SAP’s latest threat: why you should rethink your ERP security

In April, security firm Onapsis posted about a new threat facing SAP customers. Onapsis called it ’10kBLAZE.’ It’s a threat that its researchers have estimated could impact over 50,000 companies worldwide. 10kBLAZE allows hackers to access, steal or edit any data that sits in your SAP system.

These exploits can be executed by a remote, unauthenticated (no username and password) attacker having only network connectivity to the vulnerable systems.

Onapsis Threat Report

SAP’s flawed security patching model

This “latest” threat was first found and patched by SAP in its Hot News security bulletin in 2013. This patch provided detailed instructions on how to secure your SAP systems to prevent this exploit.

But according to Onapsis, only one in ten companies have implemented the patch, even after six years!

This delay is surprising. The actions needed to secure your SAP system from this are quite simple as far as security patches go. It involves specifying a separate port for the system to system internal comms and setting a white list of server hostnames in the Access Control List.

However, this delay does reflect the reality of how many organisations approach SAP’s (and Oracle’s) traditional patching model. Many organisations take a long time to patch their systems. It involves time, cost, risk and complexity, applying manual patches to in-use and business critical systems. This leaves them at risk to potential threats and exploits. These are likely be more expensive than the initial fix would be.

So why do organisations ignore security fixes? Is there a better way to stay protected?

Support Revolution customers are already protected

While traditional patching methods are important to secure systems at their source, Support Revolution also uses a backup. The Gartner recommended Trend Micro Deep Security tool puts up a ‘security fence’ around its customers. This proactively protects their systems from outside attacks.

It creates a firewall around the servers that are hosting the at-risk systems, protecting any weak spots at a server level. Our solution is far more responsive. It also does not require any downtime to patch the problem. If a major threat is detected, the fix can be applied in as little as 12 hours.

This means that Support Revolution acts as your safety net for those ‘too costly to fix’ security issues. And these threats could’ve cost you much more than you would have expected.

Sources: TechRadar and CBROnline

Skip to content