Product Datasheet

Perform IT Security & Compliance Audits, Vulnerability Assessments and Penetration Tests over your business-critical platform. Through Onapsis X1 you can reduce audit costs , enforce compliance requirements and decrease fnancial fraud risks by monitoring that your ERP platform is really secure.

The ERP platform, the heart of your businessBusiness applications such as SAP , Oracle E-Business Suite , Siebel and JD Edwards run the most critical business processes of your company. These systems manage vital information for your everyday operations, making them an attractive target for cyber-criminals and fraudsters. If breached, your company can be susceptible to espionage, sabotage and fraud attacks that would result in severe economic losses. In the ERP world, the vast majority of security efforts and resources are focused in the deployment of Segregation of Duties (SoD) controls. While SoD security measures are necessary, they are not enough. The number of security vulnerabilities in the technological components of these systems are growing radically, increasing the risk of successful information security breaches. Onapsis X1 is pioneering the frst solution that allows you to perform in-depth security assessments over your entire ERP platform. Through its patent-pending technology, Onapsis X1 scans your ERP systems looking for security vulnerabilities, misconfgurations and compliance violations. The resulting reports that Onapsis X1 delivers enable customers to improve the security level of the overall business infrastructure and enforce compliance requirements easily.

of your

the heart

Protect

Business.

Protect

your ERP

platform.

Decrease business risks keeping your ERP platform secureUsing Onapsis X1, you can continuously and holistically assess the security of your ERP systems, evaluating every component of every instance of your entire platform. With its simple and practical user interface, up-to-date set of discovery, exploration, audit, vulnerability assessment and risk illustration modules and the support from the globally renowned Onapsis Research Labs team, Onapsis X1 is your best ally to protect your ERP platform.

Product Datasheet

BizRisk Illustration technologyThrough an exclusive set of well proven commercial-grade exploits, Onapsis X1 allows you to simulate the steps performed by a real attacker over your ERP system, enabling you to better understand which is the business impact of the existing technical risks. With the BizRisk Illustration technology, you can identify, validate and prioritize the remediation of the detected vulnerabilities in a stable, secure and easy way. You can illustrate the existing risks to key business stakeholders using a common language: showing what these threats actually mean for the business.TM

TM

Comprehensive reporting system

BecauseSegregation

of Duties

After you complete the assessment process, Onapsis X1 produces clear and actionable reports to follow up all the identifed issues. The reports can be generated to include only summarized/executive results or in a detailed technical layout to assist your IT staff in the remediation process. In this way, you can follow the entire process, from threat identifcation to remediation and post-validation of applied corrections, effectively minimizing risks and making your critical business-critical infrastructure reliable against real-world attacks.

enough.

is not

How Onapsis X1 works

Onapsis X1 automatically discovers the targets to assess in your network and begins building the foundations for a comprehensive security analysis.

Onapsis X1 detects existing weaknesses by performing a comprehensive security audit or black-box vulnerability assessment over the identified targets.

A comprehensive set of actionable reports describing detected risks and compliance violations is generated, providing you detailed guidance on how to mitigate them in the most efficient way.

Onapsis X1 demonstrates the real business impact of an identified risk in your ERP platform. Several of the detected vulnerabilities can be easily and safely illustrated through point-and-click actions, showing key business stakeholders what is at stake.

Product Datasheet

Additional features & benefts:Effective risk mitigation The vulnerabilities that Onapsis X1 detects imply real threats to your ERP systems. These weaknesses expose your business to fnancial frauds, information leakage and non-authorized data manipulation. Onapsis X1 allows you to gain a deeper understanding of these vulnerabilities. With this knowledge, and the detailed remediation procedures included in Onapsis X1's reports, you will be able to effectively reduce risk affecting your ERP infrastructure and, therefore, protect your organization's most valuable information. Reduction of security audit costs As the most comprehensive tool developed for audit and security evaluations of ERP platforms, Onapsis X1 is designed to provide trusted results with an unmatched level of detail. This allows you to improve your response time, maximizing your return on investment by streamlining the remediation efforts required to identify, validate and eliminate existing security vulnerabilities. Reduce audit costs up to 70%! Policy-aware security assessments and audits You can also execute policy-based security scannings and audits. Onapsis X1 includes a set of built-in templates that you can use to compare the level of compliance of your ERP platform against the best practices and regulatory compliance initiatives, such as PCI DSS. Additionally, you can create and save your own policies to match your internal security standards and validate your platform against them, all through a few clicks! Support for multiple ERP and Business-Critical Applications Onapsis X1 provides a scalable framework which integrates different Knowledge Packs, each one focused on a different ERP or business-critical application. These components provide a set of specialized modules that comprise a specifc discovery, assessment or exploiting task. Onapsis X1's architecture is designed to cover the most widely used ERP systems in the world. TM TM Currently, Onapsis X1 Knowledge Pack is available for use with SAP NetWeaver and R/3 solutions. You can obtain more information about the Onapsis X1 Knowledge Packs on our product website. Stable and up-to-date set of modules Information Technology & Security changes fast. What is secure now, can be subject to a critical threat in the blink of an eye. Onapsis X1 provides an ongoing support contract that allows users to download periodically updated vulnerability defnitions and exploits for each Knowledge Pack acquired. Holistic Protection Beyond Productive Systems Development, Testing and Quality Assurance environments must be evaluated with the same thoroughness as Productive systems in order to prevent staged attacks. Onapsis X1 allows you to deeply evaluate every environment of your ERP implementation with the same effort. Through proprietary discovery and consolidation techniques, X1 detects all the ERP components in your network automatically and executes selected modules wisely to provide consistent and nonredundant results. About OnapsisOnapsis is the leading provider of solutions for the ERP systems and business-critical applications. These systems are the business essentials, responsible of processing the most valuable information and handle the core business processes of companies world-wide. Through different innovative products and services, Onapsis helps its global customers to effectively increase the security level of their critical systems infrastructure, protecting their information, enforcing compliance and decreasing fnancial fraud risks.

About the Onapsis Research Labs As a special team of world-renowned experts, the Onapsis Research LabsTM continuously works on several research projects related to the current and future security aspects of ERP systems and business-critical applications. All the new knowledge gathered by this team is integrated into Onapsis X1 on a regular basis. The Onapsis Research Labs constantly contributes to the professional information security community through specialized technical publications, such as SAP Security In-Depth, security advisories and shared security software developments for public use. Also, our renowned experts are frequently invited to hold presentations at the most important information security conferences in the world.

Onapsis Partnership Program Our partnership program is aimed at consulting and audit firms specialized in information security, who are seeking to add value to their current security services portfolio. Members of the partnership program gain the following benefits: Access to a centralized point of information about ERP software security. Low investment cost to develop ERP security services or add value to existing ones. Per engagement Onapsis X1 license acquisition model.

If you are interested in being an Onapsis partner, please email us at: partners@onapsis.com

Visit Onapsis X1 Website! Keep informed about latest updates, white-papers publications, and webcasts. Stay tuned with Onapsis X1 at www.onapsis.com/x1

737 Jos A. Salmn Feijo, Ground Floor 12, Buenos Aires, C1274AGI, ArgentinaCopyright 2010 Onapsis S.R.L. All rights reserved. Onapsis X1 and BizRisk Illustration are trademarks of Onapsis S.R.L. All other company and product names are trademarks of their respective companies.

Main +54 11 5272 2363www.onapsis.com