Boston, MA - January 16, 2019 - Onapsis, the global leaders in ERP cybersecurity and compliance, today announced it has entered into a definitive agreement to acquire privately-held Virtual Forge, headquartered in Heidelberg, Germany. Onapsis’s platform is the most widely-used cybersecurity solution that protects the ERP systems and business-critical applications of the world's largest organizations. Founded in 2006, Virtual Forge is the leading provider of solutions to automatically prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP® applications. The combination of Onapsis and Virtual Forge will empower customers to have unparalleled visibility, incident response, management and compliance for business-critical applications. 

“Organizations are continuously extending their cloud and on-premise ERP applications to support evolving business requirements, which introduces serious cybersecurity and compliance risks if not properly managed. With this acquisition, organizations will have one single partner and one single platform to secure and protect their SAP infrastructure, including segregation of duties, custom code analysis, vulnerability assessments, secure change management, compliance automation and continuous monitoring,” stated Mariano Nunez, CEO and Co-founder, Onapsis Inc. “We are excited to combine the unique technology, talent and domain expertise of our companies to help organizations further secure the critical applications that run their businesses.”

This acquisition will happen in a context where global organizations have become acutely aware of the urgent need to protect their ERP applications: in May of 2016, ERP application cybersecurity was brought to the forefront when the first ever Department of Homeland Security US-CERT alert for ERP business applications was released, warning organizations of cyberattacks targeting these critical applications. Since then, the trend of ERP attacks has continued to rise at an alarming rate, ranging from hacktivists and malicious insiders to cyber criminal groups and state-sponsored attacks. This is further evidenced by the second Department of Homeland Security US-CERT alert, released in July of 2018, warning of malicious cyber activity to ERP applications.

Virtual Forge’s patented solutions help secure modern extensions developed on the SAP Cloud Platform for cloud business applications, including SAP S/4HANA®, SAP C/4HANA®, SAP SuccessFactors®, SAP Ariba®, SAP Concur® and SAP Fieldglass®, as well as traditional on-premise SAP applications developed on the SAP ABAP programming language. 

“We are excited to join Onapsis in the shared vision of protecting the world’s business-critical applications. Together, we will have the most comprehensive technology portfolio in the industry, global scale and a strong team of over 300 experts in the ERP and cybersecurity domains,” stated Dr. Markus Schumacher, CEO and Co-founder, Virtual Forge.

“As an organization faced with the daily challenge of securing critical applications, we use both Virtual Forge and Onapsis solutions. However, having separate vendors and lack of integration makes it difficult for us to manage compliance and risk holistically. With this acquisition, we and all SAP customers will now have a one-stop shop for SAP cybersecurity needs, reducing resources, time and cost; consolidating reporting and compliance demands,” stated Mario Chiock, Schlumberger Fellow and CISO Emeritus.

“As financially motivated attackers turn their attention 'up the stack' to the application layer, business applications such as ERP, CRM and human resources are attractive targets. We advise organizations that to properly secure business-critical ERP applications they need to breakdown their overall strategy into five core elements that encompass segregation of duties, custom code scanning, vulnerability assessment, intrusion monitoring and intrusion prevention. With these five key elements, organizations can reach a high level of maturity in securing ERP applications,” stated Neil MacDonald, Distinguished VP Analyst at Gartner[1].   

With today’s announcement, Onapsis will continue rapid expansion into global markets, building upon Virtual Forge’s excellent international reputation. The acquisition is expected to close in the first half of 2019, subject to customary closing conditions and required regulatory approvals.

[1]Gartner, "Hype Cycle for Application Security, 2018” Analyst(s): Ayal Tirosh, Published: 27 July 2018, ID: G00340359.





Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Onapsis

Onapsis cybersecurity solutions automate the monitoring and protection of ERP business-critical applications, keeping them compliant and safe from insider and outsider threats. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses.

Experts at the Onapsis Research Labs were the first to lecture on SAP cyberattacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. This patented technology has gained Onapsis recognition on the Deloitte Technology Fast 500, as a Red Herring North America Top 100 company and a SINET 16 Innovator.

Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis's solutions are also the de-facto standard for leading consulting and audit firms such as Deloitte, IBM, Infosys and PwC.

For more information, please visit, or connect with us on Twitter, Google+, or LinkedIn.

Onapsis and Onapsis Research Labs are registered trademarks of Onapsis Inc. All other company or product names are registered trademarks of their respective owners.