ERPScan: SAP Security Made Easy

Alexander Polyakov, CTO and Co-Founder
Although modern SAP systems are robust, they can be susceptible to internal frauds and cyber attacks. SAP systems facilitate mammoth storages and operations like procurements, stock resource management, human resource management, and financial reports along with related data mines. “Security is an important aspect and it demands seamless attention if it has to function and protect information as expected by a business,” says Alexander Polyakov, CTO and Co-Founder, ERPScan. Enabling and maintaining security is inherently complex, especially since it is highly customizable with its long list of parameters. The complexity is amplified by the fact that almost every new SAP vulnerability is traditionally solved by installing an additional option with its own set of parameters, which usually leads to new and complex relations between settings. These complicate pre-existent settings and its functions, pushing SAP specialists to work through a series of manuals to get the system working. Hence, the demand for SAP system security specialists is huge, and continues to grow.

Headquartered in Palo Alto, CA, ERPScan makes it a mission to close the gap between technical and business security. The company offers automated solutions that cover all areas of SAP security with a unified platform and allows customers to correlate data from different areas, giving a 360-degree view on SAP security.

ERPScan’s flagship product, ERPScan Security Monitoring Suite for SAP, resolves the issues related to vulnerability management, source code vulnerabilities, backdoors, and access control along with Segregation of Duties (SoD). The solution not only protects the customer’s system from cyber attacks and internal fraud but also decreases TCO by saving on compliance audits and through automation. ERPScan Monitoring Suite for SAP is specifically designed to continuously monitor changes in multiple SAP systems. It generates and analyzes trends on user friendly dashboards, manages risks, tasks and exports results to external systems.Apart from providing an exclusive security product, ERPScan also provides services like SAP Penetration Testing. “Penetration testing is a vision of the system as seen by an attacker,” says Polyakov.

The product makes it evident that it is easy to gain access to SAP critical data or check the effectiveness of existing security measures. Penetration tests help find potential system breaches that would enable an attacker to gain access to business critical data or exploit vulnerabilities related to espionage, fraud, and sabotage. ERPScan’s SAP Security Assessment helps to make comprehensive assessment of the customer’s system by checking its security at all the levels—from landscape architecture, network settings and OS configuration to the technicalities of DBMS configuration and different SAP components.

We cover all areas of SAP security with a unified platform and allow customers to correlate data from different areas, giving a 360-degree view on SAP security

Offering security solutions that are right fit for a diverse customer base, the company has delivered solutions to many customers from a wide array of industries. “One of our large installations was recently done for an oil company,” says Polyakov. ERPScan helped in monitoring more than 100 SAP systems, solved vulnerability as well as configuration management issues and continuously scanned for Advanced Business Application Programming (ABAP) code before it went to production. The oil organization also used SAP GRC for SoD and access control management. ERPScan was integrated with SAP GRC and all IT and security risks were identified and managed in SAP GRC as part of Enterprise GRC Process. ERPScan decreased the TCO by 80 percent by automating security administration routines within six months, and reduced the number of critical issues 10 times.

Moving forward, ERPScan is planning to develop a new module. The product will provide advanced threat detection based on information from different SAP log files. “The customers will have real-time information about malicious activities in SAP Systems,” concludes Polyakov.


Palo Alto, CA

Alexander Polyakov, CTO and Co-Founder

Provides Business Application Security solutions and Services. Leading SAP SE partner in discovering and resolving security vulnerabilities.

Whitepapers of ERPScan