An information security company will soon release a tool that will allow companies to test their ERP (enterprise resource planning) software for security threats.
The first version of X1 works with SAP business platforms, said Mariano Nuñez Di Croce, director of research and development for Onapsis. The company eventually plans to add modules for Siebel, Oracle and PeopleSoft ERP applications, he said.
Nuñez Di Croce said Onapsis hopes X1 will prove to be a cheaper option for companies wanting to do security testing without hiring expensive outside consultants. Also, many of the tools used to analyze ERP applications are focused more on segregation of duties issues rather than the security of the technological components.
X1 can perform several types of security tests, Nuñez Di Croce said. It can scan applications for vulnerabilities and then show how those vulnerabilities could reveal critical business information.
Current exploits are included in X1, and it's possible to drag and drop exploits to illustrate existing risks "so people are aware of what the vulnerability really means for their business," Nuñez Di Croce said.
If a patch or workaround is available, X1 will show it, and it has a reporting engine that can show detailed vulnerability reports and draw up a mitigation plan, Nuñez Di Croce said.
X1 is capable of checking for violations in SAP platforms of the Payment Card Industry's Data Security Standard (PCI DSS), a set of guidelines for protecting payment card data. The tool can also compare to how the current ERP system's configuration compares with an organization's internal security standards.
Pricing will be based on the size of a company's ERP implementation that a company wants to evaluate, Nuñez Di Croce said. Onapsis can build a personalized demonstration of X1 for company if they're interested, he said.