Claranet Threat Detection: SAP security, full visibility

New service detects SAP-specific threats, supports compliance with NIS-2, DORA and ISO 27001, and feeds directly into the security tooling organisations already run.

Claranet introduces Claranet Threat Detection for SAP Technology, a service that gives organisations complete visibility into their SAP environments and detects the threats that generic security tooling routinely misses. 

SAP systems are the backbone of the modern enterprise. They hold the most sensitive process data, financial records, and customer information a business owns, which makes them a prime target for attackers. Yet most of the security-relevant activity inside SAP never reaches the security team. That gap leaves suspicious access, unusual behaviour, and creeping permission changes hidden from view, often until it is too late. 

Threat Detection for SAP is built on a proven foundation. Its core is the BCS technology Claranet developed in partnership with Logpoint, already in production with established customers, which Claranet is now further developing and modernising. Rather than starting from scratch, the service matures an already existing SAP security capability into a customer's own existing security monitoring, or into Claranet's managed security portfolio, and continues to evolve it for the threats and regulations organisations face today. 

The service collects, normalises, and forwards security-relevant logs from SAP directly into an organisation's existing SIEM, so SAP becomes part of central security monitoring rather than an isolated silo. It is completely SIEM-agnostic, vendor-independent, and compatible with RISE with SAP, with out-of-the-box support for S/4HANA, BW/4HANA, SAP HANA DB, and the Java stack. 

The service is delivered through four integrated modules:

• Threat Detect Collect captures and normalises SAP logs using more than 15 specialised data extractors, with no SAP add-ons required.
• Threat Detect Rules applies more than 500 SAP-specific detection rules to deliver prioritised, clearly substantiated alerts.
• Threat Detect Behave builds individual behavioural profiles to flag compromised accounts and insider threats before they escalate. The module is expected later this year.
• Threat Detect Respond brings automated response playbooks that lock accounts, revoke permissions, or raise a ticket without manual intervention. It is expected as a standalone extension towards the end of this year.

Compliance pressure is a significant driver behind the launch. Regulations including NIS-2, DORA, and ISO 27001 now expect demonstrable, real-time evidence of who accessed business-critical data and when, while personal liability for senior management continues to grow. Threat Detection helps organisations produce that evidence, supporting their compliance reporting and easing the manual audit workload that slows so many security teams down. 

Organisations can start with individual modules and add capability over time, all the way to a fully managed service operated around the clock by Claranet's dedicated SAP Security SOC. Where native options can turn into year-long implementation projects, Threat Detection is designed to be up and running in days and weeks, without a performance hit to production systems. 

"SAP runs the processes our customers cannot afford to lose, yet for most organisations it sits outside their day-to-day security monitoring," said Neil Thomas, Group Director of Security Services. "Threat Detection changes that. We give you full insight into what is happening across your SAP estate, we detect the SAP-specific threats that generic tools walk straight past, and we make compliance something you can evidence with confidence. Best of all, it works with the security tooling you already have, so you see value in days, not quarters."

Claranet Threat Detection for SAP Technology is available now. To learn more or arrange a conversation, visit the Claranet website or speak to the team on 0330 390 0507. 

Media contact: Jed Kafetz, Jed.Kafetz@claranet.com