SAP Cybersecurity by NO MONKEY

SAP systems are moving from execution to decision making. Today, AI agents aren't just advising, they're acting autonomously in business processes. In this episode, Waseem sits down with José Marquez to tackle the question most organizations aren't asking: When AI agents make decisions in your SAP environment, who carries the responsibility?

Over 90% of the global top 1000 companies run critical business processes on SAP. Yet security remains a blind spot for most organizations. Joris van de Vis has spent two decades finding vulnerabilities in SAP systems. Close to 150 zero-day discoveries, all responsibly disclosed. In this episode, he breaks down why the obscurity that used to protect SAP systems doesn't work anymore. Open source tools like Metasploit, PySAP, and Hashcat have leveled the playing field. The impact when SAP gets breached? Joris points to Jaguar Land Rover. Billions in losses, nearly triggered bankruptcy. The alleged cause? An unpatched SAP vulnerability. He shares the patterns he sees during penetration tests. Insecure configurations from legacy installations. Missing patches. SAP* users in RFC connections from 20 years ago enabling lateral movement into production. His newest project? Sapology, an open source scanner for SAP systems. His advice? Assume breach. Monitor now. Detect early. Respond fast. Because the question isn't if you'll be breached. It's when.

In this conversation, Christoph Nagy discusses the complexities and challenges of SAP Cyber Risk, emphasizing the importance of continuous security and the need for organizations to bridge the gap between technical teams and C-level executives. He highlights the evolution of SAP security practices, the role of audits, and the necessity of proactive measures in cybersecurity. Christoph also addresses the future of SAP security in the context of AI and cloud technology, urging organizations to take action rather than wait for perfection.

In this episode of SAP Cybersecurity, host Waseem Ajrab engages with Maxim Deweerdt, a seasoned expert in cyber defense and SOC operations. They discuss the complexities of SAP security, the importance of an offensive mindset in building effective SOCs, and the challenges faced in detection and response activities. Maxim shares insights on how to bridge the gap between SAP experts and SOC analysts, emphasizing the need for proactive strategies and clear communication. The conversation also touches on the significance of compliance versus security in SOC operations and the evolving landscape of SAP security.

In this episode of SAP Cybersecurity, host Waseem Ajrab and guest Julian Petersohn delve into the complexities of SAP security, particularly focusing on the SAP Business Technology Platform (BTP). They discuss the shift from on-premise to cloud environments, the implications for security, and the various attack vectors that arise in this new landscape. The conversation emphasizes the importance of understanding shared responsibilities in cloud security, the significance of proper configuration, and the need for continuous monitoring. They also explore specific attack vectors related to Cloud Foundry and Kyma, and provide actionable recommendations for organizations to enhance their security posture in the BTP environment.

500,000 SAP customers. 300 million users. One massive security blind spot. In this first episode, Waseem Ajrab and Jochen Fischer break down why SAP security matters, how the three lines of defense work, and why "hope is not a strategy." Learn NO MONKEY's People → Process → Technology approach to making SAP cybersecurity actionable—not overwhelming. Key topics: SAP ecosystem, business impact, collaborative security.