KuppingerCole Report
Executive View
By Martin Kuppinger

SAP Enterprise Threat Detection

In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to threats is a must for protecting the core business systems.

1 Introduction

Over the past few years, both the types of attackers and the types of attacks have changed. Cyber-attacks today are primarily performed by organized crime and nation-states, which have defined attack targets. Critical business systems, line-of-production systems, and in particular sensitive information is at the center of attention today. Detecting and managing attacks on IT systems is becoming a serious problem. Cyber criminals are using increasingly sophisticated techniques to infiltrate organizational IT systems to commit crimes including data theft, denial of service and blackmail.

Organizations need platforms that are capable of running complex analytics in real-time, based on current and historical data. Such solutions must be capable of identifying complex, long-running attack patterns and anomalies, the latter being indicators for both new types of attacks and fraudulent activities. Real Time Security Intelligence (RTSI) provides these capabilities, enabling organizations to identify threats in real-time, powered by advanced data and analysis platforms.

As of today, traditional perimeter security devices like firewalls, IDS (Intrusion Detections Systems) and IPS (Intrusion Prevention Systems) are widely deployed. These tools are effective at removing certain kinds of weaknesses. They also generate alerts when suspicious events occur, however the volume of events is such that it is almost impossible to investigate each in real-time. While these devices remain an essential part of the defence, for the agile connected business they are not able to detect a range of threats including the use of compromised credentials and zero day attacks.

SIEM (Security Information and Event Management) is promoted as a solution to these problems. In reality, however, SIEM is really a set of tools that can be configured and used to analyse event data after the fact and to produce reports for auditing and compliance purposes. While it is a core security technology it has not been successful at providing actionable security intelligence in time to avert loss or damage.

This has led to the emergence of a new set of technologies, Real Time Security Intelligence (RTSI). These tools are intended to detect threats in time to enable action to be taken before damage is done. They use techniques taken from big data and business intelligence to integrate the massive amount of data generated from multiple sources and reduce it a small number of alarms where there is a high confidence that there is a real threat.

At the current state of the art for RTSI, Managed Services is an essential component. This is because of the rapid evolution of threats, which makes it almost impossible for a single organization to keep up to date, and the complexity of the analysis that is required to identify how to distinguish these. This up to date knowledge needs to be delivered as part of the RTSI solution.

The volume of threats to IT systems, their potential impact and the difficulty to detect them are the reasons why real time security intelligence has become important. However, RTSI technology is at an early stage and the problem of calibrating normal activity using some tools still requires considerable skill. It is important to look for a solution that can easily build on the knowledge and experience of the IT security community, vendors and service providers. End user organizations should always opt for solutions that include managed services and pre-configured analytics, not just tools.

SAP Enterprise Threat Detection (ETD) is a new SAP security offering that falls into the market segment of RTSI. It supports key capabilities of identifying attacks based on pre-defined attack detection patterns. SAP ETD supports both real-time analytics and forensic activities. A particular strength is the deep integration into SAP business systems, allowing customers to specifically identify attacks and fraud targeted at these systems with their critical role in many of today’s organizations. However, SAP ETD is not restricted to analyzing security events from SAP systems, but supports input data from both SIEM solutions and other types of log and event systems.

2 Product Description

Based on the analytical capabilities of the SAP HANA platform, SAP ETD supports a variety of analytical capabilities, including trending, anomaly dete ...

Login Get full Access

3 Strengths and Challenges

SAP provides a solution that delivers on what we expect in the RTSI market: strong analytical capabilities; integration into SIEM systems; updated att ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.