Sign up here to access the preview!
In today's digital landscape, low-code development platforms have become increasingly popular among businesses looking to accelerate their application development processes. However, with the convenience and speed that these platforms offer, there are also security risks that organizations must consider.
SAP Business Technology Platform (BTP) is a cloud-based solution that provides a wide range of tools and services for developers to build, run, and manage applications. One of the key features of SAP BTP is its low-code development capabilities. Low-code development allows developers to create applications quickly and efficiently by using visual drag-and-drop interfaces and pre-built components, rather than writing code from scratch.
When it comes to low-code platforms, one key concern is the risk of security vulnerabilities introduced by citizen developers, some of whom may lack the security awareness of traditional pro-dev community. To counter this, early threat detection is crucial and can complement preventative guardrails to enable frictionless productivity while minimizing cyber risk.
Today we are excited to announce the Sentinel Solution for SAP BTP, an independent security solution in Content Hub that can help our customers detect and respond to threats in SAP BTP running in Cloud Foundry environments.
In this first release, we have incorporated a data connector that enables customers to connect their BTP subaccount to Sentinel via Audit Log service for SAP BTP API. Along with that, we are introducing five new analytics rules and a workbook to enhance your experience. To delve deeper into the features and better understand the type of threats that are identified, let's explore each of these in more detail.
We created built-in detections for identity management and low-code application development scenarios using the Trust and Authorization Provider and Business Application Studio (BAS) event sources in BTP.
Each SAP BTP subaccount has its own local identity store, which must be closely managed to avoid unauthorized access to the environment after an employee leaves the organization or changes roles. Additionally, an organization may use multiple subaccounts to host their workloads, which can make it difficult to govern identities across each one.
To address the challenges of complex identity access management across subaccounts, it is common practice to deploy a federated identity provider such as Azure Active Directory or SAP’s own Identity Authentication service (IAS). The “BTP - Trust and authorization Identity Provider monitor” rule notifies the Security Operations Center (SOC) of changes to this configuration, helping to detect potentially malicious actions that could be used to gain control of the identities in a subaccount. In addition to this, other critical identity actions such as mass user deletion events and changes to sensitive privileged system role collections can be detected.
BAS, or Business Application Studio, is the low code development environment that is used to build applications on SAP BTP. We can help customers secure this workload by detecting suspicious login activity, such as reconnaissance, and attempts to gain unauthorized access to a BAS workspace. The “BTP - Malware detected in BAS dev space” rule uses SAP’s built-in malware engine to detect malicious files found in the source workspace.
Sentinel Workbooks are a powerful feature that helps the analyst to visualize patterns or areas of interest to pivot during an investigation.
The BTP Activity Workbook provides a dashboard overview of subaccounts, helping analysts identify the most active accounts and the kind of data being ingested. It also displays subaccount sign-in activity, helping analysts identify spikes and trends that may be associated with sign-in failures in BAS. Analysts can also compare the timeline of the activity to security alerts raised in BTP, helping them search for any correlation between the two.
The Identity Management tab, shown in the screenshot below, displays a grid of identity management events, such as user and security role changes, in a human-readable format. The search bar lets you quickly find specific changes.
The Microsoft Sentinel solution for SAP BTP is currently offered under a limited preview. To gain early access to the solution in Content Hub, follow the steps below.
You are done with deploying the solution. Now you are ready to start testing it!
We are very keen to hear from our customers and direct engagement to help improve the product. Don’t hesitate to reach out and let us know your suggestions at firstname.lastname@example.org
Did you know that customers, Microsoft partners and Microsoft MVPs can join our Microsoft Security Customer Connection Program (CCP) communities to share their feedback and insights on our roadmaps, designs, and private preview features for our security products, including Microsoft Sentinel?
Learn more about our Security Customer Connection Program communities, and how to join, at The New Microsoft Security Customer Connection Program (CCP) - Microsoft Community Hub
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.