Onapsis

Onapsis

About TrustRadius Scoring
Score 8.8 out of 100
Onapsis

Overview

Recent Reviews

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Onapsis, and make your voice heard!

Pricing

View all pricing
N/A
Unavailable

What is Onapsis?

Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

4 people want pricing too

Alternatives Pricing

What is Quixxi Security?

Quixxi Security provides codeless app protection against hackers looking to clone, tamper, inject malicious code, or exploit a mobile app. A simple drag & drop feature applies a sophisticated set of security layers, for quick & easy mobile app protection.Quixxi is also a monitoring tool with…

What is Acunetix by Invicti?

AcuSensor from Maltese company Acunetix is application security and testing software.

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Onapsis?

Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.

Onapsis Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Comparisons

View all alternatives

Reviews and Ratings

 (4)

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Kelly Cokorudy | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Onapsis is a great tool when it comes to help reduce regulatory compliance issues through an automated continuous compliance process for the IT controls related to regulations. Onapsis has a prime objective of monitoring and protecting ERP systems that have been run on Oracle or SAP platforms. The entire process contains identification, assessment and the elimination of weak points. The service also detects unauthorized charges or network-based attacks.
  • Eliminating the manual process improves the overall accuracy of results and also frees up valuable resources to focus on other different projects.
  • Onapsis provides great leverage to our technical teams in order to review in a standardized way of the landscape.
  • Onapsis always matches vulnerabilities with useful context and finds possible solutions.
  • Onapsis is usually implemented to continuously monitor, and alert us on any issues on the SAP systems. Not only this but implementing Onapsis also eliminates the network on the year-end and month-end audits and helps in making the overall process faster, smooth, efficient as well as accurate.
  • As far as the cons of Onapsis are concerned then Onapsis can be a little more useful if you have the option to classify or even reindex vulnerability scores based on the specific landscape.
  • It has a tedious setup of control management and there are no proper error messages being received on Onapsis which is a drawback for users.
As a user, I would recommend Onapsis for people who are shorthanded in security or basis teams. One thing to be clear is that this is not a cheap product but still every penny counts here. If your SAP system has multiple products and connections then Onapsis is a great tool.
Score 9 out of 10
Vetted Review
Verified User
Review Source
In Tenaris we have used Onapsis to automatically review from a security perspective our complex SAP landscape, which include different products, with both business and technical use cases. It had mainly two different internal clients, our BASIS team for SAP Notes control, and our security architecture team for landscape hardening and vulnerability record.
  • Its a great leverage for our technical teams to review in a standard way all our landscape
  • It shows in a unified and ease to read way different and complex topics
  • Allways match vulnerabilties with usefull context and possible solutions
  • It will be usefull if you could reclasify or reindex vulnerability score based on your specific landscape
  • Graphic connections of the issues map will lead to a better understanding of the real impact in case of a breach and/or exploit
  • Not really much to add here, overall I think that is a great product
It really make sense if you are short handed in security or basis team, that it is most likely to be the case, and have a complex landscape to control. Is not a cheap product, but it worth it if your SAP systems have multiple products and connections, for a single instance or low complexity scenarios, probably will result too much money for the proposed value
Jineshwar Panchal | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Reseller
Review Source
Onapsis helps reduce regulatory compliance issues via an automated continuous compliance process for the IT controls related to regulations such as Sarbanes-Oxley (SOX), GDPR, PCI-DSS and others.

Eliminating this manual process improves the accuracy of results and frees up valuable resources to focus on other projects. We specifically are implementing the Onapsis Security Suite to continuously monitor, and alert us on any issues on the SAP systems.

Implementing the Onapsis Security Suite also eliminates rework on the year-end and month-end audits and helps in making the process faster, efficient and accurate, and in case there are violations in the compliances, Onapsis notifies the team via email regarding it.
  • Implement continuous compliance
  • Gain efficiencies
  • Reduced risk of non-compliance
  • Define specific audit policies
  • More accurate audits
  • Multiple UIs
  • No proper customization of UI log-off
  • Tedious setup of Control component
  • No proper error messages received
Onapsis is divided into 4 major components,
  1. Assess
  2. Comply
  3. Defend
  4. Control
In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix.

In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team.

In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them.

In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.