Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge

Onapsis has entered into a definitive agreement to acquire privately-held Virtual Forge, headquartered in Heidelberg, Germany. Onapsis’s platform is the cybersecurity solution that protects the ERP systems and business-critical applications of the world’s largest organizations.

Founded in 2006, Virtual Forge is the provider of solutions to prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP applications. The combination of Onapsis and Virtual Forge will empower customers to have visibility, incident response, management and compliance for business-critical applications.

“Organizations are continuously extending their cloud and on-premise ERP applications to support evolving business requirements, which introduces serious cybersecurity and compliance risks if not properly managed. With this acquisition, organizations will have one single partner and one single platform to secure and protect their SAP infrastructure, including segregation of duties, custom code analysis, vulnerability assessments, secure change management, compliance automation and continuous monitoring,” stated Mariano Nunez, CEO and Co-founder, Onapsis.

“We are excited to combine the unique technology, talent and domain expertise of our companies to help organizations further secure the critical applications that run their business.”

This acquisition will happen in a context where global organizations have become aware of the need to protect their ERP applications: in May of 2016, ERP application cybersecurity was brought to the forefront when the first ever Department of Homeland Security US-CERT alert for ERP Business Applications was released, warning organizations of cyber attacks targeting these critical applications.

Since then, the trend of ERP attacks has continued to rise at an alarming rate, ranging from hacktivists and malicious insiders to cyber criminal groups and state-sponsored attacks. This is further evidenced by the second Department of Homeland Security US-CERT alert, released in July of 2018, warning of malicious cyber activity to ERP applications.

Virtual Forge’s solutions help secure extensions developed on the SAP Cloud Platform for cloud business applications, including SAP S/4HANA, SAP C/4HANA, SAP SuccessFactors, SAP Ariba, SAP Concur and SAP Fieldglass, as well as traditional on-premise SAP applications developed on the SAP ABAP programming language.

“We are excited to join Onapsis in the shared vision of protecting the world’s business-critical applications. Together, we will have the most comprehensive technology portfolio in the industry, global scale and a strong team of over 300 experts in the ERP and cyber security domains,” stated Dr. Markus Schumacher, CEO and Co-Founder, Virtual Forge.

“As an organization faced with the daily challenge of securing critical applications, we use both Virtual Forge and Onapsis solutions. However, having separate vendors and lack of integration makes it difficult for us to manage compliance and risk holistically. With this acquisition, we and all SAP customers will now have a one-stop shop for SAP cybersecurity needs, reducing resources, time and cost; consolidating reporting and compliance demands,” stated Mario Chiock, Schlumberger Fellow and CISO Emeritus.

“As financially motivated attackers turn their attention ‘up the stack’ to the application layer, business applications such as ERP, CRM and human resources are attractive targets. We advise organizations that to properly secure business-critical ERP applications they need to breakdown their overall strategy into five core elements that encompass segregation of duties, custom code scanning, vulnerability assessment, intrusion monitoring and intrusion prevention. With these five key elements, organizations can reach a high level of maturity in securing ERP applications,” stated Neil MacDonald, Distinguished VP Analyst, Gartner.

With this announcement, Onapsis will continue expansion into global markets, building upon Virtual Forge’s international reputation. The acquisition is expected to close in the first half of 2019, subject to customary closing conditions and required regulatory approvals.