ERPScan: Security Scanning & Patch for SAP and Oracle

ERPScan’s technology closes the gap between technical and business security, their solutions and services monitor and secure ERP systems and business-critical applications from both cyber-attacks and internal fraud.

Located in the Palo Alto and Amsterdam, local offices and partner network spanning 20+ countries around the globe. This enables monitoring cyber threats and collect threat intelligence data in real time while providing an agile customer support for large enterprises and Fortune 2000 companies.

ERPScan Research – Leadership in ERP Security

  • 200+ vulnerabilities in top vendors including SAP and Oracle;
  • 60+ innovative presentations at security conferences in 25+ countries;
  • Award-winning research paper series “SAP Security in Figures”;
  • Revealed 3 most critical issues in SAP;
  • Experts in different areas from Mobile and Cloud to Hardware and IOT.

Issues with SAP Security

SAP security assessment is a process that requires dedicated time. Additionally, since these are complex systems to operate coupled with an array of different installation types, the need for different divisions of security specialists is urgent. Even the application server may be based on either ABAP, J2EE, HANA, or another platform, and they require completely different specialists, not to mention particular applications and modules, which amount to more than 50.
SAP security is a combination of 3 different areas: Vulnerability Management, Source Code Security and Segregation of Duties, where unique knowledge for each area is required. Manual in-depth assessment of an SAP landscape is time-consuming because of the varying vulnerabilities and configurations on top of the issues related to user access control.

The Security Solution

ERPScan Security Monitoring Suite allows for easy assessment by automating general checks thereby permitting undivided focus on the analysis of specific applications channeled to meet precise needs. Overall, it gets the job done quickly.
Penetration testers, for instance, can use the existing tools along with a vast variety of checks that can be launched anonymously along with precise data for conducting attacks.

ERPScan's unique set of exploits can target certain SAP systems along with unlimited access to business data are available. Have that competitive edge by offering source code security scanning, access control checks along with seamless continual penetration testing and security assessments.

Consulting companies can save on time by using the automatic checks in the customer's SAP landscape against multiple standards and guidelines like SOX, PCI, NERC CIP standards, ISACA DSAG and EAS-SEC recommendations and industry-specific guidelines.

Gain a competitive edge with regards to quality and speed of work since your concentration focuses on specific areas rather than manual analysis of typical issues.

Real Benefits

Comply with standards such as: SOX, PCI-DSS, NERC, CIP, SAP security guidelines and various other SAP specific recommendations;

  • Use our large knowledge base compiled by information security professionals and SAP experts. It helps understand the discovered security issues easily along with remediation steps so that even inexperienced SAP professionals can infer to them;
  • Automate routine by identifying 7500+ misconfigurations and 3000+ vulnerabilities across all types of SAP Platforms (ABAP, JAVA, HANA, BOBJ, Mobile), Systems and Industry solutions;
  • Automatically exploit vulnerabilities, identify weak passwords, and execute multi-stage attacks and post-exploitation;
  • Magnify your competitive edge by offering source code security scanning and access control along with regular SAP penetration testing and SAP security assessments;
  • Get rid of time consuming manual analysis and embrace time management with the hourly system analysis and 2-minute scans against critical issues instead of spending weeks.