April 2025. A US chemicals company. A SAP NetWeaver system exposed to internet access. Within three days, attackers move from initial scanning to full compromise of the system with the Auto-Color malware.
The whole incident ended successfully thanks to the rapid response of anomaly-detection systems. But the question remains: how could this happen in the first place?
The answer is simpler than you might think: traditional antivirus software cannot see what is happening inside SAP.
A problem few people talk about
Consider a simple scenario.
You have corporate antivirus software from McAfee, Trellix, SOPHOS or another reputable vendor. You have a next-generation firewall. You have a security event management system. You have everything you need.
And yet your SAP system can be infected with malware for weeks without anyone noticing.
Why?
Because SAP has its own, internal file storage architecture. Data does not simply sit in a regular Windows or Linux file system, where traditional antivirus software could scan it. It resides in the SAP database. In SAPCAR archives. In memory. In places that ordinary antivirus software simply cannot access.
SAP has for years provided the SAP NetWeaver Virus Scan Interface (NW-VSI). The problem? Standard antivirus software is not compatible with it.
It is like having the best locks on your doors while leaving the windows wide open.
bowbridge: antivirus software that “understands” SAP
This is where bowbridge Software GmbH comes in.
This is not “yet another antivirus tool”. It is the only malware protection solution designed from the ground up specifically for SAP - both for on-premises and cloud deployments.
What makes bowbridge unique?
In-memory scanning. bowbridge scans files directly in SAP’s memory. It does not need to write them temporarily to disk, which would slow the system down and generate unnecessary disk operations. It simply analyses the data stream in real time. The result? Maximum performance without compromising security.
Native integration with SAP NetWeaver VSI. bowbridge operates inside SAP, not alongside it. It integrates directly with SAP’s virus scanning interface at the kernel level. This means access to every file transferred, regardless of the application - whether SAP ERP, CRM, SRM, e-recruitment, mobile documents or custom applications.
Detection of XSS attacks in files. Twenty-five per cent of SAP security notes relate to Cross-Site Scripting vulnerabilities. bowbridge detects and blocks XSS attacks hidden in files - even when obfuscated or concealed. This is not a standard feature of traditional antivirus programs.
Full access to SAPCAR archives. SAPCAR is an archive format specific to SAP. bowbridge can look inside these archives and scan their contents. Traditional antivirus? It only sees the external .SAR file and cannot open it.
Blocking active content. Macros in Excel and Word files, JavaScript code, the use of OLE and DDE mechanisms - bowbridge detects and blocks malicious active content across various file formats in line with defined security policies.
Filtering based on actual file content. Attackers often change file extensions to bypass simple filters. A file with a .jpg extension that is actually an executable program? bowbridge analyses the actual content of the file, not its name or extension.
Real threats: case studies from the front line
These examples are not theoretical. They are real attacks from 2024-2025.
Case 1: Auto-Color malware and the CVE-2025-31324 vulnerability
April 2025, USA, a chemicals company
It all started with a scan. On 25 April, attackers identified a vulnerable SAP NetWeaver instance exposed on the internet. Two days later, the real attack came.
They exploited a security vulnerability designated CVE-2025-31324. It received the maximum criticality score - 10 out of 10. This vulnerability in the SAP NetWeaver Visual Composer component allows unauthorised file uploads without authentication.
Attack timeline:
-
27 April: Upload of a malicious ZIP archive via the /developmentserver/metadatauploader path
-
27-28 April: DNS tunnelling and suspicious network connections
-
27 April (10 hours later): Download of the config.sh script
-
28 April: Download of the Auto-Color malware (a Linux executable)
Auto-Color is an advanced remote access trojan that:
-
Disguises itself as a system log file: /var/log/cross/auto-color
-
Uses the ld.so.preload mechanism to maintain persistence in the system
-
Communicates with a command-and-control server via an encrypted TLS connection
-
Feigns dormancy if it cannot connect to the command-and-control server, making detection more difficult
Effect: Full system compromise. Access to the database. Potential to move laterally to other systems on the network. Potential to modify business logic, steal financial data, install ransomware.
Problem: Traditional antivirus software detected nothing during the file upload. Why? Because the file was uploaded through the SAP interface, not through the operating system.
Case 2: Ransomware groups target SAP
May 2025, global attacks
Criminal groups operating ransomware - RansomEXX and BianLian - joined attacks on SAP NetWeaver, exploiting the same CVE-2025-31324 vulnerability.
The malware installed by the RansomEXX group included:
-
The modular PipeMagic backdoor
-
The Brute Ratel C2 remote control tool
-
Exploitation of the CVE-2025-29824 vulnerability in Windows
-
Web shells named: helper.jsp, cache.jsp
581 SAP NetWeaver instances were infected by a single attacker (the China-linked Chaya_004 group). The files were stored on an open server - researchers at Forescout found the full list of victims.
What is more - the attackers did not limit themselves to a single vulnerability. They exploited 8 different vulnerabilities across various systems:
-
CVE-2017-9805 (remote code execution in Apache Struts2)
-
CVE-2021-22205 (remote code execution in GitLab)
-
CVE-2025-31324 (SAP NetWeaver)
-
and others…
This was a professional operation with contingency plans and multiple attack vectors.
Case 3: Chinese intelligence groups target critical infrastructure
2024-2025, United Kingdom, USA, Saudi Arabia
At least three China-linked cyber-espionage groups (UNC5174, UNC5221, CL-STA-0048) targeted SAP NetWeaver as part of attacks on critical infrastructure.
Targets in the United Kingdom:
-
Natural gas distribution networks
-
Water and waste management facilities
Targets in the USA:
-
Manufacturers of advanced medical equipment
-
Oil exploration and production companies
Targets in Saudi Arabia:
-
Ministries responsible for investment strategy
-
Financial regulatory bodies
Motive? Economic espionage. Gathering economic intelligence, mapping critical infrastructure, preparing for potential sabotage operations.
Techniques:
-
The SNOWLIGHT downloader
-
VShell implant tools
-
In-memory code execution
-
Techniques for concealing activity at runtime
Problem: These attacks often go undetected for months. State-sponsored actors have the patience and resources for long-term operations.
Case 4: Malicious PDF files in SAP
December 2024, CVE-2024-47578
SAP patched a series of PDF-related vulnerabilities:
-
CVE-2024-47578 (rated 9.1 out of 10) - a Server-Side Request Forgery (SSRF) vulnerability
-
CVE-2024-47579 - Unauthorised file access via PDF font uploads
-
CVE-2024-47580 - PDF attachments carrying files from an internal server
Attackers with administrative privileges could:
-
Upload malicious PDF files with custom fonts
-
Attach files from an internal server to PDF documents
-
Extract confidential business information
-
Gain access to intellectual property
Even authorised users can pose a threat - through social engineering, compromised credentials or insider threats.
Expert voice: Jarosław Kamil Zdanowski, Partner at SNOK, SAP Cybersecurity & Basis
“Over the past 18 months, we have observed a dramatic increase in attackers’ interest in our clients’ SAP systems. These are no longer occasional attempts - they are systematic, professional campaigns. We repeatedly encounter situations where an organisation has corporate antivirus software on its servers, has next-generation firewalls, has security event management systems - and yet remains completely defenceless against malware uploaded directly through SAP interfaces.
What is worse, most of our clients are not even aware they have this problem. Until we perform a security audit and show them that traditional antivirus software simply cannot see what is happening inside SAP, they do not believe it. And then, when we run a simple test uploading an EICAR test file through a SAP transaction, and their antivirus detects nothing - that is when the ‘aha’ moment comes.
bowbridge is the only solution on the market that truly understands SAP’s architecture. We have worked with this tool for years and see its value in practice - it not only blocks threats, but does so in a way that does not interfere with users’ normal work. That is crucial, because safeguards that obstruct the business do not survive long in production.”
Why is all this happening?
The simple answer: SAP is a goldmine.
A SAP system within a large organisation contains:
-
Financial data - profit and loss statements, balance sheets, cash flows
-
Customer data - personal information, purchase history, contracts
-
Supplier data - pricing, terms, supply chain information
-
Intellectual property - formulas, designs, R&D data
-
Operational data - production schedules, inventory levels, logistics
These are the crown jewels of any company. One compromised SAP system means the potential compromise of an entire business.
And SAP is everywhere. In Fortune 500 companies. In manufacturing. In finance. In energy. In healthcare. In government administration.
77% of global business transactions pass through SAP systems.
bowbridge in action: how does it work?
Let us look at how bowbridge would defend against the scenarios above.
Scenario 1: Uploading a malicious file
Without bowbridge:
-
A user or attacker uploads a file through a SAP interface (for example, a CV in an e-recruitment system, a document in a CRM system, an invoice in an SRM system)
-
The file lands in the SAP database
-
Traditional antivirus software sees nothing (as it has no access to SAP’s internal structures)
-
The malware waits to be executed
With bowbridge:
-
A user or attacker attempts to upload a file
-
SAP NetWeaver VSI automatically redirects the file to bowbridge
-
bowbridge scans the file in memory using the Trellix or SOPHOS engine
-
If malware is detected → the upload is blocked
-
An alert is sent to the administrator and the event is logged
-
The file never enters the system
Scenario 2: An XSS attack hidden in a file
Without bowbridge:
-
An attacker uploads an HTML or JavaScript file with obfuscated XSS attack code
-
The file is stored in SAP
-
Another user opens or previews the file
-
The XSS code executes → session hijacking, credential theft, CSRF attacks
With bowbridge:
-
An attempt is made to upload a file containing XSS code
-
bowbridge analyses the file’s content (not merely its extension)
-
It detects the XSS attack code despite obfuscation
-
The upload is blocked
-
The attack is stopped before execution
Scenario 3: Office documents with macros
Without bowbridge:
-
A phishing message with an Excel or Word attachment containing a malicious macro
-
The user uploads the document to SAP (for example, as part of an order)
-
The file is saved in the system
-
The next user downloads and opens the document → the macro executes
With bowbridge:
-
The Office document is uploaded
-
bowbridge detects the presence of macros
-
Policy check: “are macros permitted for this document type?”
-
If NO → blocked
-
If YES → the macro content is scanned for malicious behaviour
-
Decision: allow or block
Scenario 4: File type masking
Without bowbridge:
-
An attacker prepares an executable file containing malware
-
The extension is changed to .pdf
-
The file is uploaded to SAP
-
A simple filter checks only the extension → “OK, it’s a PDF”
-
The malware is in the system
With bowbridge:
-
The file “malicious_program.pdf” is uploaded
-
bowbridge checks the file’s actual content (MIME type analysis)
-
“This isn’t a PDF, it’s an executable!”
-
The upload is blocked despite the extension appearing legitimate
SAP certification: no ordinary badge
bowbridge Anti-Virus has achieved SAP certification four times - once every three years for more than 12 years.
This is the longest certification track record in the industry for content security solutions in SAP systems.
What does SAP certification mean?
-
Rigorous testing carried out by SAP
-
Confirmation of compatibility with SAP NetWeaver
-
Compliance with SAP S/4HANA
-
Verification that the solution does not break SAP functionality
-
Ongoing support and updates
SAP does not certify just anything. The process is lengthy, costly and demanding. The fact that bowbridge has done this regularly for more than 12 years is a strong signal of quality and commitment.
bowbridge 4.0 Cloud: because the future of SAP is in the cloud
SAP is heavily pursuing a cloud-first direction. SAP RISE. SAP S/4HANA Cloud. SAP Business Technology Platform (BTP).
The problem? The shared responsibility model.
In the cloud, SAP is responsible for the infrastructure, but the customer is responsible for application security. In other words: SAP takes care of the network, data storage and compute power. But malware protection within your SAP instance? That is your responsibility.
Enter: bowbridge Anti-Virus 4.0 - Cloud
Why does the cloud require a different approach?
Traditional on-premises antivirus is installed on the application server. It has access to the operating system. It can read files from disk. It can spawn processes.
In SAP RISE and private cloud, you have no access to the operating system level. You cannot install software on the server. You cannot modify system files.
bowbridge 4.0 Cloud resolves this through a hybrid SaaS model:
-
Scanning clusters in your preferred cloud (AWS, Azure, Google Cloud)
-
Integration via SAP VSI (no need for operating system access)
-
Management via a web portal and SAP personalisation
-
No local processes, no configuration files at the operating system level
-
High availability and load balancing built in from the ground up
Deployment in 15 minutes
This is not marketing hype. bowbridge Cloud can genuinely be deployed in under 15 minutes:
-
Automatic launch of a scanning cluster in your cloud
-
Configuration in the SAP VSCAN transaction (a few clicks)
-
Choice of scanning engine: Trellix or SOPHOS
-
Test upload of a malware sample (EICAR test file)
-
Done
Zero changes to your SAP application code. Zero downtime. Zero risk.
SNOK: expertise that makes the difference
Having bowbridge is one thing. But how do you configure it optimally? How do you tailor security policy to your business’s specifics? How do you respond to incidents?
This is where SNOK comes in.
SNOK is a company with more than 25 years of experience in IT advisory, specialising in SAP security, cybersecurity and intelligent automation. In the context of bowbridge, we offer:
Voice of the CEO: Jacek Bugajski - SNOK
“Cybersecurity in SAP is not a single product or tool - it is a comprehensive strategy. That is why, at SNOK, we take a holistic approach to securing our clients’ SAP environments. It is not just about deploying technology, but about understanding the business, its processes and its real threats.
Our partnership with bowbridge is a natural element of this vision. bowbridge complements our solutions portfolio perfectly - from hard technical aspects such as SAP Basis security, through penetration testing, to regulatory compliance and governance. This is not an accidental choice of partner - it is a considered strategic decision.
We see that clients need more than a software ‘box’ - they need genuine expertise. Someone has to know how to configure bowbridge so that it does not block critical business processes. Someone has to be able to integrate it with the entire security stack. Someone has to be able to respond quickly when something goes wrong.
At SNOK, we have more than 25 years of experience with SAP. We know these systems inside out - from the ABAP stack to S/4HANA Cloud, from NetWeaver to BTP. This knowledge, combined with the best tools such as bowbridge, gives clients genuine security, not just security on paper. And that is our mission - to deliver solutions that work in practice, not just in presentations.”
Deployment and configuration
At SNOK, we know that every organisation is different. Different business processes, different risks, different priorities.
Example: a manufacturing company versus a financial firm versus a healthcare provider - each has different requirements regarding what files may be uploaded and by whom.
SNOK helps with:
-
Assessing the current state of SAP security
-
Designing a security policy tailored to the business
-
Deploying bowbridge (on-premises or in the cloud)
-
Integrating with existing systems (SIEM, ticketing systems, monitoring)
-
Tuning to minimise false positives
Testing SAP security
Installing bowbridge is only the beginning. SNOK carries out regular penetration tests of SAP systems, including:
-
Uploading malicious files through various interfaces
-
Attempts to bypass content security controls
-
Testing XSS attack vectors
-
Attempts to exploit active content
-
Social engineering scenarios
Result: verification that bowbridge effectively protects in practice, not just in theory.
Incident response
When the worst-case scenario occurs - an attempted attack or an actual breach - response time is critical.
SNOK offers:
-
24/7 emergency response for SAP incidents
-
Forensics - what happened, how and when
-
Isolation - containing the threat
-
Remediation - removing malware, patching
-
Post-incident review - lessons learned
Regulatory compliance and audits
In regulated industries (finance, healthcare, energy), regulatory compliance is not optional - it is a requirement.
bowbridge helps meet standards including:
-
PCI-DSS (payments industry)
-
HIPAA (healthcare)
-
ISO27001 (information security)
-
NIS2 (network and information security)
-
GDPR (personal data protection)
SNOK prepares documentation for auditors, demonstrating that the organisation has effective controls in place to protect against malware within SAP.
Real-world impact: the numbers speak for themselves
Over 1,000 bowbridge installations worldwide at leading enterprises.
What do users say?
Ferenc Mate, SAP expert at Phoenix Contact: “It is our opinion that bowbridge is a clear market leader when it comes to protecting SAP against malware.”
Kyle L. Hammer, 3M Corporation: “This is the level of support we expect from many of our vendors, and it’s refreshing to find companies that deliver on and value these commitments.”
Raimund Fechtner, ESH: “The benefits of bowbridge Anti-Virus for SAP Solutions are obvious.”
Concrete metrics
Detection effectiveness: over 99.9% for known malware (based on the Trellix and SOPHOS engines)
Performance impact: less than 1% overhead (thanks to in-memory scanning)
False positive rate: below 0.01% (after proper tuning)
Deployment time:
-
On-premises: 1-2 days
-
Cloud: under 15 minutes
Return on investment: Typically achieved within the first year (the cost of a single malware incident significantly exceeds the cost of bowbridge)
Comparison: bowbridge versus traditional antivirus
The 2025 threat landscape: what lies ahead?
Attacks on SAP will only intensify.
Trend 1: Ransomware as a service. You no longer need to be a technical genius to attack SAP. You buy a ready-made toolkit on the dark web, paying a commission on success. The barrier to entry is dropping dramatically.
Trend 2: AI-assisted attacks. Machine learning is being used to optimise malware, evade detection and automatically exploit vulnerabilities. Attacks will become faster and more sophisticated.
Trend 3: Supply chain compromise. Instead of attacking a large corporation directly, attackers target its supplier. A single exploited vulnerability propagates through the entire chain.
Trend 4: Cloud-native threats. SAP in the cloud means new attack vectors. Misconfigured permissions, exposed development interfaces, container escapes.
Trend 5: A booming zero-day market. Demand for SAP zero-day vulnerabilities is only growing. Prices reach USD 250,000 for a single exploit. This attracts more sophisticated attackers.
What to do next? An action plan
If you run SAP and do not have bowbridge (or a similar solution), here are concrete next steps:
Step 1: Assessment (week 1)
Check your current state:
-
Do you have any malware protection in SAP?
-
Is the VSCAN transaction configured?
-
What files can be uploaded, and by whom?
-
Do you have logs of uploaded files?
SNOK can carry out a rapid security assessment - typically within 3-5 working days.
Step 2: Proof of concept (weeks 2-3)
Proof of concept with bowbridge:
-
Test installation in a development or quality system
-
Upload of an EICAR test file (a harmless sample for testing)
-
Verification that bowbridge blocks it
-
Performance testing
-
Testing integration with applications
Step 3: Policy design (weeks 3-4)
Determine what should be blocked:
-
All executable files?
-
Office documents with macros?
-
Archives?
-
Specific MIME types?
A balance between security and business functionality. SNOK helps a great deal here.
Step 4: Production deployment (weeks 4-6)
Go-live in production:
-
Installation in the production system
-
Activation in the VSCAN transaction
-
Initial monitoring-only mode (logging only, no blocking)
-
Log review for false positives
-
Switching to blocking mode
Step 5: Ongoing management
Security is not “set and forget”:
-
Regular updates to scanning engine definitions
-
Weekly review of security logs
-
Adapting policies as the business evolves
-
Periodic penetration testing
-
Readiness for incident response
Regulatory compliance: not just box-ticking
Many organisations treat regulatory compliance as a burdensome necessity. Box-ticking ahead of an audit.
But in the context of SAP, enforcing compliance often requires technical controls.
PCI-DSS Requirement 5: “Install anti-virus software on all systems commonly affected by malware” → Does SAP store payment card data? You need antivirus. bowbridge meets this requirement.
HIPAA Security Rule: “Implement procedures to guard against malicious software” → SAP in healthcare with patient data? Malware protection is a requirement.
ISO27001 Control A.12.2.1: “Controls against malware” → Auditors will ask: “how do you protect SAP against malware?” bowbridge is a clear answer.
NIS2 Article 21: “Security of network and information systems” → Critical infrastructure in the EU must have appropriate technical measures in place. bowbridge supports compliance.
bowbridge not only provides technical protection, but also delivers evidence for auditors:
-
Logs of all scanning events
-
Reports of blocked threats
-
Proof that the solution is active and up to date
-
Evidence of due diligence
Common questions and myths
Myth 1: “We have a firewall, so SAP is secure” A firewall protects the network perimeter. It does not protect against:
-
Phishing attachments
-
Insider threats
-
Compromised user credentials
-
Lateral movement from other systems
Myth 2: “Our SAP isn’t on the internet” Perhaps not directly, but:
-
Access via VPN?
-
Third-party integrations?
-
Cloud connectivity?
-
Mobile applications?
Plus: most breaches involve insider threats or compromised credentials.
Myth 3: “It’s too expensive” Compared to what? To the cost of a compromise?
-
Ransomware payments: on average USD 1-5 million
-
Downtime: USD 100,000-500,000 per hour
-
Data breach fines: up to EUR 20 million under GDPR
-
Reputational damage: priceless
bowbridge typically costs a few tens of thousands of dollars per year. A single prevented incident delivers an immediate return on investment.
Myth 4: “SAP has built-in security” SAP has an authorisation system. Transaction codes. Segregation of duties.
But it does not have built-in malware protection. NW-VSI is only an interface. Someone has to provide the actual scanning capability.
Myth 5: “Deployment will be complicated” bowbridge 4.0 Cloud: under 15 minutes. bowbridge on-premises with SNOK’s help: 1-2 days.
This is not a months-long project.
A concrete example: how it might look in practice
Imagine a Polish manufacturing company. EUR 500 million in revenue. SAP ERP on-premises plus a planned conversion to S/4HANA Cloud.
Problem:
-
No malware protection in SAP
-
Auditors flag this as a critical finding
-
The planned cloud conversion requires security compliance
-
A recent phishing incident - malware-laden attachments were uploaded by users
SNOK + bowbridge solution:
Weeks 1-2: Assessment
-
SNOK carries out a review of the SAP environment’s security
-
Identifies 15 different file upload points (MM, SD, HR, custom applications)
-
Finds several “test” files that look suspicious
Week 3: Proof of concept
-
bowbridge installed in the QA system
-
Testing with various file types
-
Performance measurement
-
Zero impact on applications
Week 4: Policy design
-
Workshops with business stakeholders
-
Determining permitted file types per application
-
Designing an exception process for special cases
Weeks 5-6: Production deployment
-
Installation in the production environment
-
1 week of monitoring only
-
Review: 2 false positives (quickly resolved)
-
Blocking mode activated
Months 2-3: Stabilisation
-
Policy tuning
-
User communication and training
-
Integration with ServiceNow for incident tickets
Month 4 onwards: Ongoing management
-
Weekly security log review
-
Quarterly penetration testing by SNOK
-
Preparation for the S/4HANA Cloud conversion (bowbridge 4.0 Cloud)
Results:
✅ Compliance achieved (auditors satisfied)
✅ 15 malicious uploads blocked in the first month (!!!)
✅ Zero false positives after tuning
✅ Under 1% performance impact
✅ Ready for cloud conversion
Return on investment: One of the blocked files was ransomware. Estimated cost of a successful attack: EUR 2-5 million. Cost of bowbridge: EUR 40,000. Return on investment: 5,000-12,500%.
The future: what’s next for bowbridge?
bowbridge is not standing still. Its roadmap includes:
Enhanced AI/ML-driven detection. Behavioural analysis, anomaly detection, zero-day vulnerability protection.
Broader cloud platform support. Not just SAP RISE, but also SAP BTP, SAP Analytics Cloud, SAP SuccessFactors.
Deeper integration with security event management systems. Real-time threat intelligence sharing, automated response workflows.
Container security. As SAP moves towards container-based deployments (Kubernetes).
Expanded file format support. New formats, new threat vectors.
Summary: this is not optional
Let us return to the beginning. A US chemicals company, April 2025, the Auto-Color malware.
What would have happened if they had bowbridge?
Upload of a malicious ZIP archive → bowbridge scans it → malware detected → upload blocked → attack stopped at the first step → zero compromise.
That simple.
581 compromised SAP NetWeaver instances by the Chaya_004 group? With bowbridge: zero.
RansomEXX ransomware installation? Blocked at the upload stage.
Chinese intelligence groups exfiltrating data from critical infrastructure? They don’t get in through malicious file uploads.
One final question
It is not a question of whether your SAP system will be attacked.
It is a question of when.
And whether you will be ready.
bowbridge plus SNOK’s expertise is not a universal solution to every problem. But it is the best line of defence in protecting SAP against malware.
It is comprehensive protection that:
-
Operates inside SAP (not alongside it)
-
Detects threats that traditional antivirus software misses
-
Blocks attacks in real time
-
Is regulation-ready by design
-
Is cloud-native for SAP’s future
Over 1,000 installations worldwide. Over 12 years of SAP certification. Leading enterprises trust bowbridge.
The question now is: will you?
Because the threat actors have already made their decision. They are targeting SAP.
And you? Will you wait until it’s too late?
Will you invest in the right defence now?
The choice is yours.
P.S. If, after reading this article, you are thinking “that won’t happen to us” - that is exactly what everyone thought before their attack. Including that chemicals company in April 2025.
P.P.S. CVE-2025-31324 (rated 10 out of 10) was exploited as a zero-day vulnerability before SAP patched it. In other words: even fully updated systems were vulnerable for a period of time. Defence in depth matters. bowbridge is an additional critical layer.
P.P.P.S. If you work at an organisation running SAP systems and do not have malware protection within SAP - talk to SNOK. The assessment costs nothing. It could save your company.
Summary from SNOK’s experts
Jarosław Zdanowski, Partner at SNOK: “Every day without proper malware protection in SAP is a day of risk. We have already seen too many cases where ‘it’ll be fine’ turned into ‘how did we miss this’. bowbridge is not a cost - it’s an investment in business continuity.”
Jacek Bugajski, CEO of SNOK: “At SNOK, we believe that genuine SAP security requires combining the best technologies with deep expertise. That’s why our partnership with bowbridge is more than a vendor-integrator relationship. It’s a shared vision of secure SAP for Polish and European companies. And I’m proud that we get to bring that vision to life every day.”
This article was prepared based on publicly available security reports, official SAP communications, analyses from Darktrace, Onapsis, Mandiant, EclecticIQ and ReliaQuest, and bowbridge Software GmbH documentation. All case studies and security incidents mentioned are real events from 2024-2025.
Get in touch: Would you like to learn more about protecting your SAP systems with bowbridge? The SNOK team is ready to help. 📧 Write to us or arrange a free SAP security assessment.
#SafeTuesdayWithSNOK #SAPSecurity #Cybersecurity #bowbridge #SAP #Malware #AntiVirus #SNOK