Solved

Virtual Patching

Posted on 2013-02-06
9
451 Views
Last Modified: 2013-11-29
Have any one worked on Virtual Patching solution & how it is effective.
Can any one share how it works & how different from the normal patching solution ?
What are the advantages of the Virtual patching & how it over comes  the normal patching solution ?
0
Comment
Question by:SrikantRajeev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38860322
**
The term virtual patching was originally coined by Intrusion Prevention System (IPS) vendors a number of years ago. It is not a web application specific term, and may be applied to other protocols however currently it is more generally used as a term for Web Application Firewalls (WAF). It has been known by many different names including both External Patching and Just-in-time Patching.

Whatever term you choose to use is irrelevant. What is important is that you understand exactly what a virtual patch is:

A security policy enforcement layer which prevents the exploitation of a known vulnerability.

The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The resulting impact of virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.

When you consider the numerous situations when organizations can’t simply immediately edit the source code, the value of virtual patching becomes apparent. From an organizations perspective, the benefits are:

    * It is a scalable solution as it is implemented in few locations vs. installing patches on all hosts.
    * It reduces risk until a vendor-supplied patch is released or while a patch is being tested and applied.
    * There is less likelihood of introducing conflicts as libraries and support code files are not changed.
    * It provides protection for mission-critical systems that may not be taken offline.
    * It reduces or eliminates time and money spent performing emergency patching.
    * It allows organizations to maintain normal patching cycles.

From a web application security consultant’s perspective, virtual patching opens up another avenue for providing services to your clients. Traditionally, if source code could not be updated for any of the reasons previously specified, there wasn’t much else a consultant could do to help. Now, a consultant can offer to create virtual patches to externally address the issues outside of the application code.

See https://www.owasp.org/index.php/Virtual_Patching_Best_Practices for more information.

The following paper from SANS is also useful:

reducing-organizational-risk-vir.pdf

**All text taken from source cited above.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38860683
thanks
can i get documents related to Visualization. How is it useful & helpful for the visualization platform.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38861334
You may need to post another question for that... do you mean virtualization?
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38863463
yeah virtualization
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38880934
Relevant to the conversation here, whether a service (web server, etc.) is hosted on physical or virtual hardware, the general benefits remain the same.  See the first benefit provided above relating to scale.  Virtualization allows for more services and operating systems to be hosted on physical hardware.  For example, one hypervisor (aka virtual machine manager (VMM)) hosting 5 independent web servers on one physical server vs. one physical server dedicated to hosting one web server.  A properly placed virtual patching appliance could now patch the 5 web servers instead of one (due to the benefits the VMM) using the same hardware.  These are distinct and unrelated technology/layers which simply share commonality in name.  See http://en.wikipedia.org/wiki/Virtualization for more information on virtualization.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39080184
Have you worked on any specific product for the virtual patching.
If so what is that product.
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39080915
Yes. ModSecurity.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 39147114
Thanks
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39182326
Here are some best of breed WAF's:

Barracuda Web Application Firewall

Check Point Web Intelligence

Another free solution to try: VasPatch
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question