The SAP team and the IT-security team are often in separate departments. This tool enables cross-departmental collaboration to achieve the essential goal of protecting the SAP system’s valuable and vulnerable data.
The out-of-date work structure is a cyberdefense department lacking knowledge of SAP, (especially SAP security) and an SAP department lacking knowledge and understanding of cybersecurity.
LogPoint for SAP brings together these crucial IT teams by integrating SAP in SIEM and cybersecurity monitoring environments – and enables essential protection by monitoring SAP in SIEM.
While LogPoint has no direct competitors, there are numerous companies known for delivering less integrated, SAP-centric, point solutions.
LogPoint for SAP extracts and forwards all kinds of SAP security, audit and compliance relevant information from the SAP system to the SIEM for a monitoring in SIEM. This allows not only a SAP-centric analysis of data but also the cross-correlation of SAP data with data from all kinds of network devices, gateways, security devices, endpoint protection solutions, data leakage detection devices. This allows a holistic view and full insight in SAP.
Competitors in best case forward SAPcentric alerts to SIEM. This does not help analyzing the raw SAP events with the IT-security data
There are two major attack vectors in SAP – the internal, insider threat, and cyberattacks or cybercrime.
Proper SAP security monitoring can only be established in an environment where SAP security and IT-security is combined.
This is only possible in a classic SIEM, embedded in cyberdefense centers, security operations centers or Managed Secuirity services – for holistic monitoring of SAP and automated detection and response.
The SAP-SIEM of SAP is missing an essential piece, which is the capabilities in cross-correlating SAP information with data from “classic” IT or IT-security.
The added value of SIEM is the utilization of key technologies on top of the rule-based approach to detect known threats – it is the detection of the unknown threats that matter most.
This is achieved by User and Entity Behavior Analysis (UEBA) and integration of the rules implemented into the MITRE ATT&CK framework.
UEBA is machine-learning based technology that is able to detect the anomalies of SAP user behavior. Furthermore, the mapping of existing rules into the MITRE ATT&ACK framework will help to understand sophisticated attacks of an SAP system better, that chain up several single attacks to succeed with the attack.
LogPoint for SAP is the first vendor that enables UEBA for SAP data inside SIEM.
LogPoint for SAP is easy to deploy and easy to configure.
LogPoint for SAP deployment is often completed in days, not weeks or months. PoCs even within one day. LogPoint for SAP remote connectors for SAP even keep the efforts of rollouts in larger environment to a minimum.
The product comes with a pre-defined set of use cases for monitoring. Both ends, the SAP data collection, as well as the analysis of SAP events is fully transparent and customers benefit from full flexibility in the creation and the configuration of use cases, both on the SAP data collection side as well as in SIEM.
The product is currently embedded in Managed Security Services provided by LogPoint partners. Which allows a fast time-to-value in the areas of SAP security, SAP system compliance, regulatory compliance (GDPR), SAP availability monitoring and business process monitoring.
LogPoint’s Core SIEM licensing is based on nodes sending logs rather than data volume.
With a LogPoint license, your worries of increasing data volumes resulting in SIEM cost exploding instantly disappear. This will also not change when deciding to monitor all kinds of logs from the most critical asset and application – SAP. LogPoint for SAP is licensed by the number of SAP SIDs relevant for monitoring. This number is also very predictable.