Here are 6 harsh realities that we discovered from our customers: 1. Users are still using SAP_ALL Power Profiles Although SAP doesn’t recommend using the power profile SAP_ALL, many organizations are still using it. They should definitely not. This authorization…
In 1914, American judge Louis Brandeis coined the famous quote “Sunlight is said to be the best of disinfectants,” and it has proven to be most accurate in 2014 too. Many of our current and potential clients fear what may…
Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly? Our customers often understand the benefits of our products: how they save time, increase security and lower costs. However when it comes to the hows,…
In many organizations, the access to the sensitive SAP T-Code SU01 is much wider than needed. Let’s explore why. SU01 is used for different purposes, most commonly to create new user accounts, reset users’ passwords and Lock/Unlock user accounts. System…
A couple of years ago, we included a “Lock User” button feature into our security product. If you received a “very high” alert, you could log into the system, catch the fraud in action, press the “Lock User” button and…
“How Many Times?” We, and our partners, often ask ourselves that very question after hearing case after case of employee fraud being committed at an enterprise. How many times will these companies endure suspicious activity by their employees before they…
How you can maintain GRC compliance if you have users with dangerous SAP_ALL? The authorization profile, SAP_ALL has such vast amounts of authorizations inside that it is mistakenly known as “the profile that can grant everything in the SAP system”.…