Virtual Patching While Under Attack
Healthcare Technology Company Uses New Strategy to Thwart Crypto-miner attack
Leading Healthcare IT Company
“A week after we installed the Waratek solution we got hit with more deserialization attacks,” the CISO says. “Because of Waratek’s solution, the attacks were immediately stopped, and the solution automatically alerted us to the attempt. All of the hacker’s malicious scripts failed, which took us to a new level of confidence — the Waratek virtual patch is providing the protection we need, better and faster than we ever thought possible.”
“This approach protects our software much quicker than (physical) patches and without disrupting operations.”
Upon restart, a virtual container encapsulated the full application stack, providing instant modernization of the out-of-support JRE to a Java 8 JRE and instant protection from the Java-related vulnerabilities identified in the pre-scan.
Performance overhead was measured against a baseline without Waratek’s solution and reflected normal operation and operation under malicious attack. While under attack the performance, overhead increased by a 2.4%. However, under normal operating conditions, Waratek improved app performance by as much as 9% and improved the overall performance by 6.9% after lifting the out-of-support JRE to a more efficient Java 8 JRE.
Modernizing out-of-date, mission critical applications without code changes
Instantly remediating years of unpatched vulnerabilities with no code changes or performance impact
Large US based company ($50-75B)
Virtual Patching and Legacy Application Modernizing
Instant security and operations improvement without code changes
Global financial services institution
Waratek was required to protect the full application stack, including 3rd party components as well as remediate legacy, current and new application security vulnerabilities. Waratek was also evaluated on other criteria such as False Positive Rate (FPR), ease of installation, number of code changes required, compatibility and performance.
Waratek achieved the following results:
- Simple, fast deployment in less than 30 minutes
- All security tests: Passed
- Active security controls: Protected against future threats (0-day) in all layers of application stack
- Legacy applications: Transparently updated to Java 8 without code changes
- Internal performance result: Passed
- All functional tests: Passed
- False Positive Rate: 0
- Code Changes Required: 0
Virtual patching hundreds of applications means application development teams do not spend time upgrading to new versions of Java along with testing and deployment activities related to traditional physical patching. This avoids the financial and operations barriers to patching Java-based applications.
The company has realized other benefits from Waratek’s approach to application security: No false positives have been generated by Waratek while operating in unconditional blocking mode. And, emergency virtual patches have been developed in less than 24 hours for newly discovered high severity vulnerabilities like Struts 2; protection is instant compared to traditional patching protocols.
Legacy Java and PCI Compliance
Remove Vulnerabilities as detected by PCI frameworks
US Fortune 100 financial services company
After installation all 29 Java vulnerabilities identified by Qualys scans were remediated by containerizing the legacy Java 6 application stack on top of a Java 8 host. As a result, the environment could be considered as fully security compliant.