Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.

Abstract: A system for acquiring time limited data to facilitate integrity verification in real-time applications (RTAs) includes an agent and a collector. The agent is associated with a RTA and is in communication with the collector. The agent defines a plurality of time ordered time frames and during each time frame collects a collection of events from event sources occurring on the RTA. The agent calculates a local integrity check from the collection and a previous integrity check or an initial key, and transmits a global integrity check calculated from local integrity checks to the collector. The collector receives the global integrity check from the agent and stores the received global integrity check in a secure storage. The collector validates the integrity of the global integrity check and the received collections of events.

Abstract: Security can be improved in a business application or system, such as a mission-critical application, by automatically analyzing and detecting anomalies for mission-critical applications. This detection may be based on a dynamic analysis of business process logs and audit trails that includes User and Entity Behavior Analysis (“UEBA”).

Abstract: Security can be improved in a business application or system, such as a mission-critical application, by automatically analyzing user access (UA) and segregation of duties (SoD). This analysis may be using a graphical representation of a model with nodes for business application concepts and edges for relationships between nodes. A review of the graphical representation is used for UA and SoD.

Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.

Abstract: A computer-based method of analyzing a business-critical application computer system includes extracting a plurality of software objects from the business-critical application computer system, storing the extracted software objects in a computer-based search platform, finding relationships between the extracted software objects that are stored in the computer-based search platform, and creating a database that represents the extracted software objects and the relationships between the extracted software objects. Each software object (a unique piece of code, a file, a data string, or other aspect of the business-critical application computer system) may represent an element of the business-critical application computer system whose graphical representation as a node connected to another node based on relationships, functional or otherwise, between the corresponding elements is desirable in view of a particular goal of the analysis.

Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.

Abstract: A business application, such as an enterprise resource planning (“ERP”) system, may include a number of different systems. Security management of the business application may include numerous systems and products. A combination of those systems and products into an underlying platform can include a single user interface that covers multiple security functions.

Abstract: Security can be improved in business application, such as an enterprise resource planning (“ERP”) system, by detecting and automatically cleaning or fixing custom code of systems/applications. In one embodiment, a Cleanup Tool enables the removal of programming errors using automation that can minimize security risks for a business application. The Cleanup Tool may include an automated correction engine that automates code correction. An Access Analyzer analyzes access through various systems/applications within the business application.

Abstract: Security can be improved in a business application, such as an enterprise resource planning (“ERP”) system, by verifying and testing transports within the system or between systems. In one embodiment, a transport is verified by a transport profiler to ensure proper functioning and compliance. In one embodiment, the transport profiler may include visualization functionality for visualizing the transport between systems.

Abstract: Security can be improved in a business application landscape, such as an enterprise resource planning (“ERP”) system, by analyzing interfaces between systems of the application. The interface profiler may automatically analyze data flows in the system landscape with automatic data classification of communications between systems. A rule generation engine provides functionality for comparing reference data flows with the actual data flows in the landscape and report violations. There may be visualization of the business application landscape, such as through a system landscape map.

Abstract: A computer-based method is disclosed for assessing impact of a patch on a target business-critical application computer system. The method includes receiving information at a computer-based impact assessment system about end-user activities on the target business-critical application computer system over a specified period of time; identifying, with a computer-based fixed objects identifier, one or more software objects in the target business-critical application computer system fixed by the patch; identifying, with a computer-based entry point finder, one or more entry points associated with the fixed software object(s) at the target business-critical application system; and cross-referencing the information about the end-user activities on the target business-critical application system against the one or more entry points associated with the fixed software object(s) at the target business-critical application system.

Abstract: A computer-based method is disclosed for checking a target computer system for unnecessary privileges. The method includes receiving, at a computer-based privileges checking system, a listing of all privileges available the target computer system; receiving, at the computer-based privileges checking system, information about end-user activities on the target computer system over a specified period of time; for each respective one of the end-user activities, querying a computer-based entry point finder for any privileges that were checked at the target system for that activity; and removing the privileges that were checked at the target system for the end-user activities from the listing of all privileges available at the target system to produce a listing of unnecessary privileges at the target system.

Abstract: A system is configured for real time detection and prevention of segregation of duties violations in business-critical applications. The system includes a software application monitor, a Segregation of Duties (SoD) conflict detection engine, a processor and a memory. The software application monitor configured to monitor an action executed by a user in the software application in real-time. The SoD conflict detection engine receives an action notification from the software application monitor having an action and an associated user, and determines whether the action is associated with a conflict in a conflict rule database. The engine looks up the user and action and determines if the user has permission to execute the action and/or if the user has previously executed the action, and if so outputs a preventive alert indicating a segregation of duties violation.

Abstract: A method includes extracting from a computer-based system, (e.g., a role-based access control system) information identifying users and information identifying one or more profiles for each of the users, creating one computer-based user bloom filter for each one of the users, creating one computer-based profile bloom filter for each one of the profiles and creating one action bloom filter for each of a plurality of possible end user queries. Each profile corresponds to one or more assigned authorizations, each user bloom filter correlates an associated one of the users to one or more of the assigned profiles, each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations, and each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.

Abstract: A system for calculating cyber-risk in a software application includes a cyber-risk calculator. The cyber-risk calculator receives a security assessment result sample having a list of security modules, each security module listing including a respective result of a security assessment of the application identifying a vulnerability and/or misconfiguration capable of being exploited and/or abused. When run in a risk calculation mode, the cyber-risk calculator determines a world partition of the application in the security assessment result sample belongs to, references a set of parameters from a parametrization database according to the world partition corresponding to the application, determines a cyber-risk exposure level for the application based upon the security assessment result sample and the set of parameters, and reports results of the cyber-risk calculation.