Why You Need Better Oracle & SAP Security Before It’s Too Late

A skull made out of orange and black lines of code depicting risks to Oracle and SAP security

Traditional ERP security patching from Oracle and SAP is not good enough.

Your critical systems depend on the vendors to provide you with patches and fixes regularly so that your systems aren’t left vulnerable.

But the vendors can take months to provide these to your security teams. And that’s only if you’re paying for the highest (and most expensive!) levels of support.

Why does good security patching matter?

Cyber-attacks are on the rise.

According to the World Economic Forum (WEF), there has been a 72% increase in data compromises since the previous high in 2022.[1] Globally, the cybercriminal economy pulled in an incredible $8.4 trillion in 2022.[2]

It’s not just the financial repercussions you need to be concerned about.

Successful breaches to your business-critical systems (such as payroll, personnel, management, or finance) are potentially catastrophic. It could mean serious disruption to business operations and a big hit to your organisation’s reputation.

Despite this considerable and ever-increasing threat (especially given the rise of AI), organisations are still struggling to detect and resolve cyber threats in a timely manner.

When a breach occurs, it currently takes an average of 277 days for an organisation to identify and contain it.[3]

Your organisation is being left vulnerable by the vendors. And when patches are eventually provided, implementing them is leaving your systems open to attack for far too long.

But there is a solution…

What is virtual patching?

Support Revolution recommends and deploys the Intrusion Prevention System of Trend Micro Deep Security, a virtual patching security solution able to protect all versions of your Oracle and SAP software much more quickly than the vendors.

Virtual patching protects your Oracle and SAP systems at the server level, acting like a virtual fence around your entire software estate rather than applying patches directly to the affected system area (the vendors’ approach).

5 Reasons why virtual patching is more effective than vendor patching

  1. Speed

Virtual patching ensures you’re protected against new threats and vulnerabilities within minutes, instead of months from the vendors.

  1. Protection for legacy systems

Virtual patching does not require you to upgrade your systems or remain in the vendor’s support programme, making it highly cost-effective.

  1. Easy deployment

You apply patches to the virtual fence surrounding your systems so there is no need for regression testing, saving you time and resources. This also avoids any downtime so your systems can continue to run while the patches are being applied.

  1. Great flexibility

New rules can be applied in Protection Mode (which blocks malicious traffic) or Detection Mode (which reports malicious traffic), giving you increased control.

  1. Compliance ready

This approach helps you meet the requirements of essential compliance standards like GDPR, PCI-DSS, HIPAA, and SOC2.

Why is speed important in security patching?

When a new vulnerability is discovered, the race is on to get it patched before a hacker can exploit it.

When vulnerabilities are included in readily available exploit kits, this race becomes even more critical.

A real-life example…

On 17 April 2019, a new vulnerability (CVE-2019-2725) was identified in Oracle WebLogic. Oracle made an out-of-timeline patch available on 26 April when full details were made available, and Trend Micro released a new rule for Deep Security on the same day.

So, all good then, right? Not quite.

As soon as a vulnerability is announced, hackers start exploiting it. In this case, exploits (including exploit kits) were being produced within a few days of the Oracle patch being made available.

But it takes months for an Oracle or SAP customer to test and apply a new patch.

So, while a patch was available, the majority of Oracle customers were still vulnerable during this critical period.

On the other hand, Deep Security rules can be applied within minutes of release. All Support Revolution customers were fully protected before any hacker had a chance to attack their systems.

Your next steps to better securing your Oracle and SAP systems

Having a strong patching process in place is critical to ensuring the stability and continuity of your critical systems.

Previously, vendor patches and fixes have been locked behind a paywall, only available to organisations willing to pay high annual fees to remain in the vendor’s support programme (and they’re not even good enough!).

With Support Revolution’s tailored and proactive security for your Oracle and SAP systems, you can protect your systems whether you’re on the latest software version or not, with zero downtime, and at a much lower price point.

Our in-house teams work tirelessly, actively monitoring security threats, working with Trend Micro to provide quick fixes as and when they happen.

Want to learn more about Support Revolution’s tailored, proactive security? Book in a quick session with one of our team and let them answer any questions you have.

[1] World Economic Forum, What Does 2024 Have in Store for Cybersecurity?

[2] World Economic Forum, The Global Cost of Cybercrime (Statista, FBI, IMF data)

[3] IBM, Cost of a Data Breach Report 2023

[ivory-search id="29433" title="Default Search Form"]