SAP Case Study

SAP Doubles Vulnerability Management Team Productivity, Reducing More Risk Across the Business

Solutions:

  • Risk-Based Vulnerability Management
  • Continuous Threat Exposure
  • Management Vulnerability
  • Management Automation
A Person Carrying a Tablet With The Text "SAP"

Annual Revenue

$35 Billion

Industry

Technology, Software

Results of creating the risk operation center with Brinqa

Growth Graph Line Icon

2 to 3X

Increase in Vulnerability Management Team Productivity

Security Report Line Icon

75% Faster

Response to security audits & incidents

Horizontal Line Icon

Consolidated View

With Insights From Multiple Scanners & Feeds

In order to keep up with a growing business, increasing security audits and escalating risks, SAP needed to modernize Risk ManagementIn order to meet Audit, Risk Management, CyberSec Insurance and Compliance needs, SAP needed to know where their exposures and vulnerabilities were.

 

The rapidly evolving threat landscape, an exponential increase in IT assets, the added demands of audits to maintain documentation, the need to accommodate different workflows from different operations team and to create different security tickets for them to handle the vulnerabilities. Using different tools and systems to track and analyze the vulnerabilities.

 

Different reporting ways/ format across multiple platforms. Information security audits (InfoSec audits) are becoming more important for organizations due to a number of factors, including:

  • Regulatory requirements
  • Cyber threats
  • Stakeholder confidence
  • Cybersecurity Insurance

SAP needed to be able to translate technology risk into business risk, understand the biggest risks or threats to the business, and hold others accountable for remediating them. From the team’s perspective, they needed to do more with less, unlocking more value from existing tools and increasing productivity of the team so that they could respond to escalating audit requirements quickly and onboard more tools to improve vulnerability and risk management.

 

SAP wanted a single platform and pane of glass where they could aggregate and prioritize vulnerabilities and exposures across the business. They needed to have this inventory of assets and relationships to the business at their fingertips to addressing increasingly frequent security compliance audits and to speed MTTR incidents. This was also needed for executive and board reporting. And excel automation, queries, and power BI was not cutting it.

Top 3 Security Challenges

  1. Focus remediation efforts on the vulnerabilities and findings that pose the biggest risk to the business
  2. Maintain a live, detailed picture of assets, including ownership, to hold business and technical teams accountable for risk reduction
  3. More effective collaboration using a team approach to risk reduction across business leaders, technical teams and security

Vulnerability Management Goals

  • Respond faster to security audits – Reduce manual, error-prone, time consuming spreadsheet-based VM tracking & reporting
  • Better situational awareness – moving from Inefficient, Neverending Backlog to
  • Do More With Less, More Value from Security Investments – 2X to 3X Team Productivity
Vulnerability Management Goals

SAP IT Environment

SAP’s security operations team is responsible for protecting a large, heterogeneous IT ecosystem with thousands of hyperscaler accounts and close to 70,000 running systems excluding containers. They maintain a tech stack that includes multiple vulnerability scanners, threat intelligence feeds, ticketing systems, and dozens of other intelligence and management tools to manage their on premises and cloud environments.

 

As businesses like SAP and leaders like Toka increasingly see technology risk as a business risk, infosec teams are being audited more frequently and asked to provide the visibility to report on technology exposures and vulnerability with business context. Toka new his team would need to leverage new processes and automation to keep up with increasing demands and scale of the SAP IT ecosystem. An aggregation and management platform was needed to unlock insights and track remediation from the data locked in these diverse tool sets to provide a unified view of exposures, vulnerabilities and issues that need to be remediated.

Brinqa’s Impact

The top reasons for selecting Brinqa included its out-of-the-box (OOB) connectors, flexible dashboard/reporting customization, powerful data integration capabilities, elimination of CSV dependencies, and auto-creation of tickets. The integration and automation capabilities of Brinqa were big “aha” moments for SAP, justifying their purchase by the accuracy and promptness of management queries, ease of tracking vulnerabilities, and the significant reduction in hours spent on reporting and documentation.

 

With Brinqa, SAP has effectively tracked vulnerabilities across multiple product lines and established more intuitive views for generating and documenting reports. When it comes to understanding technology and business risk at SAP, and ensuring critical vulnerabilities are remediated faster, more data and data sources is essential. SAP now finds it easy to integrate new data sources to support more aspects of the business using Brinqa’s more than 220 data connectors, eliminating the need for costly and time-consuming development.

Results

Brinqa replaced the nightmarish process of updating and consolidating spreadsheets and manually assigning tickets via email and Jira, a process that was repeated weekly just to keep up with changes and new findings. With Brinqa the task of refreshing Excel spreadsheet, consolidating the findings in PowerBI and then aligning with tickets to assign remediation was no longer necessary. These details were kept up to date using the Brinqa system and reporting could be easily produced based on the accurate data maintained in the platform.

 

The aggregated data, tracking and automation enabled by Brinqa, freed up half of the vulnerability management staff to tackle other engaging, strategic initiatives and did not lead to a reduction in services or scope. In fact, the team was able to add additional data sources to monitor and reduce risk across more systems. All combined, Toka saw a 2 to 3 times productivity boost for the team.

 

With auditors scrutinizing exposures and vulnerabilities, instead of cobbling together records for every audit, they have a centralized Cyber Risk Graph they can effortlessly access.

See What Brinqa Can Do For Your Company

SHOW ME BRINQA
The Software Showcase of The Brinqa Functionalities

Explore additional use cases

Nestle

Nestlé Modernizes & Unifies Vulnerability and Risk Management with Brinqa Threat Exposure Management Platform

Learn More
Asurion

Asurion Gets Proactive to Escape Vulnerability Overload and Reduce Business Risk

Learn More