What is a SIEM System? How Can it Support the Functioning of the SAP System?
- SAP
Today, companies are growing faster than ever thanks to IT. Servers, networks, operating systems, databases, etc. While it's possible, it's hard to imagine an enterprise without the support of devices and software. And just as in the past paper documents were physically protected from destruction, prying eyes, so today we are backing up and introducing methods of access and authentication to digital data. There are many such places with data, they are scattered, different from each other, access to them is done in different ways.
How does SIEM relate to the above?
Very.
What is SIEM and is it worth having?
SIEM - Security Information and Event Management, an IT area concerning computer security. SIEM systems enable analysis, alerting, real-time reporting of events based on the data provided to it. Very often it doesn't matter anymore, whether it be data in the form of an operating system log, a security audit log, sensor data, in a word: form and content.
So is it worth having a SIEM-class system? The answer comes to mind. A centralized security site for hardware, network, system infrastructure and correlating events from them saves time, resources, money. SIEM systems may not be cheap and implementation may not be trivial either, but the benefits of well-functioning systems of this class surprise you with the return on costs that would have to be incurred with traditional distributed management of IT structures.
How do SAP systems compare to SIEM systems?
The question arises - how to bridge the gap of knowledge and data that would come from the SAP application layer? As already mentioned, the log of the operating system, database, router, etc. can quite easily be redirected to the SIEM, as it is already designed for this. But what about SAP?
There are already tools (add-ons) for SAP systems. New ones will be created or are being created. One that exists, is being developed, and its developers have been gathering valuable experience for years is SAST Security Radar (SSR). SSR centralizes events arising in the SAP system on two levels:
-
- It accumulates data from various sources within an SAP system, whether it will consist of one or multiple instances; it can act as a central warehouse for multiple instances within multiple SAP systems.
- In addition, the data we want is collected (predefined) and pre-filtered, which means that what ultimately goes into the SIEM is already relatively clean and data processing in the SIEM is easier, which is conducive to the configuration of the SIEM itself.
Alone SSR integration with SIEM is easy and does not take much time (Even less than a day!). It's a matter of opening up network traffic and using the available native software tools on which the SAP system resides. What, for example, can be monitored using SSR? That's what you'll learn in the next section.
We also encourage you to keep an eye out for our next posts, which will appear on our blog soon.