May 30, 2019
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-erp-security/)
For most organizations, their ERP solution holds its crown jewels. Should custom and complex applications that trade such vital customer and corporate data be secured any differently?
Check out this post and discussion for the basis of our
conversation on this week’s episode co-hosted by me, David
Spark (@dspark), the
creator of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
guest for this episode is
Branden
Newman, CISO, adidas, brought
to us by our sponsor, SecurityBridge.
Thanks to this week’s podcast sponsor, SecurityBridge
Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.
On this episode of Defense in Depth, you'll learn:
- The volume of log files are so overwhelming from an ERP system that most security groups just turn them off.
- The reason you want an ERP-specific security solution is that they handle a lot of the log management and customization for you. You'll still need to do plenty of customization on your part, but these tools take away a lot of the heavy lifting.
- Make sure you're on a first-name basis with all the key people whose departments are in the ERP system. You're going to need their support and knowledge to build out the effective ERP solution matrix.
- If you have ERP or SAP installed, move an ERP-specific security solution to the front of your security maturity program.