Solved

Virtual Patching

Posted on 2013-02-06
9
453 Views
Last Modified: 2013-11-29
Have any one worked on Virtual Patching solution & how it is effective.
Can any one share how it works & how different from the normal patching solution ?
What are the advantages of the Virtual patching & how it over comes  the normal patching solution ?
0
Comment
Question by:SrikantRajeev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38860322
**
The term virtual patching was originally coined by Intrusion Prevention System (IPS) vendors a number of years ago. It is not a web application specific term, and may be applied to other protocols however currently it is more generally used as a term for Web Application Firewalls (WAF). It has been known by many different names including both External Patching and Just-in-time Patching.

Whatever term you choose to use is irrelevant. What is important is that you understand exactly what a virtual patch is:

A security policy enforcement layer which prevents the exploitation of a known vulnerability.

The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, so malicious traffic never reaches the web application. The resulting impact of virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.

When you consider the numerous situations when organizations can’t simply immediately edit the source code, the value of virtual patching becomes apparent. From an organizations perspective, the benefits are:

    * It is a scalable solution as it is implemented in few locations vs. installing patches on all hosts.
    * It reduces risk until a vendor-supplied patch is released or while a patch is being tested and applied.
    * There is less likelihood of introducing conflicts as libraries and support code files are not changed.
    * It provides protection for mission-critical systems that may not be taken offline.
    * It reduces or eliminates time and money spent performing emergency patching.
    * It allows organizations to maintain normal patching cycles.

From a web application security consultant’s perspective, virtual patching opens up another avenue for providing services to your clients. Traditionally, if source code could not be updated for any of the reasons previously specified, there wasn’t much else a consultant could do to help. Now, a consultant can offer to create virtual patches to externally address the issues outside of the application code.

See https://www.owasp.org/index.php/Virtual_Patching_Best_Practices for more information.

The following paper from SANS is also useful:

reducing-organizational-risk-vir.pdf

**All text taken from source cited above.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38860683
thanks
can i get documents related to Visualization. How is it useful & helpful for the visualization platform.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38861334
You may need to post another question for that... do you mean virtualization?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 38863463
yeah virtualization
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 38880934
Relevant to the conversation here, whether a service (web server, etc.) is hosted on physical or virtual hardware, the general benefits remain the same.  See the first benefit provided above relating to scale.  Virtualization allows for more services and operating systems to be hosted on physical hardware.  For example, one hypervisor (aka virtual machine manager (VMM)) hosting 5 independent web servers on one physical server vs. one physical server dedicated to hosting one web server.  A properly placed virtual patching appliance could now patch the 5 web servers instead of one (due to the benefits the VMM) using the same hardware.  These are distinct and unrelated technology/layers which simply share commonality in name.  See http://en.wikipedia.org/wiki/Virtualization for more information on virtualization.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39080184
Have you worked on any specific product for the virtual patching.
If so what is that product.
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39080915
Yes. ModSecurity.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 39147114
Thanks
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39182326
Here are some best of breed WAF's:

Barracuda Web Application Firewall

Check Point Web Intelligence

Another free solution to try: VasPatch
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question