[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Virtual Patching

Posted on 2013-02-06
9
Medium Priority
?
466 Views
Last Modified: 2013-11-29
Have any one worked on Virtual Patching solution & how it is effective.
Can any one share how it works & how different from the normal patching solution ?
What are the advantages of the Virtual patching & how it over comes  the normal patching solution ?
0
Comment
Question by:SrikantRajeev
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38860322
**
The term virtual patching was originally coined by Intrusion Prevention System (IPS) vendors a number of years ago. It is not a web application specific term, and may be applied to other protocols however currently it is more generally used as a term for Web Application Firewalls (WAF). It has been known by many different names including both External Patching and Just-in-time Patching.

Whatever term you choose to use is irrelevant. What is important is that you understand exactly what a virtual patch is:

A security policy enforcement layer which prevents the exploitation of a known vulnerability.

The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The resulting impact of virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.

When you consider the numerous situations when organizations can’t simply immediately edit the source code, the value of virtual patching becomes apparent. From an organizations perspective, the benefits are:

    * It is a scalable solution as it is implemented in few locations vs. installing patches on all hosts.
    * It reduces risk until a vendor-supplied patch is released or while a patch is being tested and applied.
    * There is less likelihood of introducing conflicts as libraries and support code files are not changed.
    * It provides protection for mission-critical systems that may not be taken offline.
    * It reduces or eliminates time and money spent performing emergency patching.
    * It allows organizations to maintain normal patching cycles.

From a web application security consultant’s perspective, virtual patching opens up another avenue for providing services to your clients. Traditionally, if source code could not be updated for any of the reasons previously specified, there wasn’t much else a consultant could do to help. Now, a consultant can offer to create virtual patches to externally address the issues outside of the application code.

See https://www.owasp.org/index.php/Virtual_Patching_Best_Practices for more information.

The following paper from SANS is also useful:

reducing-organizational-risk-vir.pdf

**All text taken from source cited above.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38860683
thanks
can i get documents related to Visualization. How is it useful & helpful for the visualization platform.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38861334
You may need to post another question for that... do you mean virtualization?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38863463
yeah virtualization
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38880934
Relevant to the conversation here, whether a service (web server, etc.) is hosted on physical or virtual hardware, the general benefits remain the same.  See the first benefit provided above relating to scale.  Virtualization allows for more services and operating systems to be hosted on physical hardware.  For example, one hypervisor (aka virtual machine manager (VMM)) hosting 5 independent web servers on one physical server vs. one physical server dedicated to hosting one web server.  A properly placed virtual patching appliance could now patch the 5 web servers instead of one (due to the benefits the VMM) using the same hardware.  These are distinct and unrelated technology/layers which simply share commonality in name.  See http://en.wikipedia.org/wiki/Virtualization for more information on virtualization.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39080184
Have you worked on any specific product for the virtual patching.
If so what is that product.
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39080915
Yes. ModSecurity.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 39147114
Thanks
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39182326
Here are some best of breed WAF's:

Barracuda Web Application Firewall

Check Point Web Intelligence

Another free solution to try: VasPatch
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question