Transcript
Absolutely. Thank you, Alex. So yeah, to begin with, hey, like, we're going to be covering security for BTP multiple different services the architecture and strategies to push security forward but let's start with understanding why is security important, especially in the concept in the context of cloud and BTP services. And I wanted to start with a couple of examples. For those of you who are more familiar with the concept of SAP nodes, or more specifically SAP security nodes. Those are the nodes that customers need to consume address, take care of, but specifically focused on components around BTP or cloud applications. And we're going to be talking about these throughout the different slides and different sections of this presentation but it's important to understand that even though organizations are going down the path of embracing cloud going to cloud consuming cloud services. Security is something that we need to address, and it's our data. Hence, it's our responsibility and we ultimately responsible for securing this. In this case, we are seeing a couple of SAP security nodes, addressing security issues in different services and different parts of BTP. And with the corresponding CVSS, the criticality as you can see these are very critical, and the CVEs, so the specific vulnerabilities that were being addressed by these security nodes. So, even if we are in the cloud, SAP security nodes can be applicable in some cases. So we should be taking care of as well. Going down the path of understanding why, I think it's important to go back to research that we released together with Flashpoint a couple of months ago, and this research was focused on understanding what's been the evolution of the threat landscape, specifically focused on SAP applications for the past five years. For the past four years. And in this research, we highlighted, or we uncovered a 400% increase in ransomware incidents involving SAP data, SAP applications, 490% increase on criminal conversations, talking about SAP vulnerabilities and SAP exploits. A 220% increase in discussions involving URLs that match specifically to SAP technology. A 400% increase on the price of publicly available, sorry, of exploits. Actually, these are not publicly available, these are exploits for sale. Specifically focused on SAP applications, remote command execution exploits. So these are four indicators that highlight the evolution from 2020 to 2023, including the end of 2023, covering data points that are coming from basically threat intentions, right? Open, deep and dark web, cyber criminal forums, paste sites, code sites, blogs, different sites which are used by threat actors to exchange information, communicate, release exploits, release code, different things. So all of that gets condensed into a platform and we use the Flashpoint Intel to be able to identify these data points. So all in all, I encourage you to go into this research to see more information and more details, but the threat landscape for SAP applications is increasing and this also involves applications that are running in the cloud, right? This is not just limited to on-premise installations. Next slide, please. And if we want to take a look at who is behind this or who are the threat actors that are actively targeting these applications, well, there's a little bit of everything. When we look at the spectrum of threat actors targeting SAP business applications, we have all the way from very sophisticated, well-resourced APTs, state-sponsored actors, all the way to less sophisticated, less resourced script kiddies, for example, right? They go and exploit vulnerabilities in the background as well. And in between, we have financially motivated actors like FIAT 7 or FIAT 13 that profit out of compromising these applications or Cobalt Spider, which is also another actor that is known to target these applications. What do they do? Well, they exploit SAP vulnerabilities, they exploit its payment systems, exfiltrating financial statements, or even performing financial fraud. But all of these are mechanisms that these threat actors have found to be able to monetize on compromising SAP applications.
