23-05-2017

Together with ERP-SEC, Nextview is now offering an SAP Vulnerability Quickscan on the basis of the product Protect4SProRail has already used this service to scan the top five SAP systems for vulnerabilities, the scan found recommendations that can ensure an even safer IT landscape. These results provided good reason for ProRail to take out a subscription from our Vulnerability Quickscan service so they can regularly receive an overview of potential vulnerabilities throughout their entire SAP landscape.

Photo from de Volkskrant

 What is Protect4S?

Protect4S is an add-on for the SAP Solution Manager where vulnerability scans can be automatically run on SAP ABAP and Java systems. The scans are run based on a library of known vulnerabilities, safety risks, and SAP security patches. The library, which is accessible through subscription, is updated regularly with the latest developments. Protect4S delivers a clear report where the following is outlined:

– Insight into the immediate vulnerabilities for the given SAP system

– An estimate of the risk and the impact of the identified vulnerability (CVSS score)

– Assistance in determining the prioritization of mitigation

The initialization and execution of the scans are intuitive and the reports give clear instructions on how to resolve vulnerabilities. Protect4S doesn’t only provide benefits to the application managers, it also provides clear summaries that can be shown to those on the business side without the overarching message being lost in the technical details.

Protect4S Vulnerability Scan Information

Clear graphics and calculated scores allow viewers to see what the current situation is and are adjusted based on previous scans. This makes way for improvement programs regarding safety to be followed, even by people who have no previous knowledge in the matter.

Why run security scans?

A conclusion that came from the Quick Scan was that ProRail is up to date with the latest patches on the SAP systems. Then why should a scan with Protect4S be run regularly?

– Protect4S automatically selects the relevant security patches for the respective systems and says which should be applied.

– The risk of vulnerabilities does not come from SAP software only, so Protect4S also scans vulnerabilities like unsafe portals, configuration mistakes, and critical authorizations.

– New implementations and adjustments can cause new vulnerabilities, a regular scan can continuously judge the new situations.

Running security scans on a regular basis, with the help of the latest security advice, has helped ProRail to continuously maintain the security level of their SAP systems. Additionally, the results are evaluated by safety experts from Nextview and ERP-SEC, so the results of the scans can be supplemented by those with experience in the field.

Why Protect4S over other SAP tools?

Protect4S, developed by ERP SEC for the SAP Solution Manager, offers clear advantages over similar solutions in SAP’s Security Optimization Portfolio. Installation and configuration of the add-on is simple and guided by wizards. The execution of the scans can be automatically planned and have no effect on the normal operation of the SAP systems, making it possible for ProRail to learn the product via our Quick Scan service with little effort.

With this, the five most important systems can be scanned, returning a report where insights about the quality of system’s safety is given. The security scan can also be carried out on a regular basis, meanwhile, businesses remain well-informed about any new vulnerabilities and can continue to follow the given advice.