What to do when there is an audit finding for SAP monitoring?

If a recent audit finding resulted in requirement for continuous SAP monitoring, Enterprise Threat Monitor offers a fully compliant solution.

Enterprise Threat Monitor comes preconfigured with hundreds of SAP specific attack detection and compliance violation rules including those that monitor for unauthorized access to critical data, exploitation of vulnerable SAP functions, malicious usage of debug privileges, and unauthorized creation of users.

This allows satisfying internal audit requirements for SAP as well as SoX, ISO and PCI-DSS. You can click following link for info about SAP and GDPR.

After an audit our Fortune 500 clients and government entities choose ETM to continuously monitor their SAP systems.


Detecting SAP attack patterns

Sample SAP Attack Detection Use Cases

  • SAP debugging is used for bypassing transaction authorizations
  • Failed logons of multiple SAP users from the same workstation
  • An unauthorized user assigned a critical SAP role to another user
  • An operating system command is executed using SAP functions


Detecting compliance violations

Sample SAP Compliance Use Cases

  • An SAP system is opened to changes
  • An HR terminated employee’s SAP account is used for connecting to an SAP system
  • Account sharing is detected
  • An incompliant security configuration is detected

Security Configuration

Detecting unintended changes

Sample SAP Security Configuration Monitoring Use Cases

  • Security configuration is changed
  • System modification settings are changed
  • A system configuration parameter is setup insecurely
  • Security audit logs are switched off