Block data that must not leave SAP

HALOCORE BLOCK at a glance

  • Effectively prevent data from leaving the protected SAP application through accidental or intentional data leaks.
  • Enable compliance by addressing the core requirement of data security regulations such as GDPR, HIPAA, SOX, FISMA, etc.
  • Highly customizable for administrators through flexible rule engines based on parameters such as such as by user, role, IP range, white-list, etc.

When SAP authorization management reaches its limit

Most organizations across the globe use SAP systems and applications to run their business. Companies trust their intellectual property, financial information, and compliance regulated data to be stored inside of SAP protected by multiple security mechanisms. Access to sensitive data inside SAP is restricted through roles and stringent authorization management. However, SAP users extract hundreds of documents often containing sensitive data for the purpose of reporting, analytics, and sharing with colleagues and partners. Most companies have very little control over how these documents are being shared or who is accessing them. This leaves companies at a high risk of data loss due to malicious or accidental actions.


HALOCORE BLOCK effectively prevents business-critical data and documents from leaving the protected SAP application and, thus, protects against accidental or intentional data leaks.

Directly integrated into SAP, it works based on the HALOCORE audit log at the source of all recorded data flows. Users without a corresponding SAP-authorized profile would not be able to download files. Furthermore, a granular, bespoke policy can be implemented using automated data classification, which tailors the control over SAP exports to the specific needs of organizations.

Frequently Asked Questions

Is it possible to implement HALOCORE BLOCK alone without buying/implementing the HALOCORE suite?

MONITOR is a prerequisite (foundation) on which BLOCK and PROTECT function. Thus, BLOCK cannot function without MONITOR. However, it does not require installation of PROTECT to function as these two modules function independently, but in parallel, depending upon the user’s requirement.

Is the security policy for HALOCORE BLOCK rigid? Can it be modified?

BLOCK is the only in SAP integrated DLP solution for structured data. The classification determined by the MONITOR module from the SAP context information is used as input for corresponding blocking rules. Administrators can easily define, e.g. based on user, role, IP range, etc., in which cases the data export should be prevented.

On What functions and on what interfaces does HALOCORE BLOCK perform?

The BLOCK function of HALOCORE prevents unauthorized exports out of SAP. It prevents data leakage through platforms such as file printing and emailing. It also prevents data leakage from unauthorized exports when using other SAP frontends, such as BusinessObject (BO) or BEx.

Discover More


Holger Hugel
VP Products & Services

Follow Us

Close security gaps in SAP and let business run.