Xpandion introduces the first solution to combine SoD auditing and behavioral analysis of real-time usage
Tel Aviv, Israel, June 10, 2011: Xpandion, a leading provider of software solutions for enterprise security and licensing products for SAP®, today announced the release of a breakthrough new product, ProfileTailorâ„¢ SoD as part of the ProfileTailorâ„¢ Suite of solutions. Responding to customer demand, Xpandion now provides enterprises with a full SOX/SoD (Segregation of Duties) solution that includes unique behavioral based compensating controls. This solution is also the first that answers a common need of customers to define forbidden combinations, not only according to activities and authorization objects, but also to authorization roles, while including all standard SOX/SoD auditing capabilities.
Based on the unique ability of the entire ProfileTailorâ„¢ Suite to create a dedicated profile based on actual usage, this solution identifies SoD violations on both the static level of granting authorizations - and on the dynamic level, as a compensating control. The out-of-the-box, unique new approach for compensating controls can save enterprises months of manual planning of controls and at least two months annually auditing them. A 'What If' simulator prevents conflicts by testing in advance whether granting a user an authorization role or activity will violate any of the SoD rules --- and prevents any potentially problematic authorizations.
Addressing another common customer requirement, ProfileTailorâ„¢ SoD also allows the definition of SoD violations on the authorization role level. 'Many enterprises have discovered that it is easier for them to define combinations of roles instead of activities when designing their SoD compliance process. For example, they may define the combination of Accountant and Sales Manager - as forbidden,' said Moshe Panzer, Xpandion CEO. 'However, until ProfileTailorâ„¢ SoD, there was no other solution that could support this method of compliance. Instead, these enterprises were being forced to reconstruct their entire matrix of rules to the level of activities, which was an extremely expensive and time consuming process'. Mr. Panzer added that 'according to Xpandion's research, the implementation of ProfileTailorâ„¢ SoD in a company that implemented a role-based rules-set can save the company, on average, 6 months of teamwork.'
External to SAP, the solution is easy to install, deploy and use. It automatically monitors all SAP applications from a single vantage point, analyzes the data, identifies policy violations, and prevents sensitive authorization changes. Tracking users' behavior and sending immediate alerts regarding SoD violations, the solution provides managers the ability to respond to risks in real-time.
Xpandion's webinar on behavior based SoD monitoring will take place on Wednesday, June 29, 2011 at 6PM EDT.