Deep Security for SAP

solution brief
Trend Micro
DEEP SECURITY FOR SAP® SYSTEMS
PROTECTING SAP® SYSTEMS
COMMITTED TO SECURITY
Information security is a top priority for SAP, and the company strives to continuously improve
security through native enhancements and third-party solutions. Together with SAP partners
and companies with SAP-certified integration such as Trend Micro, SAP delivers secure
enterprise solutions that are better able to defend against malware, denial-of-service attacks,
cross-site scripting, and other advanced and targeted attacks.
TREND MICRO DEEP SECURITY FOR SAP SYSTEMS
Trend Micro Deep Security for SAP systems provides advanced server security for physical,
virtual, and cloud servers. Capabilities include:
•• Anti-malware with web reputation. Get timely protection against the constant malware
attacks on your systems and data. Powered by the Trend Micro™ Smart Protection
Network™, Deep Security deployments leverage the latest in global threat intelligence.
•• Intrusion detection and prevention. Shield unpatched vulnerabilities like Shellshock and
Heartbleed from attack with security policies that update automatically to ensure the right
protection is applied to the right cloud servers at the right time.
Page 1 of 3 • solution brief • TREND MICRO DEEP SECURITY FOR SAP® SYSTEMS
”
It’s absolutely critical to safeguard the highly sensitive financial, HR, customer, and supply-chain
data stored in SAP systems. With businesses commonly accessing these systems via the web,
attackers can more readily target and exploit vulnerabilities in operating systems, web servers,
and the actual business applications. With Internet threats and targeted attacks constantly
growing in number and complexity, it can seem tough to keep your valuable data safe. In
addition, the transformation of the data center by virtualization and cloud computing has
brought a need for security built for these environments that will not impact performance
or introduce security gaps.
With Deep Security, we
can offer our customers
the best possible
solution to protect their
infrastructures, including
specific rules for SAP
and similar systems,
while also incorporating
SAP VSI 2.0 functionality.
Markus Stretz
Managing Director, Q-Partners
”
attacks and limit communication to only the ports and protocols necessary, with the ability
to log and audit traffic for compliance reporting at the instance level.
•• Integrity monitoring. Meet your compliance file and system monitoring requirements
while ensuring unauthorized or out-of-policy changes—across files, ports, registries, and
more—are detected and reported.
•• Log inspection. Use the centralized security console to identify important security events
buried in multiple log entries; and, forward suspicious events to SIEM system or centralized
logging server for correlation, reporting, and archiving.
•• SAP database and MIME repository protection. Protect your SAP assets from cross-site
scripting and malware attacks with the Deep Security for SAP module.
Deep Security also helps simplify security operations while enabling regulatory compliance
with PCI DSS 2.0, HIPAA, FISMA/NIST, NERC, and SSAE-16, and accelerates the ROI of
virtualization and cloud projects.
SAP customers also benefit from Deep Security’s seamless integration with Amazon Web
Services (AWS), VMware, Microsoft Azure, and other leading cloud and virtualization providers
to automate cloud deployment and virtualized systems without compromising performance.
SAP CERTIFIED—INTEGRATION WITH SAP NETWEAVER™
Trend Micro is proud to have achieved SAP-certified integration with the SAP NetWeaver
platform. It protects SAP deployments, helping to secure critical information from a wide
variety of threats such as malware, cross-site scripting, and SQL injection.
Page 2 of 3 • solution brief • TREND MICRO DEEP SECURITY FOR SAP® SYSTEMS
”
•• Advanced host firewall. Create a firewall perimeter around each cloud server to block
We made the right
choice with Deep
Security and benefit
in many ways.
Urs Villa
”
Sourcing Manager, upc cablecom
HOW IT WORKS
Currently supported platforms:
1. SAP customer environments are secured through the SAP Virus Scan Interface (VSI), the
security component of the SAP NetWeaver platform. The VSI is used to secure all forms of
customer content including documents, embedded images, and active content including
javascript and scripts in PDF and Office documents. Deep Security for SAP systems works
seamlessly with SAP NetWeaver technology and the SAP HANA® platform.
•• SUSE Enterprise Linux 11 Service Pack1,
64-bit
•• SUSE Linux Enterprise Server for SAP
applications, 64-bit
•• Red Hat Enterprise Linux 6.3, 64-bit
2. Deep Security for SAP systems scans the content uploaded to the SAP NetWeaver
technology platform to determine its true type and reports this to SAP systems via the
NetWeaver VSI interface. Content scanning protects against possible malicious script
content that might be embedded or disguised inside documents.
3. S
AP administrators can then set policy according to which actual document types should
be allowed.
The Deep Security SAP module is part of the RedHat Enterprise Linux and SUSE
Enterprise Linux builds and can now be licensed directly through Deep Security Manager.
Trend Micro
Smart
Protection
Network
1
SAP VirusScan
Interface
2
Trend Micro
Deep Security
for SAP
Systems
SAP NetWeaver
SAP USER
CONTENT
• Documents
• Emails
• Embedded images
• Active content
3
SAP ADMIN
©2015 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and
Smart Protection Network are trademarks or registered trademarks of Trend Micro Incorporated. All
other company and/or product names may be trademarks or registered trademarks of their owners.
Information contained in this document is subject to change without notice.
[SB01_DS_for_SAP_150720US]
Page 3 of 3 • solution brief • TREND MICRO DEEP SECURITY FOR SAP® SYSTEMS