Does HALOCORE have a SAP certification?

Yes, HALOCORE is SAP Certified for deployment on SAP S/4HANA.

Who are your reference customers?

Microsoft, MARS, Swisscom, Accenture & Infosys are some of our reference customers.

Is it possible to run a proof of concept?

Yes. The customers can experience different use cases of HALOCORE with our remote PoC environment on SECUDE Garden4You.

SECUDE’s GARDEN4YOU is a remote standalone demo environment for performing a PoC with Microsoft Information Protection.

The POC showcases the ability to handle sensitive data from SAP, CAD/PLM using SECUDE’s flagship products HALOCORE and HALOCAD respectively.

To know more and schedule a PoC, visit https://secudegarden4you.com

What are the commonly used sensitive data in an organization that needs protection?

The different types of sensitive data within an organization:

  • Customer (CRM)
  • Finance (FI/CO)
  • HR (HCM)
  • Material (MM/SRM)
  • Production & Logistics (LO/EWM/WM)
  • Pricing (SD/MM/SRM)
  • Reports (BI/BW)

Is there a way to modify the permissions on the data once the data is out of SAP?

By default, HALOCORE puts the “system” as the owner of the exported file. As a result, no user can change the permissions to the file, which ensures the highest security level.

However, as a special case, HALOCORE can be configured to set the user, who downloaded the file, also as the owner of the file. The file owner can change the permissions of any file previously protected.


What are the different modules of HALOCORE?

HALOCORE has three different modules:

  • MONITOR – Monitor all SAP user data exports and downloads
  • BLOCK – Block unauthorized exports out of SAP
  • PROTECT – Access & privilege control for sensitive documents out of SAP

What’s the benefit of HALOCORE?

The data exports of the SAP users are automatically labeled and protected. The exported data are thus subject to the same protection and access restrictions as within the SAP environment. Every data export is logged and can be analyzed in real time.

What SAP modules are typically protected by HALOCORE?

Downloads from any SAP module can be protected, and most commonly those with sensitive data such as FI-CO, HCM, ESS, IDM, IAM, Basis, GRC, etc. are protected.

The definition of sensitive data may vary from business to business, consequently the modules and transactions to protect are selected by the HALOCORE administrator.

What download file types are typically protected by HALOCORE?

Most commonly all files, but they also can be specified: Excel, Word, PowerPoint, txt, CAD, HTML, XML, email, PDF, PPT, ZIP, etc.

Does the HALOCORE module 'MONITOR' provide real-time notification of data leaks?

Yes. HALOCORE reduces risk and helps users stay compliant by providing real-time alerts of sensitive data downloads. Also, all data downloads and extraction activities from SAP are aggregated into a fully customizable audit log, which can be extracted to powerful tools such as SAP Business Intelligence and Analytics solutions.

Is it possible to implement the module 'MONITOR' alone without buying/implementing the complete HALOCORE suite?

Definitely. HALOCORE can be implemented as per the data security requirements of the end user. MONITOR can be installed to meet the client’s data tracking and audit requirements.

In fact, implementing MONITOR is often considered the first step in establishing a comprehensive data security system.

As the MONITOR module of HALOCORE  provides the vital visibility into what happens to downloaded data by tracking and analyzing access to sensitive SAP data exports for enhanced control and compliance, it forms the must-have foundation for subsequent deployment of BLOCK and PROTECT.

SAP GRC detects unauthorized SAP data exports. How does HALOCORE add value and differentiate?

Typically, SAP GRC monitors unauthorized SAP data exports, which basically covers audit and classification of SAP ‘user downloads.

However, HALOCORE does not only do this for individual end users, but also monitors backend API data flows. In other words, it extends the audit and classification functionalities to applications as well.

This is critical to the current complex SAP operations scenario as many protocol-based machine-to-machine communication (APIs) are legacy.

What happens when an unauthorized user opens an encrypted file?

If an unauthorized user tries to open the encrypted file, he will be prompted with an appropriate error message and cannot access the file.

Is it possible to implement HALOCORE BLOCK alone without buying/implementing the HALOCORE suite?

MONITOR is a prerequisite (foundation) on which BLOCK and PROTECT function. Thus, BLOCK cannot function without MONITOR.

However, it does not require installation of PROTECT to function as these two modules function independently, but in parallel, depending upon the user’s requirement.

On what functions and on what interfaces does HALOCORE BLOCK perform?

The BLOCK function of HALOCORE prevents unauthorized exports out of SAP. It prevents data leakage through platforms such as file printing and emailing. It also prevents data leakage from unauthorized exports when using other SAP frontends, such as Business Object (BO) or BEx.

Is it possible to implement HALOCORE PROTECT alone without buying/implementing the HALOCORE suite?

MONITOR is a prerequisite (foundation) on which PROTECT and BLOCK function. Thus, PROTECT cannot function without MONITOR.

However, it does not require installation of BLOCK to function as these two modules function independently, but in parallel, depending upon the user’s requirement.

How does HALOCORE address data leaks in SAP?

HALOCORE plugs the critical security hole in SAP environment by:

  • Blocking data exports, which must not leave SAP
  • Protecting sensitive data, which is needed outside of SAP

What is the architecture of HALOCORE?

Here is the reference architecture of HALOCORE for SAP.

HALOCORE Architecture


What infrastructure components are part of the HALOCORE landscape?

SAP ABAP Server, SAP GUI Client, Windows Server to run the Halocore Central Server and Halocore Service, Microsoft Information Protection Service in the Microsoft Azure Cloud, Network and Firewall.

What changes need to be made to my SAP system?

The HALOCORE ABAP Add-On must be installed. In addition to the ABAP Add-On a few ABAP Code-Changes need to be implemented.

How long will it take to setup a HALOCORE Pilot?

The installation of the ABAP Add-On and the ABAP Code Changes will take 3 hours.

The installation and configuration of the Halocore Central Server and Halocore Service will take 1 hour. The configuration will take 1 hour. The pure installation and configuration therefore take around 5 hours.

How long does it take to implement HALOCORE?

Implementation of HALOCORE is simple and does not require any major external support.

Implementation support will be provided by SECUDE or by a channel partner through whom the end customer buys the solution.

In terms of man days, HALOCORE can be installed within just four to eight days depending upon implementation size and other end-customer related factors.

What is required for Azure/MIP configuration?

User login ID’s and passwords for the HALOCORE Central Server and for end users (individual or group). Azure labels specific to the security levels may be required. Typically, the default labels used with Microsoft Office can be applied.

Does HALOCORE require additional hardware to implement?

No. HALOCORE’s technical components are running on a standard web server on any virtual machine or cloud environment. They scale like any other web server too.

Is there a performance overhead by adding HALOCORE?

There is no performance impact when HALOCORE is monitoring or blocking SAP downloads. The performance overhead caused by HALOCORE while protecting the downloads is very minimal. SAP users will not recognize any impact by HALOCORE.


Which team is required to install HALOCORE in a company?

HALOCORE is an infrastructure software and employees from the following teams are needed for the installation: SAP Basis Administrator, SAP ABAP Developer, Microsoft Information Protection Administrator, Network/Firewall Administrator, Windows Server Administrator.

What are the supported SAP Releases?

SAP NetWeaver 7.00, 7.01, 7.02, 7.31, 7.40, 7.50 and S/4HANA 1511, 1610, 1709, 1809, 1909, 2020.

What are the supported Servers to run the Halocore Central Server and the Halocore Service?

Microsoft Windows Server 64bit, 2012 2012 R2, 2016, Core 2019.

Is it possible to send the HALOCORE log information to a SIEM system (like Splunk or QRadar)?

The HALOCORE log Information can be processed in real time in a SIEM system. A wide number of SIEM systems are supported.

What are the various SIEM solutions supported?

The HALOCORE audit log can be forwarded automatically to all kind of SIEM solutions, like SAP ETD, HP ArcSight, IBM Security Qradar, Splunk, etc.

What are the supported log formats?

Common event format (CEF), Log event extended format (LEEF) & JavaScript Object Notation (JSON).

Does HALOCORE support custom programs and custom transaction codes (z tcodes)?

Yes. You can monitor, block or protect downloads out of any custom program or

Which UI technologies are supported by HALOCORE?

HALOCORE supports all SAP standard UI technologies, like SAP GUI, Web Dynpro, FIORI, etc.

What versions of GRC does HALOCORE support?

Currently we support GRC Foundation ABAP 10.0 (component GRCFND_A, release V1000) or greater, and GRC NetWeaver Plug-In 10.0 (component GRCPINW, release V1000_700) or greater.


What other products must be licensed in order to use HALOCORE in the SAP landscape?

Microsoft Information Protection (MIP) must be licensed.

What Microsoft License is needed for HALOCORE?

The Microsoft 365 E5 license is required to implement automated processes based on Microsoft Information Protection (MIP) in the unstructured data domain. Our solutions extend and integrate this automated MIP approach into the structured data domains of SAP.

To Request a Demo