SAP’s ‘latest’ threat shows why to rethink your ERP security

Oracle SAP Security Missing Pieces

In April, security firm Onapsis posted about a new threat facing SAP customers that they have called ’10kBLAZE’, an exploit that their researchers have estimated could impact over 50,000 companies worldwide – enabling hackers to access, steal or edit any data that sits in your SAP system.

These exploits can be executed by a remote, unauthenticated (no username and password) attacker having only network connectivity to the vulnerable systems.

Onapsis Threat Report

But SAP’s latest threat isn’t anything new, it just highlights how broken SAP’s security patching model is

This ‘latest’ threat was first identified and patched by SAP in their Hot News security bulletin in 2013 (note number 1421005 – Secure configuration of the message server). This patch provided detailed instructions on how to secure your SAP systems to prevent this exploit.

But according to Onapsis, only one in ten companies have implemented the patch, even after six years!

This delay is surprising, as the actions needed to secure your SAP system from this exploit are relatively simple as far as security patches go: just specifying a separate port for the system to system internal comms and setting a white list of server hostnames in the Access Control List.

However, this delay does reflect the reality of how many organisations approach SAP’s (and Oracle’s) traditional patching model. Many organisations take a long time to patch their systems due to the time, cost, risk and complexity of applying manual patches to in-use and business critical systems – leaving them at risk to potential threats and exploits that will likely be more expensive than the initial fix would be.

So why do organisations ignore security fixes? And is there a better way to stay protected?

Support Revolution customers are already protected

While traditional patching methods are important to secure systems at their source, Support Revolution also uses the Gartner recommended Trend Micro Deep Security tool to put up a ‘security fence’ around its customers – proactively protecting their systems from outside attacks.

This solution creates a firewall around the servers that are hosting the at-risk systems, protecting any vulnerabilities at a server level. Our solution is far more responsive and does not require any downtime to patch the fixes, and if a major threat is detected the fix can be applied in as little as 12 hours.

This means that Support Revolution acts as your safety net for those ‘uneconomical to fix’ security issues that may just cost you much more than you could possibly imagine.

Learn more about how we protect systems using both patches and Trend Micro in our security white paper:

Sources: TechRadar and CBROnline