sb-eu logo
Story image

RedShield develops 'virtual shield' to protect against SAP RECON vulnerability

24 Jul 2020

New Zealand-based security firm RedShield has developed a ‘virtual shield’ that addresses major vulnerabilities within SAP.

SAP recently shared details of the RECON vulnerability in its SAP Networker Application Server (AS) Java LM Configuration Wizard, which is critical to the SAP stack.

The vulnerability (CVE-2020-6287) could allow attackers to take over SAP systems by remotely accessing the server. As many as 40,000 SAP customers and 2500 systems could be affected by the vulnerability.

According to RedShield, The SAP NetWeaver Java is a base layer for many SAP products. 

Attackers who exploit the vulnerability may allow an attacker to leverage the connected systems and access further business-critical data and Personally Identifiable Information (PII). Attackers could also potentially access, delete, or manipulate financial records and banking details; and they could perform other admin functions such as deleting or modifying database records, traces, logs, and other files.

RedShield chief executive officer Andy Prow says SAP customers must stay protected and alert.

“However, the reason we see so many organisations struggling to act and apply patches quickly is because of the potential business risks and what down-stream impact may be caused.”

“Because applying these patches can be difficult and take time, we’ve seen some organisations attempt to block access to the affected SAP services; however, this is a heavy-handed response, and often is untenable as a long term solution. We’ve also seen some organisations introduce pre-authentication by allowing only authenticated users to access the server; however, this assumes the malicious user has not already gained authentication and is also not a viable solution in all cases.”

He adds that vulnerability shielding involves injecting code in front of the vulnerable application to fully remediate the attack. 

“The most important factor is that the shield requires zero-touch to the application, meaning vulnerabilities are removed without the risk and interruption caused by touching systems like SAP.”

He explains that by deploying a shield object to shield the RECON vulnerability without affecting SAP application code, protection can be fast and effective. 

“We can provide immediate peace of mind with our shielding approach. With the shield(s) in place, the customer may still upgrade or patch the systems behind the shields, but they can do so in a planned and managed way, over time.” 

RedShield says it can deploy shields for both legacy and new SAP applications - as well as APIs. Depending on the shielding architecture needed, implementation can be completed within hours, well within the Cybersecurity and Infrastructure Security Agency (CISA) recommended 24-hour timeframe.

Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More
Story image
Internet outages drastically increased during COVID-19 lockdowns, report finds
Global internet disruptions increased 63% in March, with internet service providers hit the hardest. This is according to the 2020 Internet Performance Report from ThousandEyes, the internet and cloud intelligence company.More
Story image
Network security and ADC market to reach $19 billion by 2024
The ongoing COVID-19 pandemic will continue to impact the market both negatively and positively throughout 2020 and into the first half of 2021.More
Story image
SentinelOne signs Netpoleon as security distributor in Asia Pacific Japan
“Working with a partner that understands our needs and can provide access and reach across a diverse region with strong security expertise, makes partnering with Netpoleon compelling and a logical choice for our next phase of growth."More
Story image
Google and Amazon overtake Apple as most imitated brands - Check Point
Google and Amazon were the most imitated brands in phishing attempts for the second quarter of 2020, according to Check Point. More
Story image
Fortinet holds position as fastest-growing SD-WAN vendor
According to a new Omida report, the company has seen a 247% revenue growth year-on-year. Plus, Fortinet announces Fortigate 80F.More