Solutions & Products

SAP Security and OT Security

For a trouble-free production!

SAP Security and OT Security - to keep your production running!
Infrastructure Services

SAP Security and OT Security

Dealing with SAP security and OT security is certainly a complicated challenge. But there is no alternative. After all, cyber attacks on SAP systems and operational technology (OT) can have devastating consequences. So what needs to be done?

For a trouble-free production!

As omnipresent backbones, SAP and OT are necessary for smooth business processes in many companies. It is, therefore in the best interest of companies to protect their SAP and OT system landscape as best as possible. In practice, however, there are many gaps when it comes to SAP and OT security. Ransomware attacks on SAP and the operational technology can have serious consequences: If a hacker brings the SAP system to a shutdown, the entire production process may come to a halt. That alone is bad enough. But production lines are usually indispensable components of complex supply chains. If these are disrupted, the existence of the affected companies can be jeopardized. The effects of attacks on critical infrastructures (CRITIS), such as water pipes or gas pipelines of energy suppliers, are even more severe. That is why manufacturing companies and CRITIS are well advised to pay the utmost attention to their SAP security and OT security. The following four expert tips can help.

Tip 1: Understand SAP Security and OT Security as a business process.

You are certainly one of those companies aware of the permanent threat of attacks. But are you also making the mistake of relying on the expertise of compliance managers, security experts, and hacker nerds? The problem is that these specialists deal with SAP security and OT security on a theoretical level. That's why they usually operate separately from other processes and teams in the company. But to effectively secure your business, you need to understand SAP security and OT security as a business process that involves all relevant groups of people. Only in this way can you develop tailored strategies for SAP security and OT security and derive suitable practical measures - such as deploying appropriate security technology. Only when you understand cyber security as a critical business process that needs to be carefully modeled, controlled with metrics, monitored with tools, and continuously optimized can you make progress regarding SAP security and OT security. 

Reading tip

In our whitepaper SAP Security for trouble-free productionYou will learn why no amount of money can buy SAP security and how you can ensure SAP security in the long term.

Tip 2: Promote dialog between management, IT and production.

Understanding SAP Security and OT Security as a business process goes hand in hand with overcoming departmental boundaries and silo thinking in favor of a process-oriented organization. Ultimately, this means that all relevant teams begin an interdisciplinary exchange. This applies above all to management, IT and production. Because sometimes management lacks a precise idea of how important SAP Security and OT Security are for smooth business operations. The IT department can help to convey this understanding. It is particularly important to take the perspective of the blue collar workers, the employees in production. They know exactly how a potential shutdown of machine A will affect production line B.

OT vs. IT

While information technology (IT) is concerned with managing, processing, storing, and making available data of all kinds, operational technology (OT) is primarily used to control and monitor production. In this context, OT includes plant and machinery, production-relevant hardware and software, and - in the age of Industry 4.0 - also IoT gateways and control systems. The goal of using operational technology is primarily to prevent unplanned and thus very costly downtime in production.

Tip 3: Use modern technologies for SAP Security and OT Security.

In addition to a process-related understanding of SAP Security and OT Security and a cross-functional dialog, powerful security solutions are required. In recent years, technology has evolved significantly: from network analysis to cross-system detection to platform security.

  • Network analysis: 
    Some time ago, it was common practice to analyze the network and correlate log files with a SIEM (Security Information and Event Management) system to obtain indications of possible threats - a pure detection measure. Although a targeted response can be derived from the correlation results, it cannot be implemented directly. Since most data transmission today is encrypted, network analyses alone are no longer state-of-the-art.
  • Cross-system detection: 
    Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are two new methods for processing sensory data from different sources. An EDR tool can be used to record events, such as a user login, the opening of a file, and established network connections, on endpoints such as PCs, notebooks, tablets, and smartphones. In addition, XDR allows data to be automatically captured and linked across multiple attack vectors, such as emails, identities, devices, servers, cloud workloads, and networks.
  • Platform security: 
    If more and more data and systems are located in the cloud, it is only logical to implement effective measures for SAP security and OT security directly there. The platform solutions of the established hyper scalers have proven themselves here. Microsoft, for example, offers a complete security product range with a large number of ready-made components for SAP Security and OT Security, which you can quickly put into operation and configure for your individual business purposes: from the protection of users (PCs, identities, and e-mails) to the protection of various operating scenarios (own servers, on-premises in the data center as well as Azure, Google or AWS Cloud) to precisely those exceptional use cases such as SAP Security and OT Security. Moreover, such platforms are much more efficient to integrate than standalone solutions.

Tip 4: Link the sensors across systems.

An SAP landscape quickly becomes very complex. In addition, production and utility companies are highly dependent on their operating technology. In this context, platform security is an effective approach to SAP Security and OT Security. If hackers penetrate your IT infrastructure via a phishing attack, for example, they can use the tapped data to gain more and more authorizations by compromising or infecting one system after another. It is also conceivable that attackers could gain access to your enterprise IT via a modem on the production floor and encrypt hard disks.

To prevent this, you should link sensors across systems and monitor alarms 24/7. Alternatively, you can use the managed detection and response services of a professional cyber security defense center (CSDC). Thanks to Microsoft Threat Monitoring for SAP, data from complex SAP landscapes can be consolidated via a sensor so that it is available for further processing in the cloudnative SIEM system Microsoft Sentinel. Once connected to various SAP log sources, the sensor captures all data that flows into Sentinel via API for correlation and analysis. If the tool detects a threat, it generates alerts. Standardized rules form the basis for (partially) automated SOAR processes (Security Orchestration, Automation and Response): When an alert is received, an AI-based analysis of the captured event data is performed. Depending on the type of attack, predefined response measures are then initiated.

Defying Hackers with SAP Security and OT Security

Cybercrime is a lucrative business that can not only impact the economic situation of your company, but also poses a threat to critical public infrastructures. To avoid giving attackers a chance, you'd better arm yourself yesterday rather than tomorrow: By understanding SAP Security and OT Security as a business process - and not as a topic detached from the business. It is much more important to internalize the practical relevance of your IT and OT, to derive concrete protection goals from this, and to take measures such as implementing a modern, high-performance security solution.

Whitepaper SAP Security

Maximum SAP security is vital for the survival of production companies and KRITIS. Download the "SAP Security" whitepaper now and take adequate measures!

SAP Security: Managed SAP Connector for Microsoft Sentinel

Enhance your SAP security with the world's first and only detection solution Microsoft Sentinel Threat Monitoring for SAP (previously: SAP Connector for Microsoft Sentinel).

Cyber Care & CDC

Managed Detection and Response: Your path to greater cyber security thanks to MDR services from an experienced CDC.

Managed Microsoft Security

Managing Microsoft 365 Defender and Azure Defender professionally.

Your Microsoft Threat Protection Engagement Workshop

Microsoft Threat Protection Workshop: Uncover vulnerabilities in your Microsoft environment and learn how to increase your IT security significantly.

Written by

Andreas Nolte
Expert for Cyber Security