An SAP landscape quickly becomes very complex. In addition, production and utility companies are highly dependent on their operating technology. In this context, platform security is an effective approach to SAP Security and OT Security. If hackers penetrate your IT infrastructure via a phishing attack, for example, they can use the tapped data to gain more and more authorizations by compromising or infecting one system after another. It is also conceivable that attackers could gain access to your enterprise IT via a modem on the production floor and encrypt hard disks.
To prevent this, you should link sensors across systems and monitor alarms 24/7. Alternatively, you can use the managed detection and response services of a professional cyber security defense center (CSDC). Thanks to Microsoft Threat Monitoring for SAP, data from complex SAP landscapes can be consolidated via a sensor so that it is available for further processing in the cloudnative SIEM system Microsoft Sentinel. Once connected to various SAP log sources, the sensor captures all data that flows into Sentinel via API for correlation and analysis. If the tool detects a threat, it generates alerts. Standardized rules form the basis for (partially) automated SOAR processes (Security Orchestration, Automation and Response): When an alert is received, an AI-based analysis of the captured event data is performed. Depending on the type of attack, predefined response measures are then initiated.