Companies Partner in Advanced Cyber Threat
Intelligence Capabilities to Mitigate Active Threats Against
Unprotected SAP Applications; Free Onapsis Offering Helps Customers
Rapidly Assess and Mitigate Risk
SAP (NYSE: SAP) and Onapsis today jointly released a cyber
threat intelligence report providing actionable information on how
malicious threat actors are targeting and potentially exploiting
unprotected mission-critical SAP applications. The companies have
worked in close partnership with the U.S. Department of Homeland
Security (DHS) Cybersecurity and Infrastructure Security Agency
(CISA) and Germany’s Federal Cybersecurity Authority (BSI),
advising organizations to take immediate action to apply
long-available SAP patches and secure configurations, and perform
compromise assessments on critical environments.
SAP and Onapsis are not aware of known customer breaches
directly related to this research. The report also does not
describe any new vulnerabilities in SAP cloud software as a service
or SAP’s own corporate IT infrastructure. Both companies, however,
note that many organizations still have not applied relevant
mitigations that have long been provided by SAP. Customers who fail
to apply these protective measures and allow unprotected SAP®
applications to continue to operate put themselves and their
business at risk.
The intelligence captured by Onapsis and SAP highlights active
threat activity seeking to target and compromise organizations
running unprotected SAP applications, through a variety of
cyberattack vectors. Observed exploitation techniques would lead to
full control of the unsecured SAP applications, bypassing common
security and compliance controls, and enabling attackers to steal
sensitive data, perform financial fraud or disrupt mission-critical
business processes by deploying ransomware or stopping operations.
These threats may also have regulatory compliance implications for
organizations that have not properly secured their
environments.
“This proactive research effort is the latest example of our
commitment to ensure our global customers remain protected,” said
Tim McKnight, chief security officer, SAP. “We’re releasing the
research Onapsis has shared with SAP as part of our commitment to
help our customers ensure their mission-critical applications are
protected. This includes applying available patches, thoroughly
reviewing the security configuration of their SAP environments and
proactively assessing them for signs of compromise.”
The scope of impact from these specific vulnerabilities is
localized to customer deployments of SAP products within their own
data centers, managed colocation environments or
customer-maintained cloud infrastructures. None of the
vulnerabilities are present in cloud solutions maintained by
SAP.
“As a SAP partner for cybersecurity and compliance, we have
observed firsthand the outstanding improvements SAP has made in the
recent years to develop more secure software, patch critical
vulnerabilities faster and overall proactively ensure SAP customers
are secure,” said Mariano Nunez, CEO and cofounder of Onapsis. “The
critical findings noted in our report describe attacks on
vulnerabilities with patches and secure configuration guidelines
available for months and even years. Unfortunately, too many
organizations still operate with a major governance gap in terms of
the cybersecurity and compliance of their mission-critical
applications, allowing external and internal threat actors to
access, exfiltrate and gain full control of their most sensitive
and regulated information and processes. Companies that have not
prioritized rapid mitigation for these known risks should consider
their systems compromised and take immediate and appropriate
action.”
To support customers that require investigation, threat
remediation and additional post-compromise security monitoring,
Onapsis is offering a 3-month free subscription to the Onapsis
Platform for Cybersecurity and Compliance, an SAP endorsed app that
can be accessed through SAP Store.
About Onapsis
Onapsis protects the mission-critical applications that run the
global economy, from the core to the cloud. The Onapsis Platform
uniquely delivers actionable insight, secure change, automated
governance and continuous monitoring for critical systems — ERP,
CRM, PLM, HCM, SCM and BI applications — from leading vendors such
as SAP, Oracle, Salesforce and others.
Onapsis is headquartered in Boston, MA, with offices in
Heidelberg, Germany and Buenos Aires, Argentina. We proudly serve
more than 300 of the world’s leading brands, including 20% of the
Fortune 100, 6 of the top 10 automotive companies, 5 of the top 10
chemical companies, 4 of the top 10 technology companies and 3 of
the top 10 oil and gas companies.
The Onapsis Platform is powered by the Onapsis Research Labs,
the team responsible for the discovery and mitigation of more than
800 zero-day vulnerabilities in mission-critical applications. The
reach of our threat research and platform is broadened through
leading consulting and audit firms such as Accenture, Deloitte, IBM
and PwC — making Onapsis solutions the standard in helping
organizations protect their cloud, hybrid and on-premises
mission-critical information and processes.
For more information, connect with us on Twitter or LinkedIn, or
visit us at https://www.onapsis.com.
About SAP
SAP’s strategy is to help every business run as an intelligent
enterprise. As a market leader in enterprise application software,
we help companies of all sizes and in all industries run at their
best: 77% of the world’s transaction revenue touches an SAP system.
Our machine learning, Internet of Things (IoT) and advanced
analytics technologies help turn customers’ businesses into
intelligent enterprises. SAP helps give people and organizations
deep business insight and fosters collaboration that helps them
stay ahead of their competition. We simplify technology for
companies so they can consume our software the way they want —
without disruption. Our end-to-end suite of applications and
services enables business and public customers across 25 industries
globally to operate profitably, adapt continuously and make a
difference. With a global network of customers, partners, employees
and thought leaders, SAP helps the world run better and improve
people’s lives. For more information, visit www.sap.com.
# # #
Any statements contained in this document that are not
historical facts are forward-looking statements as defined in the
U.S. Private Securities Litigation Reform Act of 1995. Words such
as “anticipate,” “believe,” “estimate,” “expect,” “forecast,”
“intend,” “may,” “plan,” “project,” “predict,” “should” and “will”
and similar expressions as they relate to SAP are intended to
identify such forward-looking statements. SAP undertakes no
obligation to publicly update or revise any forward-looking
statements. All forward-looking statements are subject to various
risks and uncertainties that could cause actual results to differ
materially from expectations. The factors that could affect SAP's
future financial results are discussed more fully in SAP's filings
with the U.S. Securities and Exchange Commission ("SEC"), including
SAP's most recent Annual Report on Form 20-F filed with the SEC.
Readers are cautioned not to place undue reliance on these
forward-looking statements, which speak only as of their dates.
© 2021 SAP SE. All rights reserved.
SAP and other SAP products and services mentioned herein as well
as their respective logos are trademarks or registered trademarks
of SAP SE in Germany and other countries. Please see
https://www.sap.com/copyright for additional trademark information
and notices.
Note to editors: To preview and download
broadcast-standard stock footage and press photos digitally, please
visit www.sap.com/photos. On this platform, you can find high
resolution material for your media channels. To view video stories
on diverse topics, visit www.sap-tv.com. From this site, you can
embed videos into your own Web pages, share video via email links,
and subscribe to RSS feeds from SAP TV.
Please consider our privacy policy. If you received this press
release in your e-mail and you wish to unsubscribe to our mailing
list please contact press@sap.com and write Unsubscribe in the
subject line.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20210406005506/en/
For customers interested in learning more about SAP
products: Global Customer Center: +49 180 534-34-24 United
States Only: 1 (800) 872-1SAP (1-800-872-1727)
For more information, press only: Michael Baxter, +49 151
17196185, m.baxter@sap.com, CET Julia Fargel, +1 650 276 8964,
Julia.Fargel@sap.com, PT SAP Press Room; press@sap.com
SAP (NYSE:SAP)
Historical Stock Chart
From Mar 2024 to Apr 2024
SAP (NYSE:SAP)
Historical Stock Chart
From Apr 2023 to Apr 2024