Instead, they only focus on endpoints, databases, operating systems, and networks.
During one of my security assessment projects, I discovered SAP for the first time.
I quickly learned that there was almost no information on SAP security and vulnerabilities.
I then shocked management by being able to break into the SAP system in less than 15 minutes!
You are also the president of an organization called EAS-SEC what exactly is that?
The EAS-SEC is the Enterprise app Security Project.
As I mentioned, I was extremely shocked that such a large, critical system was so vulnerable.
Traditional vulnerability tools do not really address applications they focus on databases, operating systems, and networks.
However, the final goal of attackers, and what theyreallywant, is access to the actual data.
Getting into endpoints, networks and databases is only a means to the end.
We decided to focus on, and protect, the most critical asset the data itself.
We translate SAP events into language that the security staff understands.
Our process starts with scanning, monitoring, and generating baseline reports.
The step beyond that is that we provide more analytics and trends analysis.
If an enterprise has multiple SAP systems installed, we map out how they are connected.
Finally, we give a shot to automate the process of remediation.
We currently offer the option of automatic correction of vulnerabilities in source code by generating the necessary code.
What are three primary security issues you look for in SAP?
When and why do organizations generally hire you for those services?
Our services offerings are a little different from our products.
These service engagements make up about 15% of our revenues today.
These engagements are usually our first encounter with new customers.
They want to secure their SAP deployment, but are not really sure of their vulnerability.
We also offer professional services to help support and manage various processes around our actual product.
Usually larger companies and installations choose to take advantage of those services.
The other parameter is that they have an installation of SAP or PeopleSoft (sometimes both).
How many active customers do you have today?
Where are they mainly located?
We currently have about 130 customers, mostly large enterprises.
In terms of location:
How would you describe your current typical customer?
The most popular industries for us currently are:
Who are some of your biggest customers?
Do you see a trend of more software-specific security products in the coming years?
What are some of the other trends or changes you see coming in the cyber-security market?
The obvious trend is that most companies are trying to detect attacks on their systems.
Instead, they choose to just react to the attacks.
Of course, this is not the best solution!
Once you are attacked, you are already a victim.
What are your future plans for ERPScan?
Our top three short-term goals for ERPScan are:
How many employees do you have today?
Where are they located?
We have 55-60 employees today.
We also have sales and marketing teams in Copenhagen, and Sydney.
How many hours a day do you normally work?
What do you like to do when you are not working?
During the initial stages of the company, I dedicated myself to working arduous 14-hour days.
just, comment on how to improve this article.
