Q&A: Securing SAP ERP Systems with CyberArk

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Privileged accounts exist in every layer of an ERP system implementation, from the underlying infrastructure to the enterprise applications powering the business. In the right hands they help safeguard business-critical assets and data. In the wrong hands they can be used to disrupt operations and steal confidential information.

In a recent, popular On the Front Lines webinar, we explored critical challenges enterprises face in protecting SAP ERP systems, and we also gave a quick demo of the CyberArk SAP Certified Privileged Access Security Solution. We had a large audience and a number of technical questions were raised and addressed during the session. Following are some excerpts. You can also read presentation takeaways or tune in to the full webinar and demo on demand.

Q: What type of configuration in SAP is required to set up SAP with CyberArk?

You don’t have to do anything specific inside SAP to start managing privileged credentials with CyberArk. Since we use the native SAP API to rotate credentials, the CyberArk solution will appear just like any other SAP client from the outside to SAP, and therefore, no special changes or installations are required.

You can utilize CyberArk SAP Scanner to detect privileged accounts across the SAP system. Once you have a good handle on where these accounts exist and how many there are, you can automatically onboard these privileged SAP accounts through a configuration within the CyberArk Enterprise Password Vault leveraging the CyberArk REST API. Within minutes, you can apply policies to effectively manage these credentials in a single location and prevent unauthorized access to critical systems. Additionally, you can begin to rotate and update credentials at regular intervals or on demand (based on policy), including managing the sensitive DDIC credentials used in the SAP upgrade process.

Q: Does CyberArk integrate with SAP HANA Database and SAP Java Portal?

Through CyberArk’s partnership with SAP, Certified by NetWeaver we integrate with SAP HANA – you can view details of this integration on the CyberArk Marketplace, as well as several other SAP integrations including SAP Concur, SAP GUI, SAP Sybase ASE Database – Adaptive Server Enterprise and SAP Sybase ASE ODBC Driver.

For integration needs for Java Portal, please get in touch with your CyberArk representative, so we can learn more about your integration needs. We’re more than happy to work with you on a customized solution, and we continue to add new integrations to the CyberArk Marketplace regularly.

Q: How long can you store session recordings and histories?

Session information storage time can be configured to your organization’s specific needs. You can keep them for one year, five years or longer as required. You can also specify where these recordings are stored. For example, you can store the SAP recordings within CyberArk and the operating system recordings elsewhere if you choose.

Remember that the average lag time from a breach to discovery is 99 days. If you’re deleting your recordings after just three weeks, you’re going to lose a lot of material that could be helpful during a forensics process. A best practice for SAP-related recordings is to store them for about 18 months.

Q: Can you explain how override accounts work in SAP environments?

A reconciled user inside the CyberArk solution is a privileged account on the target system inside SAP that can be used to override the password of other privileged accounts. As an example, imagine you would have the password of DDIC, which is not synchronized anymore. In other words, something went wrong or perhaps somebody actually modified the password during the session manually. You can use a reconcile account to override that password. Of course, adequate privileges are required to perform such an override action. The recommendation here would be to use a very powerful, high privileged user.

Editor’s Note: These responses have been edited for clarity and brevity. Have additional questions about protecting your ERP applications and systems? Check out the following resources or get in touch with us.

The post Q&A: Securing SAP ERP Systems with CyberArk appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
991 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
7 COMMON PRACTICES THAT MAKE YOUR ENTERPRISE VULNERABLE TO A CYBER ATTACK
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

i2p Networks, Tor and Freenet Features: Pros + Cons
Views: 77 / January 23, 2019
DNS Rebinding – Behind The Enemy Lines
Views: 2437 / January 19, 2019
My IT Learning Journey
Views: 2844 / January 18, 2019
A New Age of Digital Interconnection
Views: 2267 / January 18, 2019
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel