SAP Enterprise Threat Detection(ETD): Supercharging Security with intelligent Automation

SAP Enterprise Threat Detection(ETD): Supercharging Security with intelligent Automation

SAP Enterprise Threat Detection (ETD) is a powerful tool for detecting fraud and security threats in SAP systems. SAP BUILD Process Automation is a low-code/no-code platform for automating business processes. Together, these two solutions can be used to automate the blocking of users when fraud is detected, and proactively restrict fraud and terminate user activity with this automation without manual intervention or logging in the SAP ETD system. If something suspicious happens, we can mitigate the fraud using Build Automation. We can utilize this using for many patterns.

Example:

A user is trying to log in to an SAP system with a known compromised password. SAP ETD detects this suspicious activity and generates an alert. The SAP BUILD Process Automation platform listens for this alert and triggers a workflow to block the user. The workflow can also perform other tasks, such as sending an email notification to the user's manager and logging the event.

Another example:

A user is trying to create a large number of purchase orders in a short period of time. SAP ETD detects this unusual activity and generates an alert. The SAP BUILD Process Automation platform listens for this alert and triggers a workflow to restrict the user's access to the purchase order creation transaction. The workflow can also perform other tasks, such as sending an email notification to the user's manager and logging the event.

Benefits of automating user blocking when fraud happened in SAP systems:

  • Reduced risk: Automating user blocking can help to reduce the risk of fraud by blocking users before they can cause any damage.
  • Improved efficiency: Automating user blocking can save time and resources by eliminating the need for manual intervention.
  • Increased compliance: Automating user blocking can help organizations to comply with industry regulations that require them to take action when fraud is detected.
  • Reduced impact: Automating user blocking can help to reduce the impact of fraud by preventing users from accessing sensitive data and systems.

How to automate user blocking when fraud happened in SAP systems using SAP Enterprise Threat Detection with SAP Build Process Automation:

  1. Identify the SAP ETD Playbooks that you want to automate. Consider the following factors when selecting playbooks to automate: The complexity of the playbook. The frequency with which the playbook is executed. The potential benefits of automating the playbook.
  2. Create a new project in SAP BUILD Automation.
  3. Design the automated process. This involves defining the steps that the automation will follow and the data that it will use. You can use the SAP BUILD Process Builder to design your process visually.
  4. Implement the automated process. This involves creating the necessary artifacts, such as bots and workflow components. You can use the SAP BUILD Automation Studio to implement your process.
  5. Test and deploy the automated process. Once you have implemented the process, you need to test it thoroughly to ensure that it works as expected. Once you are satisfied with the process, you can deploy it to production.

How to get manager approval via Microsoft Teams, Slack, or email using SAP Build:

  1. Create a new task in SAP Build.
  2. Select the "Send message" action.
  3. Select the Microsoft Teams, Slack, or email channel that you want to send the message to.
  4. Enter the message that you want to send.
  5. Click the "Save" button.

Example of an SAP Build workflow that automates user blocking when fraud happened in SAP systems:

The following workflow automates user blocking when SAP ETD detects that a user is trying to log in to an SAP system with a known compromised password:

  1. Start: The workflow starts when SAP BUILD Automation receives an alert from SAP ETD.
  2. Get user information: The workflow uses the SAP ETD API to get information about the user who is trying to log in with a compromised password.
  3. Block user: The workflow uses the SAP ETD API to block the user.
  4. Send notification to manager: The workflow sends an email notification to the user's manager informing them that the user has been blocked due to suspicious activity.
  5. Log event: The workflow logs the event to the SAP BUILD Automation audit log.

Conclusion:

Automating user blocking when fraud is detected in SAP systems can help to reduce the risk of fraud, improve efficiency, increase compliance, and reduce the impact of fraud. SAP Enterprise Threat Detection and SAP BUILD Process Automation can be used together to automate user blocking, get manager approval via Microsoft Teams, Slack, or email, and proactively restrict fraud and terminate user activity with this automation without manual interaction or logging in the SAP ETD system.

 

Siddhartha Chennuri

CIA, CISSP, CISM, CSM, ISO/IEC 27001:2022 Lead Auditor

1y

Nice informative post. Well done.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics