Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Newly Discovered Vulnerability Threatens SAP Users
Dubbed “RECON,” the vulnerability affects an application that is installed by default on all NetWeaver Java installations. Onapsis estimates that 40,000 organizations may be affected by this vulnerability and that more than 2,500 instances are likely to be Internet facing. Not all SAP products are affected but given that NetWeaver is a common layer, several SAP products will be. Since one of the products affected, SAP Solution Manager (SolMan), is a product used by almost every SAP customer it is probable that nearly ALL SAP customers are affected by this vulnerability.
Technical details are still not public, but since no authentication is required for exploitation of this vulnerability it is possible for attackers who can reach the vulnerable web server from the internet to completely take over the SAP installation and create new users with the highest privilege levels. This level of access would allow attackers to read and modify any of the records or user data stored within the system and perform countless tasks within the platform. Attackers may also attempt to use their access to the compromised SAP host to attack other systems on the internal network. Examples of possible impacts:
SAP has released a fix in the July 2020 security notes #2934135. The new version of the application solves the issue by adding authentication and authorization. Other workarounds include manually adding authentication to the vulnerable application and disabling the application.
As companies look beyond this current vulnerability, this will highlight the need to focus on ERP systems in a robust security program. The partnership of Optiv Threat Management and Onapsis is uniquely positioned to bring product and services together to provide robust ERP security solutions. These systems, due to their criticality and the complexity of the deployment, are often taken out of scope for penetration tests. An ERP outage can be one of the costliest that an organization can face. However, cyber risk analysis places these environments as some of the most critical.
Through proper planning, a robust security program around ERP deployments can be developed. That plan requires:
The next few weeks will be complex for SAP customers as the impacts of this release become more apparent, but this issue can and will be resolved quickly by a majority of organizations through the patches and/or workarounds that have been released. Longer term, however, this serves as a reminder that ERP solutions are a long-avoided security attack surface and critical threat landscape.
Learn more about the RECON Vulnerability:
May 28, 2020
Risk-Based Vulnerability Management reduces risk more efficiently and meaningfully than legacy vulnerability management programs.
April 02, 2020
The key to WFH is to understand and proactively address the inherent attack surface risk.
December 19, 2019
The need for intelligence-driven operations resulted in Optiv’s Global Threat Intelligence Center (gTIC). In 2020, our intelligence operations will....
Let us know what you need, and we will have an Optiv professional contact you shortly.