."

Onapsis IPS will be sold as an annual subscription, with new signatures sent monthly, Nunez said. The price is based on the number of IP addresses connected to the SAP software, he said.

Among the company's other products is X1, a tool that will allow companies to test their ERP (enterprise resource planning) software for vulnerabilities and shows how those problems could reveal critical business information and how to fix them.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?