Name
Where IGA Meets SOC: AI-Driven Security Operations for SAP Landscapes
Description

SAP environments generate security signals that are hard for traditional SOC and MDR services to interpret because the “why” often lives in identity, authorizations, and business context - not just logs. As a result, teams face alert fatigue, slow triage, and containment steps that stay outside SAP in tickets and spreadsheets instead of becoming verified, auditable actions. 

In this session, we’ll show how an AI-driven SOC as a Service (SOCaaS) purpose-built for SAP connects SOC workflows with Identity Governance & Administration (IGA) to enrich detections with relevant context, automatically build evidence packs, and guide analysts from investigation to decision. 

You’ll learn how guardrail-based automation can handle SOC1/SOC2 tasks end-to-end while keeping SOC3 in control for high-impact approvals - so response actions remain governed and compliant. Finally, we’ll walk through a pragmatic adoption model that starts small (critical alerts and high-risk identities), proves measurable MTTA/MTTR improvements, and scales across on-prem and cloud SAP landscapes with an audit-ready trail from alert to verification.

In this session, you will:

  • Understand why SAP security alerts require identity and authorization context - and why generic SOC playbooks often miss the real risk.
  • Learn how to connect SOC operations with IGA to enrich detections with entitlements, role changes, SoD/critical access signals, and user lifecycle events.
  • Discover an agentic triage flow that assembles an evidence pack automatically (timeline, correlated signals, and decision-ready proof).
  • Learn how to reduce alert fatigue by automating SOC1/SOC2 tasks (deduplication, enrichment, investigation steps) while escalating only high-signal cases to SOC3.
  • Explore a guardrails-first response model (recommend → approval → execute) that keeps actions governed, explainable, and compliant.
  • See how to drive SAP-native response actions through your IGA or IAM applications - such as locking/logoff, deprovisioning, workflow approvals, and risk checks - rather than stopping at tickets.
Speakers
Alessandro Banzer, Xiting
Alessandro Banzer
Session Tag
Cybersecurity
Session Type
impact20 Session