Answers to common questions

SAP Cyber Defense

Product-related Questions
General SAP Security Questions
How big is the effort to maintain Relevan-C? We don't want to roll out updates to all our SAP servers every few months.

While Relevan-C requires a transport to be installed on every monitored SAP ABAP server, this installation will not require further updates. Only the central analysis engine of Relevan-C is updated. And this is done in 5 minutes.

We already use SIEM solutions. Why would we need a cyber security scanner?

Efficient cyber defense works by preventing unauthorized access as the first line of defense and by monitoring the systems and network for dangerous events as the second line of defense. Both lines of defense are relevant. SIEM solutions provide monitoring, while Cyber Security Scanners provide prevention.

Does CAIBERP provide SIEM capabilities?

Yes, Relevan-C also analyzes logs for critical security events, applying a combinatory logic in order to avoid false alarms.

Does Relevan-C work on S/4HANA?

Yes, Relevan-C runs on any S/4HANA release.

Does Relevan-C work on SAP RISE?

Yes, Relevan-C can also be installed on SAP RISE systems.

Does Relevan-C cover SAP BTP?

Yes, Relevan-C also covers SAP BTP.

Can Relevan-C scan our SAP Cloud Connector installations?

Yes, Relevan-C can also perform automated analysis of all SAP Cloud Connector instances in your landscape, if you purchase a license for at least one ABAP system line.

How are Relevan-C and Transparen-C licensed?

All our product licenses are based on system lines. This means that if you purchase a license for a production system, all staging systems in the corresponding system line are also licensed, i.e. sandbox, development, test, pre-prod, ...). Customers can choose between perpetual licenses with a yearly maintenance fee and a subscription model.

Is it possible to evaluate Relevan-C and Transparen-C ?

You can evaluate both solutions in a Proof of Value project at no cost. Please contact us for further details.

What is your definition of an SAP system line?

An SAP system line comprises all staging systems belonging to one production system, i.e. sandbox, development, test, pre-production, ...

We already have Anti-Virus for SAP. Why should we buy Transparen-C?

Conventional Anti-Virus solutions for SAP search for conventional viruses, i.e. viruses that come in via executables, office documents such as PDF and Word files or Images. Transparen-C checks if SAP transports are infected by ABAP-based malware. This is a totally different attack vector.

How can Transparen-C protect SAP systems, if it is not even installed on a single SAP system?

When monitoring a SAP landscape for ABAP-based malware, a solution must not be installed on an SAP system. This is because ABAP-based malware can instantly re-write any security tools written in ABAP. Therefore Transparen-C is installed on an isolated server that monitors all file shares containing ABAP transports.

How big is the performance impact of your solutions on our SAP landscape?

The performance impact is negligible, since once the relevant data is extracted from an SAP system, all analysis is done on a central non-SAP server.

So far, we haven't done anything in SAP cyber security. Where should we start?

In that case, we recommend an Initial Risk Assessment. It will provide an overview over your most critical risks as well as the good practices that are already in place. This is the best starting point for an SAP security initiative.

How can we make sure that our SAP security budget is spent where it is most needed?

Attackers will focus on the weakest link in your defense. This is where you should spend your security budget. An Initial Risk Assessment identifies your weakest links and enables you to devise a plan which risks require your attention most.

We have all our SAP roles and authorizations under control. Isn't that enough security?

Unfortunately not. Attackers will aim at the weakest link in your defense. One missing critical patch, one configuration glitch, one backdoor in your custom code or one major vulnerability in a 3rd party solution might allow an attacker to bypass all the other efforts you have made.

We invested a lot in SAP security. Can we actually measure how solid our SAP cyber defense is?

Yes, this is possible. Please contact us for further details.

Are there any critical risks in our SAP landscape we may have overlooked?

Maybe. We recommend performing an Initial Risk Assessment, which will give you a complete overview of any relevant risks in your landscape.

If someone was able to connect to our internal network, could they gain access to our SAP systems?

If any of your SAP systems lack certain basic hardening steps, then such access is possible. If you are interested in learning about such critical risks, please get in touch with us.

We have an ABAP code scanner that shows a vast number of findings in custom code. How should we manage this?

ABAP security is a complex topic. And even advanced scanners do not produce 100% reliable results. As a consequence, a lot of manual post-analysis might be required. However, this effort can only be justified, if you equally address all other risk domains as well: patch management, system hardening, interface security and basis authorizations. An attacker will always go for the weakest link in your defense. But that is very likely not your custom code.

We work with external developers. If they wanted to do harm - how far would they get?

Developers can at any time compromise the development system they are working on including the underlying operating system. How far they would get depends on which systems the development system has network access to. If you are not certain about these risks, we recommend talking with us about an Initial Risk Assessment, which will answer many more questions on top.

If we install your software, does it connect to the Internet or cloud applications?

While our solutions provide an option to automatically download new patterns and versions from our web server, this option is disabled by default. We believe that cyber security solutions should increase a company's attack surface as little as possible. That's why our solutions are 100% on-premises.

Should we scan our SAP solution manager systems, too?

Yes, definitely. Attackers will aim at the weakest link in your defense. All systems should be monitored.

Should we scan our development or sandbox systems, too?

Yes. Attackers will aim at the weakest link in your defense. All systems should be monitored.

What damage can ABAP-based malware do to our company?

We give frequent talks at security conferences about the damage potential of ABAP-based malware. It is huge. Please contact us in case you would like us to give such a talk in your company.

Are ransomware attacks possible on SAP installations?

Yes. However, the classical encryption approach is not the smartest way to attack an SAP system. We are engaged in ethical ABAP malware research. Please contact us for further details.

We have anti-virus running for the SAP Virus Scanner Interface (VSI). Does this protect us from ABAP-based malware?

Most probably not. But you can find out. We have build ABAP-based malware in order to test cyber defense capabilities. Please contact us for details.

We are a security consulting company. Can we use Relevan-C in our projects?

Absolutely. Relevan-C has a licensing model for projects as well. Please contact us for further questions.

Address
Hauptstrasse 25
69117 Heidelberg
Germany
Phone
+49 (0) 6221 32182460

You can reach us during our business hours between 09:00 and 17:00 CET

General Questions
contact@caiberp.com

For general questions and inquiries about our products

Partnering
partner@caiberp.com

For companies interested in our partner program

Imprint
Privacy Policy
CAIBERP © 2025.  All Rights Reserved.