Onapsis Reviews and Ratings

Use Cases and Deployment Scope

Onapsis is a great tool when it comes to help reduce regulatory compliance issues through an automated continuous compliance process for the IT controls related to regulations. Onapsis has a prime objective of monitoring and protecting ERP systems that have been run on Oracle or SAP platforms. The entire process contains identification, assessment and the elimination of weak points. The service also detects unauthorized charges or network-based attacks.

Likelihood to Recommend

As a user, I would recommend Onapsis for people who are shorthanded in security or basis teams. One thing to be clear is that this is not a cheap product but still every penny counts here. If your SAP system has multiple products and connections then Onapsis is a great tool.

Use Cases and Deployment Scope

In Tenaris we have used Onapsis to automatically review from a security perspective our complex SAP landscape, which include different products, with both business and technical use cases. It had mainly two different internal clients, our BASIS team for SAP Notes control, and our security architecture team for landscape hardening and vulnerability record.

Likelihood to Recommend

It really make sense if you are short handed in security or basis team, that it is most likely to be the case, and have a complex landscape to control. Is not a cheap product, but it worth it if your SAP systems have multiple products and connections, for a single instance or low complexity scenarios, probably will result too much money for the proposed value

Use Cases and Deployment Scope

Onapsis helps reduce regulatory compliance issues via an automated continuous compliance process for the IT controls related to regulations such as Sarbanes-Oxley (SOX), GDPR, PCI-DSS and others.

Eliminating this manual process improves the accuracy of results and frees up valuable resources to focus on other projects. We specifically are implementing the Onapsis Security Suite to continuously monitor, and alert us on any issues on the SAP systems.

Implementing the Onapsis Security Suite also eliminates rework on the year-end and month-end audits and helps in making the process faster, efficient and accurate, and in case there are violations in the compliances, Onapsis notifies the team via email regarding it.

Likelihood to Recommend

Onapsis is divided into 4 major components,

<ol><li>Assess</li><li>Comply</li><li>Defend</li><li>Control</li></ol>In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix.

In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team.

In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them.

In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.