Wednesday, December 30, 2015

SAP Enterprise Threat Detection (ETD)

As more and more companies are facing security issues and threats are usually first in the line a topic of monitoring and evaluating of security related events becomes very important for every big software vendor. SAP jumped on this bandwagon as well with their offering called SAP Enterprise Threat Detection.

The aim of this solution is to:
  •  offer real-time data platform for performing forensic investigations in order to discover suspicious patterns
  •  automatically evaluate of attack detection patterns
  •  analyze and correlate log
  • integrate custom log providers
  • find threats focused on SAP software

So all in all it helps to identify the real attacks as they are happening and analyze the threats quickly enough to neutralize them before serious damage occurs.

Technically it is based on processing of data collected by ESP (Event Stream Processor). The ESP gets the data from SAP NetWeaver Application servers (JAVA and ABAP), from SAP HANA database and from non-SAP sources. The ESP then collected data provides to SAP HANA engine to evaluate and analyze them and generate alerts based on analyses results. Analyses that are done in HANA are patterns based. The patterns are developed and enhanced by SAP. Customers can change them according their needs and also they can create completely new ones.

Currently there is an SP02 available for SAP Enterprise Threat Detection 1.0.

More information:

No comments: