Solved

Virtual Patching

Posted on 2013-02-06
9
449 Views
Last Modified: 2013-11-29
Have any one worked on Virtual Patching solution & how it is effective.
Can any one share how it works & how different from the normal patching solution ?
What are the advantages of the Virtual patching & how it over comes  the normal patching solution ?
0
Comment
Question by:SrikantRajeev
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 38860322
**
The term virtual patching was originally coined by Intrusion Prevention System (IPS) vendors a number of years ago. It is not a web application specific term, and may be applied to other protocols however currently it is more generally used as a term for Web Application Firewalls (WAF). It has been known by many different names including both External Patching and Just-in-time Patching.

Whatever term you choose to use is irrelevant. What is important is that you understand exactly what a virtual patch is:

A security policy enforcement layer which prevents the exploitation of a known vulnerability.

The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The resulting impact of virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.

When you consider the numerous situations when organizations can’t simply immediately edit the source code, the value of virtual patching becomes apparent. From an organizations perspective, the benefits are:

    * It is a scalable solution as it is implemented in few locations vs. installing patches on all hosts.
    * It reduces risk until a vendor-supplied patch is released or while a patch is being tested and applied.
    * There is less likelihood of introducing conflicts as libraries and support code files are not changed.
    * It provides protection for mission-critical systems that may not be taken offline.
    * It reduces or eliminates time and money spent performing emergency patching.
    * It allows organizations to maintain normal patching cycles.

From a web application security consultant’s perspective, virtual patching opens up another avenue for providing services to your clients. Traditionally, if source code could not be updated for any of the reasons previously specified, there wasn’t much else a consultant could do to help. Now, a consultant can offer to create virtual patches to externally address the issues outside of the application code.

See https://www.owasp.org/index.php/Virtual_Patching_Best_Practices for more information.

The following paper from SANS is also useful:

reducing-organizational-risk-vir.pdf

**All text taken from source cited above.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38860683
thanks
can i get documents related to Visualization. How is it useful & helpful for the visualization platform.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 38861334
You may need to post another question for that... do you mean virtualization?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38863463
yeah virtualization
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 38880934
Relevant to the conversation here, whether a service (web server, etc.) is hosted on physical or virtual hardware, the general benefits remain the same.  See the first benefit provided above relating to scale.  Virtualization allows for more services and operating systems to be hosted on physical hardware.  For example, one hypervisor (aka virtual machine manager (VMM)) hosting 5 independent web servers on one physical server vs. one physical server dedicated to hosting one web server.  A properly placed virtual patching appliance could now patch the 5 web servers instead of one (due to the benefits the VMM) using the same hardware.  These are distinct and unrelated technology/layers which simply share commonality in name.  See http://en.wikipedia.org/wiki/Virtualization for more information on virtualization.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39080184
Have you worked on any specific product for the virtual patching.
If so what is that product.
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39080915
Yes. ModSecurity.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 39147114
Thanks
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39182326
Here are some best of breed WAF's:

Barracuda Web Application Firewall

Check Point Web Intelligence

Another free solution to try: VasPatch
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbi…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question