SAP Security Intelligence

The Challenge

The average SAP user only utilizes 7% of his or her authorizations. Risky activities often go unnoticed, despite the best efforts of the SAP security team. The SAP security strategy remains at the theoretical level of SAP roles, authorization profiles, and Segregation of Duty (SoD) tools.

How does a team get insight into what access users actually need? How do they get notified of in-progress, risky activities?

The problem is that SAP Security teams don’t have a tool to address these questions and challenges.

Smarter SAP Security: Profile Tailor Dynamics

With it’s partner Xpandion, Adventier is excited to offer companies a solution for efficient, easy SAP security management.

Profile Tailor Dynamics helps SAP security teams be more dynamic, more proactive and more productive. The tool performs real-time analysis of the SAP system, discovering the risky activities that are being performed, as well as under-utilized SAP roles.

Deep analytics allows the tool to determine what user activities are normal and which ones are not. Authorization profiles can be slimmed down to include only business-critical, utilized authorizations – the tool will even automatically design and deliver an SAP security role based on actual usage. And when a risky, unusual action takes place in SAP, the SAP Security team will get an alert.

If there is a security breach, there will be a detailed audit trail waiting for the SAP Security team. They will know within minutes exactly what the intruder did during the breach.

Profile Tailor Dynamics: Key Features

  • Real-time authorization usage transparency
  • Monitors user behavior
  • Continuous monitoring and alerts about unusual or unacceptable activity and sensitive transaction execution, including risk severity level
  • Continuous monitoring and alerts regarding Segregation of Duties (SoD) policy violations
  • Automatic SAP audit trail
  • Elimination of redundant authorizations
  • Optimization of SAP licenses
  • Reduced SoD/SOX authorization project costs
  • Intuitive, browser-based interfaces for SAP novices and SAP Security Experts

Advanced Behavior Monitoring

Profile Tailor Dynamic monitors each user’s activities in the SAP system. Over time, it is able to construct an authorization profile of the user – the normal activities the user performs over the course of the day. This includes what transactions the user runs, what time the user is normally in the system, and which computer the user normally uses.

The Advanced Behavior Monitoring allows Profile Dynamics to construct a profile of normal behavior of every user in the SAP system. Armed with this knowledge, the tool patrols the SAP system, noting all unusual activities. When an unusual, risky activity takes place, an alert is sent to the SAP Security team.

In addition, all alerts are completely configurable. When to issue an alert can be configured (i.e., don’t send alerts for unusual, low-risk activities), as well as which individuals receives the security alert.

Automated Role Design

Knowing what users normally do in the system is powerful. With the data from the Advanced Behavior Monitoring, Profile Tailor can construct a dynamic authorization profile for users and user groups based on actual usage. For instance, assume that over the past 6 months, it has been shown that warehouse employee only run 5 transactions and utilize 15 authorization objects to do their job. With Profile Tailor Dynamics, SAP Security teams can be confident that they are assigning lean, effective roles for users.

The tool goes one step further. It designs SAP Security roles based on actual user behavior. The role is dynamically generated inside of Profile Tailor and SAP Security Analysts are able to simply import the role into SAP. In our experience, the Dynamics-designed role works both as a final product and as a starting point.

Lean roles help the business control the costs of their SAP systems both by optimizing SAP licenses and by reducing the risk of accumulated authorizations. Learn more about LicenseAuditor, a tool built specifically for optimizing SAP licenses.

No Expertise Required

Learn more about a tool designed specifically for SAP License Optimization.
The SAP Security Intelligence tool requires no special knowledge of SAP. The tool is browser-based, and it’s exceptionally easy to install and operate. The application is external to SAP, and requires no changes to the SAP system. 

SAP Security Intelligence: Conclusion

In-depth, real-time analysis of the security of their SAP systems helps companies reduce the time, cost, and risk of using SAP.

By providing real-time risk alerts, dynamic authorization profiles, and removing users’ unused authorizations, Profile Tailor Dynamic delivers true clarity into SAP Security, enabling security to be more dynamic, proactive and productive.

For more information, please contact us or visit our resource library.

SAP is a registered trademark of SAP AG in Germany and in several other countries.