BowBridge Software: Safeguarding SAP Applications from Content Attacks

Joerg Schneider-Simon, CTO
The increasing adoption mobile access to SAP applications with technologies such as FIORI and SAP UI 5 and the direct integration of external third parties into SAP-based business processes are giving rise to growing concerns regarding secure data access and data security. Today, organizations need to balance the requirement to make business data available to users and partners in the field, while maintaining data security and protecting the availability and integrity of their SAP systems. This is leading to the increasing requirement knowing and controlling not only who has access to those applications, but also what data is being entered or uploaded into the application. Germany-based BowBridge Software develops and markets solutions for monitoring and securing content vectors into SAP applications. “We integrate our solutions at the SAP infrastructure layer rather than with specific applications,” says Joerg Schneider-Simon, CTO and Co-founder of BowBridge. “Customers can benefit from comprehensive content security regardless of the application without a single customization to the application code.” The company’s partnership with SAP and collaboration with anti-virus industry leaders like Intel Security or Sophos provides customers with a rare combination of three qualities: understanding of SAP technology and architectures, threat intelligence from leading security technology providers and Bowbridge’s wealth of experience in bringing these worlds together.

According to Schneider-Simon, there is an increased requirement for SAP applications to store and process unstructured data. Combined with the growing openness, this is leading to a multitude of vectors by which such unstructured content can be entered into or accessed by SAP applications. Leveraging SAP’s NetWeaver Virus Scan Interface (NW-VSI) Bowbridge’s solutions filter content from each of these vectors at the point of convergence, in the SAP application server, before the content is processed by the applications. The company also provides Application Security Bridge for SAP solutions complementing the well-established AntiVirus Bridge for SAP solutions by protecting web-exposed SAP applications from malicious structured content. “SAP applications are interactive, they process and store data entered or modified by users. An increasing number of these applications are exposed on the web, and they have vulnerabilities and are exposed to the same threats as any other web-application,” explains Schneider-Simon.

Customers can benefit from comprehensive content security regardless of the application without a single customization to the application code

“Although, SAP provides fixes and patches for all such vulnerabilities found, customers tend to customize their SAP-applications rather heavily, therefore securing the custom code against these types of attacks is of vital importance.”Application Security Bridge monitors and scans every user input into forms with a combination of semantic filters, attack signatures, and customer-defined rule-sets to detect and block the most critical content-based attacks.

BowBridge recently assisted one of the largest U.S. departments. The agency had selected SAP for supply chain management. The new system required protection from the threat of viruses and malware associated with incoming file attachments. Upon implementing BowBridge AntiVirus Bridge for SAP Solutions, the system enabled agency employees, clients, and vendor partners to securely attach supporting documents to their SAP transactions.

Moving forward, the company will further close the integration-gap between SAP and security solutions by feeding SAP-security relevant information into Enterprise Monitoring and Security Incident and Event Monitoring solutions. BowBridge, in the upcoming years, will be expanding its presence in the U.S. market. The firm will be releasing a new line of products to protect enterprise content stored and managed in enterprise content management systems to carve a niche beyond the SAP security arena.

“We aim to offer products and technologies that can easily integrate into our clients' SAP environments for best productivity and their growth,” concludes Schneider-Simon.

BowBridge Software

Walldorf, Germany

Joerg Schneider-Simon, CTO

Provider of security solutions ensuring data security in applications and central data repositories

BowBridge Software