Onapsis

Onapsis provides a specialized cybersecurity platform engineered for business-critical applications. Its Onapsis Platform offers extensive visibility and security controls for vital SAP and Oracle enterprise systems, encompassing ERP, CRM, and HCM. The platform identifies and mitigates risks, ensuring the integrity and continuous compliance of these foundational systems, an area traditional security often overlooks.

Mariano Nunez, a cybersecurity researcher, co-founded Onapsis after identifying a critical void in enterprise security. He realized traditional defenses inadequately protected complex, mission-critical ERP systems. This insight into severe vulnerabilities inspired Nunez to establish the company, reportedly from a garage in Argentina, to address this domain.

The company serves global organizations using SAP and Oracle business applications, aiding their cyber risk management and continuous compliance. Onapsis’s vision is to set the definitive standard for securing enterprise application landscapes. It empowers businesses to confidently pursue digital transformations by safeguarding core operational systems and sensitive data.

# High-Level Overview

Onapsis is a cybersecurity company specializing in protecting business-critical enterprise applications, particularly SAP and Oracle ERP systems.[1][4] The company builds an application-layer security platform that addresses a historically neglected vulnerability: the enterprise applications that organizations depend on to run their core business operations.[4] Onapsis serves over 300 leading brands, including Global 2000 members, across financial services, healthcare, manufacturing, and government sectors.[4]

The company solves a critical problem in a large market by providing vulnerability management, compliance automation, threat detection, and incident response capabilities specifically designed for business-critical applications.[3][4] Unlike generic security products, Onapsis delivers context-aware solutions that understand the unique architecture and risks of SAP and Oracle systems, enabling organizations to reduce risks affecting critical business processes and data.[3] The company has demonstrated strong growth momentum, recently ranking 243rd on Deloitte's Technology Fast 500 in North America with a 398 percent growth rate.[3]

# Origin Story

Onapsis was founded in 2009 by cybersecurity researchers who understood the severe consequences when organizations fail to secure their vital applications.[4] The company is based in Boston, Massachusetts, and emerged from a recognition that the world's most critical enterprise applications had been neglected from a cybersecurity perspective.[4]

The founding team established the Onapsis Research Labs, an offensive security team that has become central to the company's identity and differentiation.[2] Over the past 16+ years, this research team has discovered over 1,000 zero-day vulnerabilities in business-critical applications and supported six U.S. Department of Homeland Security alerts.[2][6] The research labs' findings directly inform and power the Onapsis Platform, creating a virtuous cycle where threat intelligence continuously improves product capabilities.[2]

# Core Differentiators

• SAP Endorsement & Certification: Onapsis is the only cybersecurity solution officially endorsed by SAP and has been recognized in Gartner's Application Security Magic Quadrant for three consecutive years.[5]

• Unmatched Research Capability: The Onapsis Research Labs operates with a research team at least 10 times the size of the nearest competitor, backed by over $100M invested in research and development—orders of magnitude higher than competing vendors.[6] The company maintains close partnerships with SAP's Product Security Research Team (PSRT) and government agencies including US CISA and Germany's BSI.[6]

• Continuous Threat Intelligence Integration: Unlike competitors, Onapsis automatically updates its products with the latest threat intelligence and security guidance from its dedicated research team, providing customers with advanced notifications on critical issues ahead of scheduled vendor updates.[2]

• AI-Powered Detection & Automation: The platform delivers AI-based detection, prioritization, benchmarking, and guidance capabilities that go beyond traditional pattern-based approaches, reducing operational costs through security automation and efficiency gains.[6]

• Application-Layer Specialization: Onapsis eliminates the blindspot in enterprise security by focusing exclusively on the application layer of business-critical systems, rather than offering generic security solutions.[4]

# Role in the Broader Tech Landscape

Onapsis operates at the intersection of two powerful trends: the increasing digitalization of enterprise operations and the rising sophistication of cyberattacks targeting business-critical systems.[3] As organizations migrate to cloud environments and expand their reliance on ERP systems, the attack surface for threat actors has grown significantly, yet security solutions have lagged behind.[4]

The company has essentially created and defined a new security category—business-critical application security—that industry analysts now recognize as a "hot category to watch."[3] By establishing the Onapsis Research Labs as the gold standard for SAP threat intelligence, the company influences how SAP itself approaches product security, creating a feedback loop where Onapsis discoveries inform SAP's security roadmap.[6] This positions Onapsis not just as a vendor, but as a foundational player shaping how enterprise security evolves.

The timing is critical: as breaches of major enterprises increasingly trace back to vulnerabilities in business applications rather than network infrastructure, organizations are recognizing that traditional security approaches are insufficient.[2] Onapsis's focus on this historically underserved segment gives it first-mover advantage in a market where every large organization depends on these applications to operate.

# Quick Take & Future Outlook

Onapsis is well-positioned to capture significant market share in an emerging security category with massive addressable market potential—every Global 2000 company runs SAP or Oracle systems.[3][4] The company's combination of proprietary research, SAP partnership, and proven growth trajectory suggests continued expansion, particularly as cloud migration accelerates and regulatory compliance requirements tighten.

The key to Onapsis's future influence will be whether it can expand beyond SAP to become the dominant platform for securing all business-critical applications across multiple vendors, while maintaining the research excellence that differentiates it today.[6] As threat actors increasingly target the application layer—where traditional security tools provide minimal visibility—Onapsis's specialized approach will likely become table stakes for enterprise security programs rather than a nice-to-have addition.