On 24 November 1859, Charles Darwin published a work of scientific literature, which today is considered to be the foundation of evolutionary biology titled “On the Origin of Species by Means of Natural Selection, or the Preservation of Favoured Races in the Struggle for Life”. Just like Biological Sciences, our IT security landscape today has also evolved from what it used to be in the last decade. Today the IT security mantra is changing or has changed from prevention to detection. To coin it in a Darwinian way, the IT Security evolution could be simply put as “On the Origin of Threats by means of Advanced Persistent Attacks, or the Preservation of Secure Businesses in the Struggle against Cyber Attack”
Hardly a week goes by without another horror story of a business, organization or government agency getting hacked. The sizes of the security breaches are getting bigger, with the massive growth in breaches that have occurred over the last 24 months (USIS/OPM, SONY, The Pentagon, The State Department, IRS, Ashley Madison, T-Mobile/Experian, Hospital Medical Devices), and the attacks coming from more sources: Internal and external, possibly including states sponsored attacks, along with more familiar cybercriminals and vandals. It becomes hard for anyone other than the most obstinate of security professionals and vendors to deny the fact that 2 decades of blocking and prevention technologies have failed – at least in part
The SAP security landscape is not left behind in all of these. Report reveals that conventional gateway proxy/NGFW, and SIEM solutions still allow the outbound communication of malware to C&C servers. As malware are also constantly evolving and targeted towards SAP systems, it is imperative to begin to think out of the prevention space and now channel resources towards detection of the anomaly. In a work done by a research company – Seculert, they examined a subset of its installed base environments that included nearly 800,000 client devices, generating nearly 62 billion total communications emanating from Fortune 2000 Companies in North America, the findings were totally shocking: Out of the 62 billion total communications observed,
- Nearly 3 million attempted malicious outbound communications were from infected devices.
- Three of the six gateways observed allowed 90+ percent of the infected devices to send communications to the malware’s perpetrators.
- Roughly two percent of all devices analyzed were infected, and every environment had infected devices that were allowed to communicate out.
As we hit a new all-time reality which is here to stay we are absolutely shocked to note that most enterprise networks are already breached from set up inception (either by virtue of published vulnerabilities or 0-days), and between 4 – 7 % of ALL enterprise endpoints are infected at any given time, making the endpoint controlled by an attacker the beachhead in your internal trusted Network. We must understand that this is no longer business as usual. With an Endpoint easily controlled by an attacker/attack group, attackers stands the leeway to operate freely, pivoting from one point to the other, doing as he/she so wishes yet remaining invisible to your traditional Intrusion prevention systems especially in your SAP landscape which ab-initio your IDS does not understand SAP traffic anyway. It is only a question of time before the attackers infiltrates sensitive data to cause damage and perhaps further damage.
As I have continued to note that most organizations that run SAP, there is usually a misguided notion that, by default they are safe from this evolution in the same manner that the dinosaurs thought they were safe until the completion of the Jurassic age. Whereas dinosaurs had no chance, the good news is that we live in an era where our survival as a business is largely dependent on the actions we take or do NOT take! organizations running SAP can now take conscious decisions to protect their landscape and survive the cybersecurity evolution.
No doubt the number and types of cyberattacks have increased, so has the range of IT security technologies being developed to protect the IT systems of businesses, government agencies and other organizations. From a strategy/ policy point of view. organizations must ultimately realise that securing a ‘network’ is a very different problem than securing an ‘information superhighway’, to say nothing of securing ‘cyberspace’. Likewise, to secure an ‘Enterprise Applications like SAP’ is a whole different problem. Hence, organizations need to begin to take some conscious actions like:
- Create a sustainable framework that allows the SAP security teams and IT security teams to be able to share information and work together; this will enable the Standard IT security team to begin to understand SAP security concepts that are initially would have remained unknown.
- Further train the SAP security team in IT Security concepts so as to understand that SoD is not the almighty formulae that solves all security challenges on SAP.
- Knowing that IT & SAP Security today has gone beyond Tradition but now ONLY a respecter of Innovation; Prevention is surely Necessary but insufficient. To survive the evolution of species, detection strategies is Key for the world today.
For more information, please write to email@example.com, your SAP cybersecurity challenges is not peculiar to you and you can still be helped