ACCESS INFORMER

Simplifying the analysis of user authorizations

Access Informer is a simple yet powerful solution to collect, analyze and monitor user authorizations across your key systems

Retake control of user authorizations across your key systems by improving:

KNOWLEDGE

Gain a comprehensive view of “who has access to what” across your key systems

Centrally collect, investigate and report on user authorizations

Get valuable insights and identify critical risks from excessive access

EFFICIENCY

Drastically reduce the effort and complexity in performing periodic reviews of user authorizations

Schedule extractions of user authorizations and automate analysis

Produce detailed analytics to redesign and simplify authorizations

GOVERNANCE

Maintain compliance ruleset within and across key systems

Visualize the status and evolution of risks and compliance violations

Provide key analytics to refine control objectives and set priorities on remediation activites

Average number of days to identify a breach in 2019

Source: IBM 

%

Data breaches involving stolen credentials

Source: Verizon

Average total cost of a data breach is $3.86 million

Source: IBM 

  • Companies with 500+ accounts with non-expiring passwords 61% 61%
  • Companies with 1,000+ sensitive files not protected 58% 58%
  • Average number of stale user accounts 50% 50%

Source: Varonis

Don’t become a statistic!

Next webinar

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

COLLECT AND CENTRALIZE

Capture snapshots of authorizations from SAP®, Active Directory® (AD), Network Shares, and SharePoint®

Schedule and automate the extractions and analysis of user authorizations

Requires only read access to collect user authorization information with no agent or code installed on the target systems

EXPLORE AND REPORT

Perform complex analysis off-line, without impacting the performance of production environments

Leverage built-in queries, intuitive drill-downs and 80+ predefined reports

Identify outliers, suspicious and excessive access

CLASSIFY AND PRIORITIZE

Centrally maintain criticality and tags of security assets

Maintain ownership and relationships between assets

Leverage the classification information in queries, ruleset and compliance reporting

MONITOR AND VISUALIZE

Maintain compliance rules, exceptions and mitigations

Monitor the status and evolution of the company user access risk and compliance posture

Compare snapshots of user authorizations within and across systems

ALERT AND RECOMMEND

Assign severity levels to security and compliance rules and security KPIs

Be notified of compliance violations after each extraction and analysis

CIO - Chief Information Officer

Reduce the risk from excessive user access to sensitive information and critical activities that could lead to fraud, data leakage or compliance issues

Extend the analysis and reporting capabilities of SAP GRC or implement an effective alternative solution at a reasonable cost

Achieve significant ROI by reducing the effort to perform complex analysis of user authorizations

Identify opportunities to reduce user license fees by identifying orphan/stale application accounts

CISO - Chief Information Security Officer

Regain control over ‘who has access to what’ by collecting and centralizing user authorizations across key systems

Apply a risk-based approach by enriching security assets with assigning criticality, tags and ownership information

Prevent incidents and frauds by timely identifying and remediating excessive or conflicting access to sensitive information and critical tasks

Safeguard sensitive security and vulnerability information by hosting the solution on-premise or on a private cloud

SAP Security Manager

Reduce compliance efforts by automating periodic analysis and reviews

Be able to assign the execution of complex analysis and controls to less experienced team members

Accelerate the compliance remediation effort by identifying the root cause for violations and evaluating possible corrective actions

Reduce the need for user testing during migrations/upgrades by identifying missing access

SAP Security Analyst

Perform highly complex analysis without impacting the performance of live environments

Gain significant time by leveraging an intuitive UI with predefined filters, reports, drill-downs, drag & drop, and contextual menus

Benefit from a highly scalable solution; built, tested and used by large companies with 50K+ user accounts

Evaluate the compliance impact from adding/removing roles to an SAP user account in real time

Audit Manager

Leverage predefined filters and custom reports to execute audit plans in a shorter time frame

Conduct audits without the need to gain access to the target systems and without performing time consumming manual downloads and analysis

Explore the user authorization information to identify possible concerns and recommendations

Compare snapshots to focus the audit on key changes to user authorizations since the previous review

Compliance Manager

Visualize the status and evolution of compliance violations

Review the quality of the compliance ruleset and identify incorrect or overly restrictive conditions

Restore snapshots of user authorizations to support investigations and eDiscovery activities

Facilitate the re-certification of user access by focusing on assets and activities flagged as most critical

Help Desk Manager

Accelerate the investigation of missing or excessive access without the need to access or logon to the target systems

Reduce the number of SAP roles or AD groups to maintain by identifying unused assets or opportunities to compress roles/groups

Assess the compliance impact from adding/removing SAP roles to a user during the provisioning process

IAM Project Manager

Support IAM implementations by providing key analytics to build the RBAC role based access model

Provide detailed reporting on the actual access rights, including the changes that may not have been processed through the IAM solution

Integrate a compliance check within the user provisioning process to ensure that the changes do not introduce additional risk that would need to be approved and/or mitigated

Access Informer brings significant added value to a number of key activities

PROVIDE GREATER ASSURANCE

That the access to sensitive information and activities is adequately restricted

That the access of employees that left the organization is timely removed across applications

That employees transferring to new positions within the company do not retain sensitive permissions

That segregation of duty conflicts are monitored within and across key applications

That user authorizations are timely modified to reflect and support organizational changes

ACCELERATE AD-HOC INVESTIGATIONS

Centrally investigate missing or excessive permissions without having to logon to the various target systems

Drill down and identify the root cause for excessive sensitive access and SOD conflicts and prioritize remediation

Simulate the compliance impact of modifying and removing specific SAP permissions

Leverage SAP User Transaction usage in analysis and reports to identify potential misuse of the access

REDUCE THE RISK OF FRAUD AND DATA LEAKAGE

Timely identify and remove excessive and unrequired access

Simplify the review of sensitive and conflicting access when employees change position within the organization

Identify and remove orphan application accounts, which are no longer linked to an active Active Directory account

Archive and restore snapshots of authorizations to support eDiscovery, audits and investigations

IMPROVE COMPLIANCE

Assess and improve compliance with SOX and GDPR

Demonstrate compliance to auditors with minimum effort

Perform quality reviews of compliance rules

Support re-certification of user authorizations

REDUCE OPERATIONAL COSTS

Identify opportunities to remove, merge and simplify authorization to lower maintenance cost

Assess the impact of removing authorizations and reduce the amount of testing required

Generate scripts to automate remediation activities

Review and optimize user licensing

SUPPORT CRITICAL PROJECTS

Provide detailed analytics on user authorizations to support key company projects and initiatives

Timely adjust authorizations with organizational changes, such as mergers, acquisitions, divestitures and outsourcing

Evaluate the risk of sensitive access and SOD conflicts throughout an implementation and prior to a cutover or go-live

SUBSCRIPTION

How is the pricing for the subscription determined?
The pricing of the subscription is based on three main variables:
  • the number of user accounts being monitored
  • the number of systems being extracted
  • and the number of analysts using the Access Informer desktop application
Contact us to schedule a demo or establish a quote
Which type of companies is using Access Informer?
Access Informer is particularly useful to companies that rely on SAP to perform critical business operations while facing strict compliance or legal requirements.
The Access Informer solution can be used either as a companion to SAP GRC Access Controls, to extend the analysis and reporting features, or as an alternative solution.
Who is the typical user of the solution within the company?
The Access Informer solution provides an insight into technical user access information. The solution is currently meant for IT/SAP security, internal controls and audit professionals.
Can we conduct a trial of the solution in our environment?
We provide a Proof of Concept (POC) in the form of a security assessment, conducted over a one-week period and performed on-site (preferred).
Apart from valuable observations and recommendations, the assessment will enable you to gain confidence that the solution operates in your environment and meets your specific requirements in terms of analytics and reporting.
While the POC is a paid assement, its cost can be deducted from the first year of the subscription if contracted within 6 months of the assessment.
Contact us to schedule a one week on-site security assessment with our team. 

INSTALLATION

Is the solution available on-premise?
The Access Informer solution is provided either as on-premise  or hosted on a customer private Azure Cloud.
The backend of the application is typically hosted on a dedicated MS SQL Server to store the snapshots of user authorizations.
Private Azure cloud, managed by the customer, can also be used.
Why is the solution not available as SaaS?
We choose not to provide the solution as a service (SaaS) due to the sensitivity of the user authorization information which could be used to identify and potentially exploit specific vulnerabilities and misconfigurations.
We strongly believe that such critical information should only be collected and accessible by and within your company.
Does the extraction process requires any agents or code on the target systems?
The Access Informer solution is non-intrusive and only requires read-only permissions to extract the user authorizations. No agent/script is required on target systems. No ABAP code to be deployed to SAP clients.
This architecture simplifies a rapid and safe deployment of the solution to multiple target systems within your organization.
The solution only embeds a stricly limited number of commercial components, for example an SAP certified connector and a reporting component. The solution does not embed open-source components to limit the supply chain risk.
How is the Access Informer Desktop deployed?
The desktop/frontend application is available as a single windows executable file, digitally signed with an Extended Validation (EV) Code Signing Certificate from GlobalSign root certification authority.
Installing and running the Access Informer desktop application onsly requires standard user rights on your workstation (i.e. no local administrator rights required).
Updates of the application are made avaiable to our customers through a secure business portal.
The timing of the deployment of the updates is controlled by the customer and performed through a self-updating mechanism without the need for MSIs ad GPOs.
Can the solution be deployed in Zero Trust environments?

Yes, the Access Informer solution can be deployed, and is currently used, in Zero Trust Environments.

The frontend can be accessed via a Citrix/VM environment.

Minimal network confirguration is required to enable the communication between the frontend and the SQL backend of the solution and between the backend and the target systems from which user authorization information is extracted.

Is the solution compatible with SAP S/4HANA?

Yes, the Access Informer solution can be used with most SAP releases from 4.6C to the latest S/4HANA version, with the exception of the Public Cloud edition of SAP S/4HANA.

The Public Cloud edition of SAP S/4HANA is currently restricted by SAP to only access the application through FIORI apps and does not provide any connectivity options such as RFC, SAP GUI or ODBC for integrations with in-house or third party applications.

Our mission is to help protect companies by providing unparalleled visibility over user authorizations and the timely identification of incorrect and excessive access to critical IT systems

SUBSCRIPTION

Annual or project-based subscription

Includes application installation, configuration, updates and support

Database configuration of MS SQL Server for hosting snapshots

Conduct initial training on Access Informer desktop application

Provide Managed Extraction Service (optional)

CONSULTING

Review the quality of GRC/compliance ruleset

Accelerate remediation effort for sensitive access and SOD conflicts

Development of custom connectors and .NET solutions integrated with SAP

Review and optimize SAP licensing

Provide training on SAP and AD Security and auditing

SECURITY ASSESSMENT

One week on-site security assessment, starting at CHF 12,000 all-inclusive

Produce additional reports and analytics to support any customer initiatives and projects

Conclude the week with a presentation of the key observations and recommendations

The cost of the assessment is deducted from the Access Informer annual subscription (if contracted within 6 months of the assessment)

MAIN OFFICE

Access Informer Security Solutions AG
c/o Cofigest Management SA
Chamerstrasse 77
6300 Zug, Switzerland
Phone  +41 (0) 41 588 07 32
VAT Number: CHE-231.957.314
DUNS Number: 486659647

SALES OFFICE

Access Informer Security Solutions AG

unlimitrust campus
Rte des Flumeaux 46
1008 Prilly, Switzerland
CYRIL HAUPPERT

CYRIL HAUPPERT

Founder / Director

15+ years of experience in IT Consulting, Audit and Security roles in large companies including Sun Microsystems, KPMG, Altria/Philip Morris and Kraft Foods

Combines Business Degree from ESCP Europe with IT Security expertise

Achieved key IT Security and Project Management certifications, including CISSP, CISA, CISM, CGEIT, CRISC, ABCP, and PMP

PIERRE-YVES CATTIN

PIERRE-YVES CATTIN

Business Development Manager

 

Business Development and Innovation activities with 10+ years experience as Area Sales Manager in Multinational Listed Companies. 5 years as Project Manager.

B2B experience in technological sectors: Electrical equipment, sensors industry, rail, energy, automotive, process automation and power electronic sectors

ADAM KONIUSZEWSKI

ADAM KONIUSZEWSKI

Business Development Advisor

Fellow of Order of Chartered Professional Accountants of Quebec (Canada)
Chartered Financial Analyst (CFA)

Finance, risk management and audit/internal controls professional with fraud investigation experience and an international track record in Big Four / Fortune 100 and private-sector & non-profit board experience

MICHAEL FLÜHLER

MICHAEL FLÜHLER

Operations Advisor

Seasoned professional in the areas of management consulting and corporate finance

Extensive experience in management positions and leading strategic, international projects for renowned companies in the Financial Service, Consultancy and FMCG industries

Master in Economics and a master in advanced European Studies

ANTONIO FONTES

ANTONIO FONTES

Technical Advisor

OWASP Geneva: Chapter leader

Web application threats and countermeasures

Secure development lifecycle

Penetration testing and vulnerability assessment

Software threat modelling and risk analysis

Startup Grind

Access to technical resources for our customers and business partners

Loading...