Understand And Reduce The Sap Attack Surface

            By Christoph Nagy, CEO & Co-Founder, SecurityBridge



            Knowing the attack surface in today’s world is very important to reduce the risk of exploitation of the so-
            called unknown-unknown. Zero days are vulnerabilities that have not been patched and are also not
            widely known. Organizations need to assume that any application, also the enterprise-critical solutions
            from SAP, contains a severe vulnerability that can’t be patched since no patch is available. Waiting for
            the moment the vulnerability gets published and patched by the software vendor may not be a safe bet,
            since threat actors may already know and exploit the open loophole.

            Security firms interact with partners and customers to understand their risk appetite and to engender a
            solution to mitigate the unacceptable risks. One of the first questions is the following: Do you know your
            attack surface?



            What is the attack surface?

            The attack surface is the sum of all possible entry points, or attack vectors, where an unauthorized
            attacker can access a system or application to e.g. extract data or manipulate sensitive information. The
            smaller the attack surface, the easier it is to protect.









            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         136
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.