Page 136 - Cyber Defense eMagazine December 2022 Edition
P. 136
Understand And Reduce The Sap Attack Surface
By Christoph Nagy, CEO & Co-Founder, SecurityBridge
Knowing the attack surface in today’s world is very important to reduce the risk of exploitation of the so-
called unknown-unknown. Zero days are vulnerabilities that have not been patched and are also not
widely known. Organizations need to assume that any application, also the enterprise-critical solutions
from SAP, contains a severe vulnerability that can’t be patched since no patch is available. Waiting for
the moment the vulnerability gets published and patched by the software vendor may not be a safe bet,
since threat actors may already know and exploit the open loophole.
Security firms interact with partners and customers to understand their risk appetite and to engender a
solution to mitigate the unacceptable risks. One of the first questions is the following: Do you know your
attack surface?
What is the attack surface?
The attack surface is the sum of all possible entry points, or attack vectors, where an unauthorized
attacker can access a system or application to e.g. extract data or manipulate sensitive information. The
smaller the attack surface, the easier it is to protect.
Cyber Defense eMagazine – December 2022 Edition 136
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.