The client is a leading pharmaceutical company. They wanted to identify security gaps in SAP applications as they were only focusing on Segregation of Duties (SoD) compliance, and there were no mechanisms in place to identify configuration-level defects or missing patches.
Infosys helped by implementing the Onapsis platform, improving the vulnerability management processes, and providing operational support.
Key Challenges
- Lack of security controls to protect SAP application landscape
- Patches were not applied regularly
- No real-time vulnerability and compliance monitoring for SAP systems
- No mechanism to validate the transport requests
- Compliance/audit checks were done manually leading to high costs
The Solution
Real-time vulnerability and compliance monitoring
- End-to-end implementation of the Onapsis platform to protect SAP landscape from cyber threats
- Integrated Onapsis with the Splunk SIEM for alerts prioritization and tuning to minimize false alarms
- Provided operational support and continuous improvements of the Onapsis platform
- Aligned SAP vulnerability monitoring process with existing SOC to improve the overall governance process
- Prioritized vulnerabilities to be remediated based on asset criticality and severity
Benefits
Proactive investigation and remediation of vulnerabilities
Improved compliance (SOX, GDPR, PCI Custom Security) level of systems at lower costs/efforts with automation
Achieved faster remediation of vulnerabilities by providing persona-based vulnerability management reports
Tracked the vulnerabilities to closure and provided remediation consultation
85% critical and high severity vulnerabilities remediated within six months of steady state
Gained 100% visibility of security patch and notes implementation
Early identification of defects and unauthorized export of confidential data by implementing transport profiler and integrating it with TMS (Transport Management System)
