Taking Pride in Being the Most Honorable ERP Security Provider: ERPScan

“Our primary mission is to close the gap between technical and business security.”

ERPScan is the most respected and credible Business Application Security provider. Founded in 2010, the company operates globally. Awarded as an ‘Emerging vendor’ in Security by CRN and distinguished by more than 25 other awards – ERPScan is the leading SAP SE partner in discovering and resolving security vulnerabilities.

ERPScan consultants work with SAP SE in Walldorf supporting in improving security of their latest solutions. ERPScan’s primary mission is to close the gap between technical and business security, and provide solutions to evaluate and secure ERP systems and business-critical applications from both, cyber-attacks as well as internal fraud. Usually, its clients are large enterprises, Fortune 2000 companies and managed service providers whose requirements are to actively monitor and manage security of vast SAP landscapes on a global scale.

ERPScan’s Range of Products

Security Monitoring Suite for SAP: This award-winning software is the only certified by SAP SE solution on the market that enables effective Identification, Analysis and Remediation of security issues and helps to protect system against cyber-attacks and internal fraud. It embraces the three tiers of SAP security: Vulnerability Management, Source Code Security for custom ABAP and JAVA programs, and Segregation of Duties. ERPScan is specifically designed for enterprise systems to continuously monitor changes that happen in multiple SAP systems. It makes identifying threats an easy process, helps management with smart dashboards, is capable of high-level trend analysis, security data correlation, and more importantly, enables efficient remediation of identified issues.

Security Monitoring Suite for Oracle PeopleSoft: Oracle PeopleSoft software is a combination of supply chain, human resources, supplier relationship management, and much more. This software is installed by 6000+ customers (57 % of Fortune 100 list) and serves 20 million employees worldwide. Providing an attacker with an opportunity to steal the personal data of more than 20 million people is very easy because most PeopleSoft applications are connected to the Internet for providing access to suppliers. Simple Google search strings can find about 500 internet-enabled PeopleSoft applications.

Security Scanner for SAP: ERPScan Security Scanner for SAP makes security assessment effortless. General checks are automated thereby permitting to focus on the analysis of specific applications to meet precise needs. Overall, the job is done faster than ever before. Penetration testers, for instance, can use existing tools to perform a vast variety of checks. They can be launched anonymously and with particular data for conducting attacks. Its unique set of exploit, targeted at certain SAP systems can be used to gain unlimited access to business data.

Client Dimension

ERPScan is an award-winning Company. The software it makes and its consulting services are successfully used by 80+ largest companies from industries like oil and gas, nuclear, financial, logistics, and retail, who need to control dozens of SAP systems simultaneously, as well as by consulting companies.

Success story of a client

Company profile: ENGIE Energia Polska S.A. (ex GDF Suez) is a major energy manufacturer in Poland. The company produces 1900 Mega Watt power, which makes almost 5% of the whole energy sector in PL.

The Challenge: Effective resource management is the key to success in any business. That is why ENGIE implemented SAP ERP system. However, from a Cyber Security point of view, SAP cannot be considered an ideal system: there is a wide-range of by-products, system vulnerabilities and misconfiguration issues are among them. Plus, we should bear in mind that SAP is growing extensively: various types of updates come out on regular basis, it’s sometimes hard to keep pace with the latest developments. From this perspective it becomes clear why ENGIE chose to carry out complex security auditing.

The Solution: Sustainable workflow of an ERP system is a matter of vital importance, especially when it comes to critical infrastructure of an energy sector. Full integrity and solid data protection are a must in this industry. Regular penetration testing, continuous security monitoring and taking remediation measures are the surefire way to reliable protection. In this case, a major question arising is how to find skilled experts having both proper competences and experience of working with complex systems, like SAP. Moreover, improper security testing of SAP systems can cause undesirable problems and lead to system inaccessibility. ENGIE was looking for a solution that would enable adequate security level measurement and would not cause stalling of business processes. And finally they have found an optimal one. ENGIE selected ERPScan Security Monitoring Suite for SAP to identify, analyze and respond to SAP Security issues including vulnerabilities, close security issues and SoD violations, this solution was the only one to cover all listed areas, correlate results and help in remediation. The co-operation between ENGIE and ERPScan enabled the Company to conduct in-depth analysis of existing and potential vulnerabilities in the manufacturer’s systems.

Meet the Master

Alexander Polyakov, CTO & Co-Founder: Alexander co-founded ERPScan in 2010. Recognized as an R&D professional and Entrepreneur of the year. His expertise covers the security of enterprise business-critical software like ERP, CRM, SRM and industry specific solutions developed by enterprise software companies such as SAP and Oracle. He has received several accolades, and published over 100 vulnerabilities. He has authored multiple whitepapers such as annual award winning “SAP Security in Figures” and surveys devoted to information security research in SAP. Alexander has authored a book about Oracle Database security and has presented his research on SAP and ERP security at more than 50 conferences and trainings in 20+ countries in all continents. He has also held trainings for the CISOs of Fortune 2000 companies, and for SAP SE itself.

“We partner and integrate with some of the best technology providers known to help enterprises the world over.”