The Blindspot No One is Talking About…But Hackers Are Targeting

This is a guest post contributed by Darren Gaeta, Vice President of Worldwide Alliances and Channels, Onapsis.

Security is a chess game. The power to predict an opponent's next move is invaluable. To know your opponent’s strategy requires insight and intelligence.

Cyber-security teams work endlessly to protect their business with firewalls, endpoint security, network security and more, just as a chess player works to protect their King. However, the protection is useless if an attacker makes their way to the core of your business. Business Critical Applications are where the crown jewels that run your organization’s core business processes — from ERP, CRM and SCM to financial management, human resources management and order management — reside. 

Case in point — this past April, new exploits targeting a leading ERP platform were released by two security researchers at a cybersecurity event in Dubai. The exploits, named 10KBLAZE, can be leveraged to abuse a critical configuration issue in ERP installations. If not corrected as recommended, this could lead to a full system compromise by attackers, without even requiring a valid user ID and password. The availability of 10KBLAZE prompted the US Department of Homeland Security to issue an official US-CERT Alert US-CERT (Alert AA19-122A). This alert was the 3rd such alert issued by DHS and references research by Digital Shadows that reports threats and cyber-criminal activity specific to ERP systems has risen more than 100% on the dark web since 2016.

More recently, a survey of 430 IT executives conducted by IDC found that 64% of ERP systems have been breached in the last 24 months. Among those who have experienced a breach, the most commonly compromised information includes sales data (50 percent), HR data (45 percent), customer personally identifiable information (41 percent), intellectual property (36 percent), and financial data (34 percent).

Additional findings of the sponsored survey include:

  • 78% of respondents report that ERP application users are audited every 90 days or more.
  • 74% of SAP and Oracle EBS applications are connected to the Internet.
  • 64% of respondents believe each hour of downtime would cost their organizations more than $50,000 in lost revenue.
  • 56% of C-level executives are concerned or very concerned about moving ERP applications to the cloud.

Despite the critical nature of ERP platforms, security is often not part of a SOC team’s responsibilities, but rather that of the IT and application team responsible for its performance and maintenance. An attack on your ERP platform is game over. This need is becoming even more urgent with the US Department of Homeland Security releasing its third US-CERT alert warning organizations of the rise in attacks targeting these systems. That’s why it’s essential to have visibility and monitoring so you can protect these vital applications and the business while having your colleagues’ back. 

Onapsis and Splunk have been collaborating for years on projects such as Onapsis Security Platform for SAP, a certified solution for Splunk Enterprise. Like Splunk, Onapsis has been a security partner of leading ERP vendors, helping a wide range of customers — from Fortune 500 manufacturers to international leaders in e-commerce — identify and respond to threats targeted at their business-critical application platforms. One joint customer of ours sees this as a great opportunity to gain visibility and round out their SOC.

This integration provides the industry’s most comprehensive solution for continuous monitoring of ERP installations. The services offering will help customers customize and prioritize ERP vulnerability and misconfiguration data in their Splunk dashboard to give actionable information and results. Threats chatter on the dark web regarding ERP has gone up 100% in the last two years. We know the business-crippling damage an exploit such as 10KBLAZE can cause to ERP systems if it isn’t stopped in its tracks by state-of-the-art security.

The integration works to enhance the security of ERP systems to provide insightful views of key considerations for refining their cybersecurity strategies.

Here are just a few of the benefits this integration delivers to our joint customers:

  • Continuous monitoring of ERP systems
  • A centralized repository of security information in Splunk for fast assessment and remediation of issues
  • Increased operational intelligence to quickly identify vulnerabilities in ERP systems

Want to see the OSP integration with Splunk in action? Visit Onapsis in booth #141 at Splunk .conf19 in Las Vegas, Oct. 21-24. 

Posted by