Solved

Virtual Patching

Posted on 2013-02-06
9
447 Views
Last Modified: 2013-11-29
Have any one worked on Virtual Patching solution & how it is effective.
Can any one share how it works & how different from the normal patching solution ?
What are the advantages of the Virtual patching & how it over comes  the normal patching solution ?
0
Comment
Question by:SrikantRajeev
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 38860322
**
The term virtual patching was originally coined by Intrusion Prevention System (IPS) vendors a number of years ago. It is not a web application specific term, and may be applied to other protocols however currently it is more generally used as a term for Web Application Firewalls (WAF). It has been known by many different names including both External Patching and Just-in-time Patching.

Whatever term you choose to use is irrelevant. What is important is that you understand exactly what a virtual patch is:

A security policy enforcement layer which prevents the exploitation of a known vulnerability.

The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The resulting impact of virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.

When you consider the numerous situations when organizations can’t simply immediately edit the source code, the value of virtual patching becomes apparent. From an organizations perspective, the benefits are:

    * It is a scalable solution as it is implemented in few locations vs. installing patches on all hosts.
    * It reduces risk until a vendor-supplied patch is released or while a patch is being tested and applied.
    * There is less likelihood of introducing conflicts as libraries and support code files are not changed.
    * It provides protection for mission-critical systems that may not be taken offline.
    * It reduces or eliminates time and money spent performing emergency patching.
    * It allows organizations to maintain normal patching cycles.

From a web application security consultant’s perspective, virtual patching opens up another avenue for providing services to your clients. Traditionally, if source code could not be updated for any of the reasons previously specified, there wasn’t much else a consultant could do to help. Now, a consultant can offer to create virtual patches to externally address the issues outside of the application code.

See https://www.owasp.org/index.php/Virtual_Patching_Best_Practices for more information.

The following paper from SANS is also useful:

reducing-organizational-risk-vir.pdf

**All text taken from source cited above.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38860683
thanks
can i get documents related to Visualization. How is it useful & helpful for the visualization platform.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 38861334
You may need to post another question for that... do you mean virtualization?
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38863463
yeah virtualization
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 38880934
Relevant to the conversation here, whether a service (web server, etc.) is hosted on physical or virtual hardware, the general benefits remain the same.  See the first benefit provided above relating to scale.  Virtualization allows for more services and operating systems to be hosted on physical hardware.  For example, one hypervisor (aka virtual machine manager (VMM)) hosting 5 independent web servers on one physical server vs. one physical server dedicated to hosting one web server.  A properly placed virtual patching appliance could now patch the 5 web servers instead of one (due to the benefits the VMM) using the same hardware.  These are distinct and unrelated technology/layers which simply share commonality in name.  See http://en.wikipedia.org/wiki/Virtualization for more information on virtualization.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39080184
Have you worked on any specific product for the virtual patching.
If so what is that product.
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39080915
Yes. ModSecurity.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 39147114
Thanks
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39182326
Here are some best of breed WAF's:

Barracuda Web Application Firewall

Check Point Web Intelligence

Another free solution to try: VasPatch
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now