Executive Perspective: Breaking Barriers to Security Execution

Mariano Nunez is the Co-Founder and CEO of NightDragon portfolio company, Onapsis. Nunez founded Onapsis 10 years ago with a vision to help simplify the process of securing business-critical applications. Today, powered by Onapsis Research Labs, Onapsis products are built and constantly refined by the latest SAP threat intelligence and security guidelines.

With various product releases and enhancements to its product in the last quarter, NightDragon sat down with Mariano to dig deeper into how Onapsis views security execution.

What type of barriers to security execution does Onapsis solve for?

Mariano Nunez, Co-Founder and CEO Onapsis

We know that CIOs and CISOs have some of the hardest jobs on the planet. We founded Onapsis to help them simplify the protection of their business-critical applications, which had been a major gap in their security and compliance programs over the last decade and has now become 10X more critical as these applications move to the cloud.

Applications like SAP support their most important business data and processes, but given their complexity, mission-critical nature, and the lack of SAP cybersecurity skillsets, many executives couldn’t properly protect them.  Through our solutions, we empower them to easily integrate SAP into their security and compliance programs, accelerating their digital transformation initiatives with confidence.

As SAP’s 2027 deadline to migrate to S/4HANA approaches, we are also filling a gap for SAP and Cybersecurity teams as they execute their SAP cloud transformation projects. Security is often seen as a barrier to the initiative, but we are helping enterprises realize they don’t have to choose between security and go-live. This empowers them to drive business outcomes without compromising on security and compliance.

How have you seen the market shift in your time as CEO of Onapsis?

When we founded Onapsis, the phrase “SAP security” was simply a synonym for Identity Management and Segregation of Duties controls. Companies were purely focused on ensuring valid SAP users’ authorizations were restricted to the activities they were supposed to do.

We’ve seen the industry evolve from this to a full-fledged SAP cyber threat landscape where we observe threat actors exploiting SAP vulnerabilities every day (even without an SAP user to begin with) to gain access to sensitive business data and/or perform financial fraud.

Against the backdrop of this increased and evolved threat landscape, the biggest shift in recent years has been how every CIO is moving their SAP systems to the cloud, in order to realize the benefits of modern SAP solutions, which at the same time introduces new exposure and threat vectors that they need to manage.

How are you seeing AI and machine learning transform enterprise application security?

Leaning on these innovations is an absolute necessity for organizations that are continually asked to do more, often with fewer resources. For enterprise application security, AI provides the opportunity to deliver use cases and capabilities that weren’t possible before. We’ve been infusing AI in Onapsis products for several years now, which enable us to detect malicious user activity in SAP applications. This helps defenders detect and respond to incidents they would have missed before and reduces the number of false positives they have to deal with.

You recently announced Onapsis Secure RISE Accelerator. Can you tell us how this will improve organizations’ experience with security and compliance?

RISE with SAP is the biggest initiative that most SAP customers are planning for and executing today. These projects are a massive financial and time investment and critical for senior executives to execute on-time and on-budget. Many leaders have felt that they need to choose between security and hitting their go-live–and that is where we come in. With this new solution that combines our SAP-endorsed technology, threat intelligence and unique expertise, we ensure that organizations can build security into their digital transformations AND hit their go-lives. Ultimately, we are helping clients accelerate and de-risk their RISE with SAP digital transformations.

What emerging risks and trends are you watching in enterprise application security and why is Onapsis uniquely positioned to protect against these risks?

Compared to many traditional attack vectors, enterprise applications like SAP represent a highly lucrative target for threat actors.  Finding and exploiting vulnerabilities in these applications gives them direct access to the crown jewels of hundreds of thousands of large enterprises globally and with a high chance of remaining undetected. A threat intelligence report we released this year shows a marked rise in threat actors discussing and targeting SAP applications in the dark web, which correlates directly to the attacks we see in the field. Of special concern was a 400% increase in ransomware attacks where SAP data and systems have been involved, as threat actors now fully understand that these applications are the lifeblood of modern enterprises.

Onapsis has been laser-focused on solving this problem for the last 10+ years. The Onapsis Research Labs team is unmatched having discovered 1,000+ zero-day vulnerabilities in business applications, and our comprehensive platform has become the industry standard to secure SAP.  This, combined with our strategic partnership with SAP itself, positions Onapsis as the best option for organizations that can’t afford risk when it comes to their digital transformations, business-critical operations, and data.