SAP is one of the most business critical enterprise applications. As a result, keeping it secure is a top priority for managed service providers. In the last year SAP has notified its customers of multiple high risk vulnerabilities, through its SAP HotNews email alerts, which require urgent patching – but the challenge for MSP clients is to know “do these impact me?”
Staying on top of SAP security and making sure nothing is missed has been rated as one of the highest priorities by our Avantra user base. But it’s also one of the most time consuming activities that a Basis team manages. The good news is that the latest Avantra release, 21.11, provides additional support that can really help here. Before we dive into the benefits of SAP HotNews analysis in the Avantra platform, let’s have a look at what SAP HotNews is.
What is SAP HotNews?
SAP HotNews (also called SAP HotNews Notes) are priority 1 (very high) SAP Notes which help to resolve and to prevent issues in SAP systems. They often contain security related content such as, documented security vulnerabilities in SAP products, and the procedure for fixing them. These Notes may also contain code corrections or instructions on how to update software components. When referencing security issues, they usually include a CVE (Common Vulnerabilities and Exposures) identifier.
An SAP Note is simply an SAP knowledge base entry. An SAP Note can also contain recommendations or consulting information, legal changes, updates to manuals and corrections which are not rated as priority 1. An SAP Note may have a lower priority for non urgent changes or lower risks. But these non urgent changes have a priority >=2 and are not considered "HotNews", for example, UI minor issues or corrections that don't require immediate action.
Whenever a new SAP HotNews is released, customers are informed by email from an SAP ONE Support Launchpad Notification. In addition, there’s an application in the SAP One Support Launchpad which lists all HotNews and provides features to filter them, for example per system previously created as a favorite. Then you can confirm you’ve actioned a HotNews or mark it as not relevant.
Another way to access SAP HotNews is within SAP Solution Manager through the system recommendations. SAP customers report that both ways have drawbacks. For example, on the SAP One Support Launchpad there is a clumsy way to filter on a system, but it’s not ideal. As a result, time pressured SAP operations teams need a way to work quickly with HotNews. They want to know instantly which systems they need to take care of, especially when it comes to security vulnerabilities. And once they start working to fix the issue, they want to keep track of where it is done and where there is still work to do.
Stability of your SAP landscape
Reliability of your SAP systems is critical, not just for you but for your clients’ customers as well. Avantra - as a 3rd party application - needs to work on exactly the same data as SAP’s own applications. That’s the only way Avantra can provide the peace of mind that no high priority issues have been missed. So, naturally, we built an integration for Avantra that reliably retrieves the original data provided by SAP.
Even during prototyping, each time I got an SAP ONE Support Launchpad email telling me that a very high priority SAP Note/KBA had just been released, I went straight to our test system and filtered for the corresponding note number, just to check if it was already there. And it was! Not only that, but I was immediately informed which of our internal test systems would be affected by various vulnerabilities, such as SQL Injection, Missing Authorization Check, Code Injection and XML External Entity Injection – just to name a few of the recent ones.
How do SAP operations teams benefit from SAP HotNews analysis?
SAP operations teams and their leaders benefit in multiple ways from the Avantra deep integration with SAP HotNews:
- Finally get a holistic view on the whole landscape
- Instantly see which systems are affected by a new SAP HotNews Note and which are not
- Easily track implementation status for any affected systems.
The outcome is peace of mind, knowing that no system is left at risk.
The outlook for SAP HotNews analysis
The next step in our automation journey is ready to use automations linked directly from HotNews. For example, to directly initiate an SAP Kernel upgrade, to apply patches or digital signed notes. Our engineering team is already working on this and will bring the maintenance of SAP environments to a new level of automation.
We are very excited about our latest release and believe there is some great new stuff, and we hope you as our customers and users will find it useful.
Upgrade to Avantra 21.11 now.
5 Agent-Based vs. Agentless SAP Monitoring Myths Debunked
“Our IT uses agentless monitoring solution, why can’t we use it for SAP?” Do you hear that often?...
What is AIOps for SAP? And What Can it Do for You?
John Appleby, Chief Executive Officer, and Brenton O’Callaghan, Chief Customer Officer, at Avantra...
How to prevent SAP security vulnerabilities
SAP creates some of the world’s most popular products for managing information, with more than 400...