SAP and Oracle Security and Vulnerability Support

People, Processes, and Technology Designed to Defend all Layers of your Oracle and SAP Technology Stack

Spinnaker Support is the only Oracle and SAP third-party support provider to deliver a comprehensive, outside-in, full stack security and vulnerability protection solution. Full stack security includes enterprise applications, application framework, development platforms, databases, middleware, server operating systems, and network components.

Spinnaker Support is a global leader in third-party Oracle and SAP support, delivering best-in-class service for considerable savings on annual support fees. ERP security and vulnerability services have been a component of our standard support since inception in 2008, and we are continuously evolving and expanding our capabilities in these areas.

Out-Delivering Even the Big ERP Vendors

Today, we easily outpace competitive solutions because we uniquely integrate accessible security experts, proven processes, modern detection tools, and continuous monitoring practices. Spinnaker Support identifies vulnerabilities at the same time as, and often earlier than, ERP vendors. Our on-demand, customer-specific security configurations allow us to implement solutions much sooner through changes that have little to no impact on the actual code, requiring less testing time and quicker implementations. The one size fits all software vendor patches are only made available on a quarterly basis and are more intrusive by directly impacting source code. Offering even less, our primary third-party competitor delivers a database-only endpoint security solution leaving all other layers vulnerable. Spinnaker Support offers tremendous value by addressing security as a unique solution to a specific need rather than as a universal patch or reactionary defense solution.

Better, Cheaper, and Faster

Now there is one vendor that combines world-class Oracle and SAP support with full stack security and vulnerability protection all under one team. Providing better security and vulnerability services across your full technology stack, cheaper support costs at an average of 62% less than vendor support, and faster delivery of security fixes that are much less intrusive.

Spinnaker Support Advanced Security and Vulnerability, Powered by Alert Logic

As companies’ IT infrastructures evolve to include cloud solutions, the need for multi-platform protection from cyber-attacks is becoming increasingly important. Spinnaker Support partners with Alert Logic to deliver a combined cloud-based software and innovative analytics solution with embedded human expert services to assess, detect, and block threats to applications and other workloads. Our tools address web and server-based threats such as injection attacks, cross-site scripting, command and control, and other OWASP top-ranked threats.

Vulnerability Assessment – As application developers increasingly use open source and commercial frameworks and libraries to accelerate their production, they also introduce a long tail of inherited vulnerabilities that increase your attack surface. Spinnaker Support, powered by Alert Logic, provides the ability to run internal and external vulnerability scans and reports for on-premises, hosted, and cloud environments with continuous updates to more than 92,000 Common Vulnerabilities and Exposures (CVEs) in software and certain network components. We support several different use cases including automated agent-based scanning and agentless continuous scanning approaches for software and device vulnerabilities, monitoring your AWS environments for misconfigurations, and providing external scanning as a PCI Approved Scanning Vendor.

Managed Web Application Firewall (WAF) – We provide a managed web application firewall service to block known bad activity. We will start you with out-of-the-box signatures and both positive and negative rules to observe your applications’ behavior through the WAF’s deny logs. We add and tune rules, potentially down to the level of specific pages and even forms, to eliminate false positives. Blocking rules are turned on selectively as you and our WAF specialist are comfortable that enough traffic has passed through to validate that the rule correctly fires without undue false positives. Your Spinnaker Support team will continue to update and tune your WAF as your applications and threat environment evolve.

Data Inspection – We collect and inspect 3 kinds of data for suspicious activity. Each data type has strengths in identifying certain kinds of threats and then together to see the whole picture and improve accuracy and actionable context. (1) Web: We inspect both HTTP requests and HTTP responses. (2) Log: We collect and normalize log data so analytics can identify certain threat activity like brute force and lateral movement, so analysts can investigate logs, and so you can search and report on it whenever you want for forensics and audits since we retain it for at least one year. (3) Network: Our IDS agents inspect all network packets and select those that look suspicious for further analysis in our analytics engine.

Detection Analytics – Analytics weed out false positives and more accurately detects actual attacks with 3 different kinds of analytics: (1) Signatures and rules that detect known malicious patterns; (2) Anomaly detection that compares current activity against baselines to flag unusual activity; (3) Machine learning which includes more than 200,000 vectors (vs. typical 5-10 in a signature) across data from thousands of customers to identify custom, multi-stage attacks. All 3 types of analysis benefit from a treasure trove of rich, consistent data we collect from 4000 customers, which gives us a force multiplier for our analytics to find patterns other vendors could never see.

24 x 7 Monitoring & Validation – As part of our security and vulnerability protection solution, analysts in one of our 24 x 7 x 365 security operations centers investigate and triage incidents as they are created through the analytics.

Spinnaker Support ERP Security Experts and Alert Logic Certified Security Experts Includes:

  • Experts with extensive backgrounds and experience in international, cyber, military, and civilian security
  • Compliance expertise in PCI DSS, HIPAA, NERC, CJIS, NIST, SOX COBIT, GLBA, and GDPR

Spinnaker Support, powered by Alert Logic, offers full technology stack security and vulnerability protection with human expertise included (security analysts combined with Oracle and SAP application engineers.) Our customers deal with one single vendor, for service, pricing, commercial terms, and communication coordination. Plus, there is no upcharge for our standard security and vulnerability support.

For more information on Spinnaker Support’s Advanced Security solution, contact us today.