False Sense of Security: Why Your Antivirus Doesn’t Protect Your SAP System

Like all IT assets, SAP systems must be protected from sophisticated cyberattacks. To defend against such attacks, many companies have robust antivirus systems in place to safeguard their business. Traditional antivirus programs can protect a machine or system from malware in three main ways: on-access/real-time scanning, scheduled scans, and vulnerability shielding combined with memory/process protection. More advanced programs use additional techniques, such as heuristics, sandboxing, and the new perceived “silver bullet,” machine learning.

Unfortunately, most traditional antivirus programs have certain limitations that prevent them from fully protecting an SAP system. Understanding where security gaps exist within antivirus software and how to bridge them can be the difference between being a fully secure business and being a target for cyberattacks.

Limitations of Antivirus Software

SAP solutions require more protection than simple, OS-level antivirus systems provide. This is because external users can upload files into SAP systems — such as when job applicants upload resumes into an e-recruiting application or when suppliers attach documentation to a proposal entered into a supplier relationship management (SRM) application. These innocent-looking file uploads create a critical vulnerability: Cyberattackers can insert malware into a file that can sneak past even the most advanced antivirus software.

Consider this common scenario: To upload a file, a user establishes an encrypted connection via HTTPS or the DIAG protocol used by SAP GUI. With this secure connection, an antivirus program is unable to identify and scan the file while it’s being transferred. The SAP application then stores the file in the database or in an SAP-proprietary data repository rather than the standard disk file system. Antivirus software cannot look or scan inside those repositories. Any malware in the file is not immediately executed — instead, it lies tucked away in the SAP database, waiting for a user to retrieve it as part of a business process. This means vulnerability shielding and process protection on the server won’t be able to identify the dormant malware and prevent it from executing.

A Better Approach for Antivirus Security

The good news is that SAP has taken steps to address this vulnerability. In 2004, SAP added a virus scan interface for SAP NetWeaver (NW-VSI) to every SAP application server, enabling applications to automatically reroute all file operations through any security solution attached to the interface. The bad news is that many traditional antivirus programs don’t connect to NW-VSI — security solutions must be specifically designed to work with this interface.

bowbridge offers security software tailored to work with SAP systems. bowbridge’s Anti-Virus for SAP solutions is a security and virus scanning solution that has been developed from the ground up to integrate seamlessly into SAP infrastructures. It has achieved SAP-certified integration with SAP NetWeaver and has been continuously certified for over 10 years. Anti-Virus for SAP solutions works with SAP’s virus scan interface to help secure critical SAP systems and bring peace of mind to customers.

Bridging the Gap

While it may be alarming to hear that traditional antivirus software often falls short for SAP systems, SAP and partners like bowbridge have made it possible to bridge the gap and keep your most valuable systems secure. The right antivirus solution should integrate with NW-VSI and be able to detect and block malware at any point, from the moment a file is uploaded to the moment it’s stored in a database, patiently waiting to wreak havoc. To learn more about antivirus security for SAP systems, visit www.bowbridge.net.