Name: DevSecOps for SAP S/4HANA Migrations
Start: 2022-11-10T09:00:00Z
End: 2022-11-10T09:29:45.000Z
Location: BrightTALK
Rating: 0

Proving business-critical application security not only takes next-level solutions, it also takes thought leadership. Here you'll find a growing library of materials to help you build your business-critical application security strategy and drive your company forward, confidently.

Traditionally, cybersecurity and compliance have been two very separate functions where oftentimes the misalignment has been emphasized more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.

Onapsis customer, Dow Chemical, discusses their journey and best practices utilizing The Onapsis Platform and how they solve these challenges–bringing their cybersecurity and compliance functions together in harmony.

Watch this session to gain an understanding of how to:

- Harmonize and remove barriers between security and compliance/audit teams for a holistic assessment of organizational risk
- Save budget and resources by identifying opportunities where one solution can support both cybersecurity and compliance/audit efforts
- Develop a proactive approach to ERP by securing the application layer–vital protection for business continuity and threat remediation for faster response to zero days
- Navigate the current regulatory landscape and save hundreds of hours with automation of critical governance activities (i.e. ICFR/SOX)"

How Dow Chemical Leverages Onapsis for Proactive Security & Compliance

Many organizations have correctly realized that security needs to be considered from the start of major digital transformation projects, and have started including security leaders in project planning and execution. However, most security leaders lack the visibility and/or understanding of SAP they need to effectively measure risk and enforce security baselines for the project. Hear from key industry leaders on the importance of SAP security and how to eliminate this blindspot so security leaders can understand risk and respond accordingly.

Transformation : SAP Security Implementation Lessons From Industry Leaders

Learn how SAP vulnerabilities were exploited to drain millions of dollars from major financial organizations by an advanced threat group dubbed ‘Elephant Beetle’. In this session we discuss their modus operandi, provide actionable guidelines on how to bolster SAP security processes and how to defeat attacks of this nature in case of a breach. This session provides: 

- Review of the attack trends & threat landscape in 2022
- Deep dive into a specific case study of an “Elephant Beetle” attack and Incident Response
- Key actions you can take to prepare your organization and defeat such attacks
- Top resources to help support your security effort

Elephant Beetle: Advanced Financial Attack Leveraging SAP Vulnerabilities

Richard Puckett, CISO of SAP, and Mariano Nuñez, CEO of Onapsis, talk about today’s sophisticated and dynamic ransomware attacks and the key actions, best practices and controls you should implement to mitigate your business’s risk.

Watch this fireside chat on-demand, for a better understanding of:

- The current state of the threat landscape and the emerging, hyper-targeted threat tactics SAP and Onapsis are observing 
- How to prepare for a ransomware attack, addressing two primary threat vectors with three categories of control
- Best practices around business continuity and incident response should your business suffer an attack

How to Secure Your Business-Critical SAP Applications Against Modern Ransomware

Traditional cybersecurity investments have focused on defending the perimeter with little attention paid to the application layer. More importantly, those applications enable the most critical business functions of your organization, such as financials, manufacturing, and the supply chain. With SAP as the core technology foundation for many large enterprises, it presents an attractive target for malicious actors. Building from basic security hygiene to advanced concepts, you can play a key role in ensuring that strategic operations and critical processes of your business are protected. Key strategies to maintain compliance and better mitigate risk across your SAP landscape.

Join this session to discuss:

- How and why it’s imperative to include SAP security in your overall cybersecurity strategy 
- Fundamental concepts for SAP business-critical application cybersecurity & compliance 
- Key strategies to maintain compliance and better mitigate risk across your SAP landscape
- Active and elevated SAP exploitation activity identified by Onapsis Research Labs
- CISA’s Catalog of Known Exploited Vulnerabilities and the SAP vulnerabilities highlighted as critically important to patch

ERP Security 101: Things Every Organization Should Be Doing to Secure ERP

The Onapsis Research Labs is on a quest to protect the world’s most critical applications at the center of the global economy. Most recently, Onapsis collaborated with SAP Product Security Response Team to discover and patch three critical memory corruption vulnerabilities that affected Internet Communication Manager (ICM), a core component of SAP business applications. If not patched, the series of vulnerabilities, dubbed “ICMAD,” could enable attackers to execute several malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications.

Hear from SAP CISO Richard Puckett and Onapsis CEO Mariano Nunez as they discuss how the Onapsis Research Labs and SAP Product Security Response Team worked in close partnership to identify, assess, and mitigate these critical vulnerabilities.

Watch this webinar to learn:

- Details on the ICMAD vulnerabilities discovered
- The impact on your business
- Why timely patching of critical vulnerabilities is more important than ever
- Recommendations for keeping your SAP systems protected

ICMAD Vulnerabilities: Who's at Risk & How to Protect Your SAP Applications

We all know today's ongoing business acceleration is the main driver for Digital Transformation. As a result, increasing business demands for more and faster code development in SAP and limiting or completely removing Security Code Review tasks.

Is my code secure? Have I put my entire company at risk just with my developed code? Is my security team able to continuously monitor & prevent attacks at application level?

Few facts: Did you know enterprises have, on average, two million lines of custom code that may have existing security, compliance and quality issues. Did you know for each 1000 lines of code you have an average of 1.1 critical security vulnerabilities. 79% in today’s businesses do not build security features into their application development.

Attend this session to gain insights into:

- Enable visibility into all SAP custom code development
- How to stabilize your Code by Automating your Security Processes:
- Ensure that accelerated development cycles don’t lead to vulnerabilities within custom code
- Empower your team to reduce time spent on security reviews and remediation
- Prevent critical issues from getting into production systems

Replace Manual Security Reviews w/ Automated App Security Testing For SAP

ERP applications power the global economy and support the most critical and complex processes for the largest organizations in the world. We all know it, and threat actors know it too. Over the past few years, the Onapsis Research Labs have seen an accelerated increase in the threats and attacks targeting ERP applications, leading to frustrating business disruptions and significant monetary loss. Join us to learn about the latest developments in the ERP threat landscape as well as three recommended best practices to keep these ERP attacks out of our business-critical systems.

Best Practices to Combat Rapidly Evolving Threat Landscape for ERP Applications

A deep dive into the current environmental and business dynamics that your cybersecurity portfolio must account for. Understand the novel, emergent threats that the Onapsis Research Lab is observing and reporting on.

4 Reasons Why You Need Vulnerability Management for Business Applications

Better understand the executive- and board-level conversations happening around business-critical application security and program blind spots. What are your CIO peers focusing on in 2022? What can CISOs, infosec leaders, and application owners do to support the office of the CIO?

CIO INSIGHTS: 4 FOCUS AREAS FOR 2022

Dig into implementation best practices and integration must-haves. We’ll review tips, tricks, and techniques to get the most from a vulnerability management program.

4 Things to Consider as You Select a Vulnerability Management Provider

Moving to SAP S/4HANA is a complex process, requiring collaboration from multiple stakeholders across the business to deliver the project on time and on budget.  All too often, security ends up being a roadblock to meeting those goals, but it doesn’t have to be.

KPMG and Onapsis work side-by-side with organizations to build security into their SAP S/4HANA migrations to avoid setbacks and establish secure SAP operating models. Join us for a conversation on best practices for a security-by-design approach based on our experience helping customers migrate their systems. Topics include:

- Aligning stakeholders across security, IT, SAP Basis, and internal audit
- Putting security-by-design into practice without interfering with or burdening SAP teams
- The three biggest challenges we hear for each stage of a migration project and how to overcome them
- Other lessons learned from our customers, so you can avoid those challenges yourself

Best Practices: Avoiding Security Roadblocks to SAP S/4HANA Migrations

The award-winning Onapsis Research Labs is a team of cybersecurity experts who combine in-depth knowledge and experience to deliver security insights and threat intel affecting business-critical applications, such as SAP, Oracle, and others. Onapsis researchers have discovered over 800 zero-day vulnerabilities and multiple critical global CERT alerts have been based on their novel research. 

Onapsis automatically updates its products with the latest threat intelligence and other security guidance from the Onapsis Research Labs. This provides customers with advanced notification on critical issues, comprehensive coverage, improved configurations and zero-day protection ahead of scheduled vendor updates. 

In this session learn more about the latest threat intelligence and receive security guidance from the Onapsis Research Labs to stay ahead of ever-evolving cybersecurity threats.

This session covers: 

- Recent research on vulnerability findings, including ICMAD and HTTP Smuggling
- An overview on how to keep your SAP business-critical applications secure
- Threat intelligence on the cybersecurity attack trends observed in the wild
- Security guidance and best practices from the leading team of researchers

Onapsis Research Labs - Cyber Tech Talk

The NIST Cybersecurity Framework helps organizations assess and improve their ability to prevent, detect, and respond to cyberattacks. SAP’s framework, the SAP Secure Operations Map, incorporates NIST best practices into a structure for the overall security of an organization’s SAP environment. One of the key components of both of these frameworks is the application security layer, which has become an increasingly prevalent and attractive target for attackers. Unfortunately, this layer can often be a blind spot within organizations, particularly for security departments, even though a secure application layer is a critical component for building a protected environment. Leveraging frameworks and best practices can help security, SAP application, and SAP BASIS teams, build cross functional team engagement and strategies to eliminate these blind spots and work together effectively.

Join Onapsis as we discuss how security frameworks can help lay a strong foundational strategy to protect SAP environments and how Onapsis’ methodology for application layer protection aligns to these best practices.  

During this session, you will learn:

- How to leverage key elements of the NIST and SAP Secure Operations Map frameworks for a more effective security strategy
- How to incorporate application security best practices into creating a more secure, compliant, environment for your SAP applications. 
- How to think about the journey to a more secure environment, including mapping out milestones and points to consider at every phase

Building A Security Compliant Foundation for SAP

SAP S/4HANA migration projects are a huge undertaking involving your organization’s most mission-critical applications. Your business relies on these applications to function, so ensuring they stay secure, compliant, and available throughout migration and beyond is absolutely critical.

Join our webinar to learn how to effectively build security, compliance, and quality checks into your SAP application development lifecycle – without burdening your development team. Taking this type of DevSecOps approach is key to a successful SAP S/4HANA migration and avoiding negative impacts to business operations. We’ll discuss best practices, what types of checks to perform and when, and considerations based on your implementation approach.

On the agenda:

- Overview of SAP S/4HANA and what’s involved with migrating
- How applying DevSecOps concepts to SAP application development can facilitate migration
- Detailed strategies for each step of the application development lifecycle, including code analysis, transport inspection, ongoing vulnerability management, user activity monitoring and threat detection

DevSecOps for SAP S/4HANA Migrations

SAP HANA

S4 HANA Migration

Cyber Security

Cyber Attacks

Information Security

Cloud Security

DevSecOps

Application Security

Risk Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

DevSecOps for SAP S/4HANA Migrations

Presented by

About this talk

More from this channel