What Is SAP Enterprise Threat Detection?

For SAP customers focused on enhancing real-time threat detection capabilities, SAP Enterprise Threat Detection is a robust solution to identify and notify the “who,” “what,” and “how” of an attack.

In a real-time approach, the solution enables organizations to stop internal and external threat actors in their tracks. The purpose of this blog post is to provide an overview of the features, benefits, architectural options, and details needed to start your journey with SAP Enterprise Threat Detection.

SAP Enterprise Threat Detection Options and Features

First, SAP Enterprise Threat Detection is available in three editions/deployment models:

• SAP Enterprise Threat Detection: On-premise deployment in a data center or in a private cloud.
• SAP Enterprise Threat Detection, private cloud edition: An SAP-managed service, as a part of SAP Cloud Application Services for advanced security and compliance.
• SAP Enterprise Threat Detection, cloud edition: An SaaS offering.

The choice between these three editions depends on your requirements, but an important aspect to keep in mind are that pricing and feature sets do differ.

Some key features of SAP Enterprise Threat Detection include the following:

• Log source consumption: SAP Enterprise Threat Detection consolidates security logs from various SAP systems, enabling extensive flexibility to consume and enrich log data from a multitude of standard and non-standard log sources.
• Log analysis and pattern recognition: The solution utilizes machine learning algorithms and predefined rules to identify patterns and anomalies in system and audit logs. SAP provides predefined content packages consisting of patterns and monitoring pages and customers the ability to develop attack patterns and custom monitoring pages.
• Alert processing: Dynamic alerting to key stakeholders and external solutions provides real-time alerts and notifications when suspicious activities or potential threats are detected. Can configure customized rules and thresholds to trigger alerts based on specific events, thus enabling quick identification and response to potential security incidents.
• Investigation and incident handling: Integrated workflow to provide speedy response and detailed audit trails. SAP Enterprise Threat Detection offers comprehensive incident response capabilities, allowing security teams to investigate detected threats. It provides detailed forensics and incident analysis to understand the nature and impact of an incident to aid in effective remediation and to prevent future occurrences.
• Monitoring and reporting: SAP Enterprise Threat Detection provides intuitive reports and dashboards to assist in audit logging and security event compliance requirements by providing audit logs and reports. It assists in monitoring and addressing security vulnerabilities, ensuring adherence to industry standards and regulations. Intuitive reports and dashboards can be used to visualize events and alerts.
• Integration with SIEM solutions: Enabling alert publishing to centralize organization’s SOC and SOAR activities. SAP Enterprise Threat Detection can integrate with SIEM systems, allowing security teams to correlate SAP-specific threat information with broader security events across the enterprise. This integration enhances overall security monitoring and incident response capabilities.

Key SAP Enterprise Threat Detection Options Benefits

The SAP Enterprise Threat Detection tool facilitates real time threat monitoring for the entire SAP landscape. SAP Enterprise Threat Detection is a security event management solution that enables monitoring, detecting, analyzing, and thus neutralizing cyberattacks before causing any serious damage to the SAP environment. The key benefits of SAP Enterprise Threat Detection include the following:

• Real-time threat monitoring
  • Real-time data processing of events from connected SAP systems
  • Instant alert generation
  • Implementation of different log and event types within an SAP environment
• Tackling business-critical applications
  • Organizations can create their own use cases in addition to standard use cases. Some use cases include the following:
    • Monitor core business modules along with technical aspects of SAP environment
    • Tracking finance-critical activities including accounts payable (AP), accounts receivable (AR), general ledgers, etc.
    • Handling changes related to human resources (HR)-related info types including payroll, bank information, etc.
    • Monitoring master data changes which may affect vendors and customers
  • Ad-hoc analysis
    • Evaluate most frequently occurring vulnerabilities
    • Analysis of existing suspicious activities
    • Holistic view of vulnerabilities, impacted systems, log types, event types, etc.
  • Compliance strengthening
    • Comply with industry regulation in case of detection of vulnerabilities
    • Assist in enhancing process by analyzing generated alerts
  • Seamless integration
    • Threat detection at application as well as database level
    • Easy integration with other SIEM products
    • Smooth SAP specific log transfer to SIEM products from SAP Enterprise Threat Detection

Learn more about SAP security here.

Editor’s note: This post has been adapted from a section of the e-book Implementing SAP Enterprise Threat Detection by Mercedes Barrachina, Glen Hoaglund, Gaurang Joshi, and Ryan Throop.