Name: Elephant Beetle: Advanced Financial Attack Leveraging SAP Vulnerabilities
Start: 2023-01-24T09:00:00Z
End: 2023-01-24T09:00:31.000Z
Location: BrightTALK
Rating: 0

Proving business-critical application security not only takes next-level solutions, it also takes thought leadership. Here you'll find a growing library of materials to help you build your business-critical application security strategy and drive your company forward, confidently.

Reflecting on over three decades of experience in tackling enterprise security, founders & CEO’s Mariano Nunez (Onapsis) and Richard Hunt (Turnkey) will share their lessons learned and provide practical tips and best practices for securing your organization. We will examine how the approach to SAP security has shifted and the most significant threats facing organizations today and where SAP security fits within the larger context of cybersecurity.

Protecting Your Company from SAP Cyber Threats

Businesses use enterprise resource planning (ERP) systems, like SAP, to keep their critical business assets, data and IP in one place. While ERP systems unify platforms and departments, centralizing large enterprise data presents an attractive target for malicious actors. An interconnected system combined with inadequate ERP security increases the risk of attacks and makes ERP systems a prime target for adversaries.

To shed light on the state of ERP security in 2023, we have analyzed and observed threats and attacks targeting ERP applications. Learn about the state of ERP Security, strategies to maintain compliance, and how to better mitigate risk across your SAP landscape.

 This session covers:

- The power and importance of business applications and why they are a target
- Active and elevated SAP exploitation activity identified by Onapsis Research Labs
- Fundamental concepts for SAP business-critical application cybersecurity & compliance
 - Key strategies to maintain compliance and better mitigate risk across your SAP landscape

The State of ERP Security

Over a decade ago, Onapsis was founded in a small office in Buenos Aires, Argentina. Today, the organization has grown by leaps and bounds with a global presence and capabilities centered around protecting the critical systems of hundreds of the world’s leading brands including 20% of the Fortune 100. Join this fireside chat with two of the founders of Onapsis - Mariano Nunez, CEO, and JP Perez-Etchegoyen, CTO - to hear their take on the state of critical application security, thoughts on modern day SAP and Oracle attacks and threat actor groups, and a new way of thinking about ERP security to protect what matters most to your organization.

Lessons Learned from a Decade of App Security (Fireside Chat w/ Mariano & JP)

What is DevSecOps? It is the process of implementing security best practices within the application development lifecycle. As digital transformation projects accelerated work schedules on new code and applications, security frequently fell to the wayside in favor of business application output. With the average SAP system having well over 2 million lines of custom code, large global enterprises are growing more concerned about how vulnerable their critical applications may be. Join this webinar to get a better understanding of why you, too, should consider incorporating your SAP application development into a broader DevSecOps framework and some best practices on how to get started in your SAP development.

Shift Left: Five Reasons Why You Should Extend DevSecOps to Your SAP Environment

Frequently thought of as a “black box” for many reasons, SAP and Oracle application landscapes present challenges for modern day security professionals, which has frequently led to a policy of layered security around the critical systems that matter most. However, neglecting to include these ERP applications as part of your vulnerability management program leaves your organization more open than ever before to potential security breaches and data loss. In this webinar, let Onapsis provide you with five compelling reasons why it’s time to crack open that black box and better integrate SAP and Oracle applications into your overall vulnerability management strategy.

5 Reasons for Including ERP in Your Vulnerability Mgmt Program

As global organizations fully embrace cloud and digital transformation projects in the enterprise, under-resourced teams frequently focus on agility and velocity over security. This webinar will discuss the current trends shaping ERP digital transformation and the broader challenges in securing these business-critical systems. This session will draw from Onapsis’ experiences in securing the world’s leading brands over the past 10+ years to discuss major security challenges and threats brought on by digital transformation, leveraging insights and real-world examples to illustrate the topic.

ERP Digital Transformation: Big Trends and Bigger Security Challenges

Traditionally, cybersecurity and compliance have been two very separate functions where oftentimes the misalignment has been emphasized more than alignment toward a common goal. Add in the complexities of the compliance landscape and ever growing threats to business-critical applications, and defenders have a difficult challenge to solve with limited resources.

Onapsis customer, Dow Chemical, discusses their journey and best practices utilizing The Onapsis Platform and how they solve these challenges–bringing their cybersecurity and compliance functions together in harmony.

Watch this session to gain an understanding of how to:

- Harmonize and remove barriers between security and compliance/audit teams for a holistic assessment of organizational risk
- Save budget and resources by identifying opportunities where one solution can support both cybersecurity and compliance/audit efforts
- Develop a proactive approach to ERP by securing the application layer–vital protection for business continuity and threat remediation for faster response to zero days
- Navigate the current regulatory landscape and save hundreds of hours with automation of critical governance activities (i.e. ICFR/SOX)"

How Dow Chemical Leverages Onapsis for Proactive Security & Compliance

Many organizations have correctly realized that security needs to be considered from the start of major digital transformation projects, and have started including security leaders in project planning and execution. However, most security leaders lack the visibility and/or understanding of SAP they need to effectively measure risk and enforce security baselines for the project. Hear from key industry leaders on the importance of SAP security and how to eliminate this blindspot so security leaders can understand risk and respond accordingly.

Transformation : SAP Security Implementation Lessons From Industry Leaders

Richard Puckett, CISO of SAP, and Mariano Nuñez, CEO of Onapsis, talk about today’s sophisticated and dynamic ransomware attacks and the key actions, best practices and controls you should implement to mitigate your business’s risk.

Watch this fireside chat on-demand, for a better understanding of:

- The current state of the threat landscape and the emerging, hyper-targeted threat tactics SAP and Onapsis are observing 
- How to prepare for a ransomware attack, addressing two primary threat vectors with three categories of control
- Best practices around business continuity and incident response should your business suffer an attack

How to Secure Your Business-Critical SAP Applications Against Modern Ransomware

Traditional cybersecurity investments have focused on defending the perimeter with little attention paid to the application layer. More importantly, those applications enable the most critical business functions of your organization, such as financials, manufacturing, and the supply chain. With SAP as the core technology foundation for many large enterprises, it presents an attractive target for malicious actors. Building from basic security hygiene to advanced concepts, you can play a key role in ensuring that strategic operations and critical processes of your business are protected. Key strategies to maintain compliance and better mitigate risk across your SAP landscape.

Join this session to discuss:

- How and why it’s imperative to include SAP security in your overall cybersecurity strategy 
- Fundamental concepts for SAP business-critical application cybersecurity & compliance 
- Key strategies to maintain compliance and better mitigate risk across your SAP landscape
- Active and elevated SAP exploitation activity identified by Onapsis Research Labs
- CISA’s Catalog of Known Exploited Vulnerabilities and the SAP vulnerabilities highlighted as critically important to patch

ERP Security 101: Things Every Organization Should Be Doing to Secure ERP

The Onapsis Research Labs is on a quest to protect the world’s most critical applications at the center of the global economy. Most recently, Onapsis collaborated with SAP Product Security Response Team to discover and patch three critical memory corruption vulnerabilities that affected Internet Communication Manager (ICM), a core component of SAP business applications. If not patched, the series of vulnerabilities, dubbed “ICMAD,” could enable attackers to execute several malicious activities on SAP users, business information, and processes — and ultimately compromise unpatched SAP applications.

Hear from SAP CISO Richard Puckett and Onapsis CEO Mariano Nunez as they discuss how the Onapsis Research Labs and SAP Product Security Response Team worked in close partnership to identify, assess, and mitigate these critical vulnerabilities.

Watch this webinar to learn:

- Details on the ICMAD vulnerabilities discovered
- The impact on your business
- Why timely patching of critical vulnerabilities is more important than ever
- Recommendations for keeping your SAP systems protected

ICMAD Vulnerabilities: Who's at Risk & How to Protect Your SAP Applications

We all know today's ongoing business acceleration is the main driver for Digital Transformation. As a result, increasing business demands for more and faster code development in SAP and limiting or completely removing Security Code Review tasks.

Is my code secure? Have I put my entire company at risk just with my developed code? Is my security team able to continuously monitor & prevent attacks at application level?

Few facts: Did you know enterprises have, on average, two million lines of custom code that may have existing security, compliance and quality issues. Did you know for each 1000 lines of code you have an average of 1.1 critical security vulnerabilities. 79% in today’s businesses do not build security features into their application development.

Attend this session to gain insights into:

- Enable visibility into all SAP custom code development
- How to stabilize your Code by Automating your Security Processes:
- Ensure that accelerated development cycles don’t lead to vulnerabilities within custom code
- Empower your team to reduce time spent on security reviews and remediation
- Prevent critical issues from getting into production systems

Replace Manual Security Reviews w/ Automated App Security Testing For SAP

ERP applications power the global economy and support the most critical and complex processes for the largest organizations in the world. We all know it, and threat actors know it too. Over the past few years, the Onapsis Research Labs have seen an accelerated increase in the threats and attacks targeting ERP applications, leading to frustrating business disruptions and significant monetary loss. Join us to learn about the latest developments in the ERP threat landscape as well as three recommended best practices to keep these ERP attacks out of our business-critical systems.

Best Practices to Combat Rapidly Evolving Threat Landscape for ERP Applications

SAP S/4HANA migration projects are a huge undertaking involving your organization’s most mission-critical applications. Your business relies on these applications to function, so ensuring they stay secure, compliant, and available throughout migration and beyond is absolutely critical.

Join our webinar to learn how to effectively build security, compliance, and quality checks into your SAP application development lifecycle – without burdening your development team. Taking this type of DevSecOps approach is key to a successful SAP S/4HANA migration and avoiding negative impacts to business operations. We’ll discuss best practices, what types of checks to perform and when, and considerations based on your implementation approach.

On the agenda:

- Overview of SAP S/4HANA and what’s involved with migrating
- How applying DevSecOps concepts to SAP application development can facilitate migration
- Detailed strategies for each step of the application development lifecycle, including code analysis, transport inspection, ongoing vulnerability management, user activity monitoring and threat detection

DevSecOps for SAP S/4HANA Migrations

A deep dive into the current environmental and business dynamics that your cybersecurity portfolio must account for. Understand the novel, emergent threats that the Onapsis Research Lab is observing and reporting on.

4 Reasons Why You Need Vulnerability Management for Business Applications

Better understand the executive- and board-level conversations happening around business-critical application security and program blind spots. What are your CIO peers focusing on in 2022? What can CISOs, infosec leaders, and application owners do to support the office of the CIO?

CIO INSIGHTS: 4 FOCUS AREAS FOR 2022

Dig into implementation best practices and integration must-haves. We’ll review tips, tricks, and techniques to get the most from a vulnerability management program.

4 Things to Consider as You Select a Vulnerability Management Provider

Learn how SAP vulnerabilities were exploited to drain millions of dollars from major financial organizations by an advanced threat group dubbed ‘Elephant Beetle’. In this session we discuss their modus operandi, provide actionable guidelines on how to bolster SAP security processes and how to defeat attacks of this nature in case of a breach. This session provides: 

- Review of the attack trends & threat landscape in 2022
- Deep dive into a specific case study of an “Elephant Beetle” attack and Incident Response
- Key actions you can take to prepare your organization and defeat such attacks
- Top resources to help support your security effort

Elephant Beetle: Advanced Financial Attack Leveraging SAP Vulnerabilities

Cyber Security

Incident Response

Application Security

Vulnerability Management

Threat Intelligence

Cyber Attacks

Attack Vectors

Patch Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Elephant Beetle: Advanced Financial Attack Leveraging SAP Vulnerabilities

Presented by

About this talk

More from this channel