sb-nz logo
Story image

RedShield develops 'virtual shield' to protect against SAP RECON vulnerability

24 Jul 2020

New Zealand-based security firm RedShield has developed a ‘virtual shield’ that addresses major vulnerabilities within SAP.

SAP recently shared details of the RECON vulnerability in its SAP Networker Application Server (AS) Java LM Configuration Wizard, which is critical to the SAP stack.

The vulnerability (CVE-2020-6287) could allow attackers to take over SAP systems by remotely accessing the server. As many as 40,000 SAP customers and 2500 systems could be affected by the vulnerability.

According to RedShield, The SAP NetWeaver Java is a base layer for many SAP products. 

Attackers who exploit the vulnerability may allow an attacker to leverage the connected systems and access further business-critical data and Personally Identifiable Information (PII). Attackers could also potentially access, delete, or manipulate financial records and banking details; and they could perform other admin functions such as deleting or modifying database records, traces, logs, and other files.

RedShield chief executive officer Andy Prow says SAP customers must stay protected and alert.

“However, the reason we see so many organisations struggling to act and apply patches quickly is because of the potential business risks and what down-stream impact may be caused.”

“Because applying these patches can be difficult and take time, we’ve seen some organisations attempt to block access to the affected SAP services; however, this is a heavy-handed response, and often is untenable as a long term solution. We’ve also seen some organisations introduce pre-authentication by allowing only authenticated users to access the server; however, this assumes the malicious user has not already gained authentication and is also not a viable solution in all cases.”

He adds that vulnerability shielding involves injecting code in front of the vulnerable application to fully remediate the attack. 

“The most important factor is that the shield requires zero-touch to the application, meaning vulnerabilities are removed without the risk and interruption caused by touching systems like SAP.”

He explains that by deploying a shield object to shield the RECON vulnerability without affecting SAP application code, protection can be fast and effective. 

“We can provide immediate peace of mind with our shielding approach. With the shield(s) in place, the customer may still upgrade or patch the systems behind the shields, but they can do so in a planned and managed way, over time.” 

RedShield says it can deploy shields for both legacy and new SAP applications - as well as APIs. Depending on the shielding architecture needed, implementation can be completed within hours, well within the Cybersecurity and Infrastructure Security Agency (CISA) recommended 24-hour timeframe.

Link image
Real-world SSL/TLS data from 275 billion network flows
According to Gartner, more than 70% of malware campaigns in 2020 would have used some type of encryption… And 60% of organisations will fail to decrypt HTTPS efficiently.More
Story image
Security teams face mounting stress, call for execs to step in
“With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritise alleviating the stress."More
Story image
Forescout and ServiceNow advance tech partnership to protect critical infrastructure
Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats.More
Download image
Why there's a huge push for NFV in today's enterprises
To help networking and IT professionals better understand the opportunities and challenges associated with deploying NFV technology, new research based on responses from more than 1,300 IT and networking professionals from around the world is now available. More
Story image
Security spotlight: 15 billion user names and passwords for sale
Security news roundup: What's with all the major cybersecurity breaches?More
Story image
CERT NZ provides threat intelligence for InternetNZ's DNS Firewall
"It’s important to InternetNZ to keep adding intelligence to Defenz to make sure our customers are protected from known security threats."More