Sponsored Content, January/February 2019
A proven market leader in cybersecurity, Onapsis offers solutions to automate the monitoring and protection of enterprise resource planning (ERP) systems, keeping these businesscritical applications compliant and safe from insider and outsider threats. Global enterprises trust Onapsis to protect the essential information and processes that run their businesses.
Experts at the Onapsis Research Labs are instrumental in helping popular ERP solution providers such as Oracle uncover and address security vulnerabilities. Their patented technology is well known industrywide and has gained Onapsis recognition on the Deloitte Technology Fast-500, as a Red Herring North America Top 100 company, and as a SINET 16 Innovator.
Q: We’re seeing constant evolution in the threat landscape, from hacktivist groups to nationstate sponsored actors. New entities are increasingly targeting internal ERP applications. What is the Onapsis strategy to combatting these new threats?
A: Although the business benefits provided by ERP solutions such as Oracle E-Business Suite are immense, the complexity of supporting and securing these sophisticated solutions can be an issue. Everything we do here at Onapsis is about the process of security. No one team, tool, technique, or vendor is going to secure you. Security is only created by you, your teams, and your people following processes—and often using tools. What we do here at Onapsis is think about those processes and consider how we can make people work smarter, add value, and create solutions.
Q: How does Onapsis work with ERP leaders like Oracle to put this strategy into motion?
A: Our relationship with Oracle and other industry leaders is based on a productive, ongoing dialogue. Oracle offers a variety of tools to help clients build stronger security processes, such as the Oracle Advanced Security option, Oracle Database Vault, and Oracle Audit Vault and Database Firewall. All of these products are excellent tools and work superbly with ERP platforms such as SAP, PeopleSoft, and Oracle E-Business Suite. We do our best to make clients aware of them and how Onapsis complements them to strengthen overall security.
Our research organization maintains close communication with Oracle. For example, Oracle’s April 2018 Critical Patch Update included 254 security patches— 176 of which were reported by Onapsis after discovery in our research labs. ERP applications are complex, and our objective is to offer clients a security and compliance solution, so they can operate their environments with more security and sleep easier at night.
Q: How do Onapsis solutions build on the capabilities that Oracle’s own tools deliver?
A: Onapsis complements Oracle’s robust security tools with a platform that acts as a lens by and for security and risk professionals, as well as technologists, to deliver a centralized view and provide the insights they need to get their teams working together harmoniously. For ERP systems, we simplify some of the technical data, while at the same time pulling back to provide the level of granularity for those people who need it.
Your company’s crown jewels sit in the Oracle database, which can be exploited through ERP application vulnerabilities. Onapsis gives you visibility into those applications, identifies the vulnerabilities, and helps you mitigate the risks to keep your company’s most critical assets secure.”–Michael Miller, Senior Security Architect, Onapsis
Q: Organizations have access to many security tools that examine their ERP databases. What makes the Onapsis solution and approach different?
A: The Onapsis platform is more than just a scanner that looks only at the database. Our focus is very much on the applications. It’s the blind spots in the application layer that the traditional security tools aren’t really identifying. We find those blind spots, running scheduled scans and automating that process, to uncover vulnerabilities and provide recommendations on what to do. We are looking to provide a holistic sense of risks involved in operating an ERP platform such as Oracle E-Business Suite.
We are giving clients complete visibility into how their ERP applications are secured. Your company’s crown jewels sit in the Oracle database, which can be exploited through ERP application vulnerabilities. Onapsis gives you visibility into those applications, identifies the vulnerabilities, and helps you mitigate the risks to keep your company’s most critical assets secure.
Q: Uptime is especially critical for ERP applications that support an organization’s most essential business processes. How do you help organizations prioritize their security choices?
A: We triage the risk and present information so that it can be applied directly to decisionmaking. Every organization has limited time and resources, and they need to understand how to best spend their next dollar, or their team’s next hour. They’re thinking about whether they need to apply a particular set of patches, or work through configuration changes and test those for safe operation. Onapsis provides automation to help them avoid the need to manually examine all their security configuration variables and free up resources for more strategic tasks.
Q: Given the tremendous scale and complexity of many Oracle E-Business Suite environments, what strategic steps would you recommend to help an organization move forward in terms of security strategy?
A: There are four security strategies I recommend for organizations wanting to establish their own process of security.
Q: How can readers get a better sense of where they are today, to understand the best ways to enhance their security processes?
A: Onapsis offers a Business Risk Illustration, which is essentially a security compliance assessment for ERP platforms such as Oracle E-Business Suite. We look closely at a client’s security checks, running our Onapsis Security Platform within their environment. For example, with Onapsis Security Platform for Oracle E-Business Suite, we might focus on their development, testing, or QA environments. It takes 30 minutes to install, it’s noninvasive to the Oracle E-Business Suite environment, and it produces a detailed summary report of all existing vulnerabilities.
For more information, visit www.onapsis.com/solutions
Sponsored Content as Seen in Oracle Magazine January/February 2019
Photography by Shutterstock