HALOCORE FAQ

Yes, HALOCORE is SAP Certified for deployment on SAP S/4HANA.

Microsoft, MARS, Swisscom, Accenture & Infosys are some of our reference customers.

Yes. The customers can experience different use cases of HALOCORE with our remote PoC environment on SECUDE Garden4You.

SECUDE’s GARDEN4YOU is a remote standalone demo environment for performing a PoC with Microsoft Information Protection.

The POC showcases the ability to handle sensitive data from SAP, CAD/PLM using SECUDE’s flagship products HALOCORE and HALOCAD respectively.

To know more and schedule a PoC, visit https://secudegarden4you.com

The different types of sensitive data within an organization:

• Customer (CRM)
• Finance (FI/CO)
• HR (HCM)
• Material (MM/SRM)
• Production & Logistics (LO/EWM/WM)
• Pricing (SD/MM/SRM)
• Reports (BI/BW)

By default, HALOCORE puts the “system” as the owner of the exported file. As a result, no user can change the permissions to the file, which ensures the highest security level.

However, as a special case, HALOCORE can be configured to set the user, who downloaded the file, also as the owner of the file. The file owner can change the permissions of any file previously protected.

HALOCORE has three different modules:

• MONITOR – Monitor all SAP user data exports and downloads
• BLOCK – Block unauthorized exports out of SAP
• PROTECT – Access & privilege control for sensitive documents out of SAP

The data exports of the SAP users are automatically labeled and protected. The exported data are thus subject to the same protection and access restrictions as within the SAP environment. Every data export is logged and can be analyzed in real time.

Downloads from any SAP module can be protected, and most commonly those with sensitive data such as FI-CO, HCM, ESS, IDM, IAM, Basis, GRC, etc. are protected.

The definition of sensitive data may vary from business to business, consequently the modules and transactions to protect are selected by the HALOCORE administrator.

Most commonly all files, but they also can be specified: Excel, Word, PowerPoint, txt, CAD, HTML, XML, email, PDF, PPT, ZIP, etc.

Yes. HALOCORE reduces risk and helps users stay compliant by providing real-time alerts of sensitive data downloads. Also, all data downloads and extraction activities from SAP are aggregated into a fully customizable audit log, which can be extracted to powerful tools such as SAP Business Intelligence and Analytics solutions.

Definitely. HALOCORE can be implemented as per the data security requirements of the end user. MONITOR can be installed to meet the client’s data tracking and audit requirements.

In fact, implementing MONITOR is often considered the first step in establishing a comprehensive data security system.

As the MONITOR module of HALOCORE  provides the vital visibility into what happens to downloaded data by tracking and analyzing access to sensitive SAP data exports for enhanced control and compliance, it forms the must-have foundation for subsequent deployment of BLOCK and PROTECT.

Typically, SAP GRC monitors unauthorized SAP data exports, which basically covers audit and classification of SAP ‘user downloads.

However, HALOCORE does not only do this for individual end users, but also monitors backend API data flows. In other words, it extends the audit and classification functionalities to applications as well.

This is critical to the current complex SAP operations scenario as many protocol-based machine-to-machine communication (APIs) are legacy.

If an unauthorized user tries to open the encrypted file, he will be prompted with an appropriate error message and cannot access the file.

MONITOR is a prerequisite (foundation) on which BLOCK and PROTECT function. Thus, BLOCK cannot function without MONITOR.

However, it does not require installation of PROTECT to function as these two modules function independently, but in parallel, depending upon the user’s requirement.

The BLOCK function of HALOCORE prevents unauthorized exports out of SAP. It prevents data leakage through platforms such as file printing and emailing. It also prevents data leakage from unauthorized exports when using other SAP frontends, such as Business Object (BO) or BEx.

MONITOR is a prerequisite (foundation) on which PROTECT and BLOCK function. Thus, PROTECT cannot function without MONITOR.

However, it does not require installation of BLOCK to function as these two modules function independently, but in parallel, depending upon the user’s requirement.

HALOCORE plugs the critical security hole in SAP environment by:

• Blocking data exports, which must not leave SAP
• Protecting sensitive data, which is needed outside of SAP

Here is the reference architecture of HALOCORE for SAP.

SAP ABAP Server, SAP GUI Client, Windows Server to run the Halocore Central Server and Halocore Service, Microsoft Information Protection Service in the Microsoft Azure Cloud, Network and Firewall.

The HALOCORE ABAP Add-On must be installed. In addition to the ABAP Add-On a few ABAP Code-Changes need to be implemented.

The installation of the ABAP Add-On and the ABAP Code Changes will take 3 hours.

The installation and configuration of the Halocore Central Server and Halocore Service will take 1 hour. The configuration will take 1 hour. The pure installation and configuration therefore take around 5 hours.

Implementation of HALOCORE is simple and does not require any major external support.

Implementation support will be provided by SECUDE or by a channel partner through whom the end customer buys the solution.

In terms of man days, HALOCORE can be installed within just four to eight days depending upon implementation size and other end-customer related factors.

User login ID’s and passwords for the HALOCORE Central Server and for end users (individual or group). Azure labels specific to the security levels may be required. Typically, the default labels used with Microsoft Office can be applied.

No. HALOCORE’s technical components are running on a standard web server on any virtual machine or cloud environment. They scale like any other web server too.

There is no performance impact when HALOCORE is monitoring or blocking SAP downloads. The performance overhead caused by HALOCORE while protecting the downloads is very minimal. SAP users will not recognize any impact by HALOCORE.

HALOCORE is an infrastructure software and employees from the following teams are needed for the installation: SAP Basis Administrator, SAP ABAP Developer, Microsoft Information Protection Administrator, Network/Firewall Administrator, Windows Server Administrator.

SAP NetWeaver 7.00, 7.01, 7.02, 7.31, 7.40, 7.50 and S/4HANA 1511, 1610, 1709, 1809, 1909, 2020.

Microsoft Windows Server 64bit, 2012 2012 R2, 2016, Core 2019.

The HALOCORE log Information can be processed in real time in a SIEM system. A wide number of SIEM systems are supported.

The HALOCORE audit log can be forwarded automatically to all kind of SIEM solutions, like SAP ETD, HP ArcSight, IBM Security Qradar, Splunk, etc.

Common event format (CEF), Log event extended format (LEEF) & JavaScript Object Notation (JSON).

Yes. You can monitor, block or protect downloads out of any custom program or
transaction.

HALOCORE supports all SAP standard UI technologies, like SAP GUI, Web Dynpro, FIORI, etc.

Currently we support GRC Foundation ABAP 10.0 (component GRCFND_A, release V1000) or greater, and GRC NetWeaver Plug-In 10.0 (component GRCPINW, release V1000_700) or greater.

Microsoft Information Protection (MIP) must be licensed.

The Microsoft 365 E5 license is required to implement automated processes based on Microsoft Information Protection (MIP) in the unstructured data domain. Our solutions extend and integrate this automated MIP approach into the structured data domains of SAP.