Virtual Patching

Every security patch issued by Oracle, Microsoft, IBM, Apache or any other software developer starts a relay race.  One team is the malicious hackers who seek web applications containing the new vulnerability to steal an organization’s data. It may take attackers a few days or weeks to find a victim, but once inside a system, it will be nearly 200 days before the attack is noticed and another 60+ days before the attack is stopped. Source: Ponemon Institue 2017 Cost of Data Breach Study

The other runners are company application security and development teams.  Once a routine or emergency patch is issued, it may be weeks, months or years – if ever – before a patch is fully deployed across an enterprise application. The consequences of losing the race between the hackers and the security professionals can be disastrous.

of all malicious attacks are aimed at the application layer

(SOURCES: DHS, Verizon)

of all successful exploits until at least 2020 will be based on vulnerabilities known to security and IT professionals for at least one year

(SOURCE: Gartner)

Binary Functionality Without Code Changes


Traditional approaches to web application security like Web Application Firewalls and RASP solutions that rely on heuristics cannot help you win the race against attacks from known (or unknown) software flaws.

Waratek’s unique, virtualization-based approach to application security allows teams to apply routine and emergency security updates without taking an app out of production. Vulnerabilities are mitigated immediately and automatically – allowing Dev teams to focus on permanent fixes for the highest level vulnerabilities and determine if lower level vulnerabilities require code changes.

With Waratek you reduce the time and effort spent on patch updates, saving time and money.

And because the application code is never touched or restarted, there is no risk of disrupting a mission critical app.

Virtual Patching with Waratek


A virtual patch can be applied within hours of the release of a routine or emergency patch, dramatically reducing your risk profile and attack surface.

Waratek Products for Virtual Patching

Waratek Patch

Waratek Patch

A lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Patching
  • Full Stack Security
  • Virtual Platform Upgrade for Java



Saving Time and Costs with Virtual Patching



Watch this short video to see how Waratek provides Virtual Patching

Play Video

Patching News

December 13, 2018 in Blog, Legacy, Patching, Zero Day

Fighting automated cybersecurity attacks with manual tools

December cybersecurity trends make it clear, it’s time to fight back December 2018 has been a tough month in the cybersecurity community.  In the span of a few days, we’ve…

Read More
December 7, 2018 in Alerts, Patching, Zero Day

Lucky ransomware: Satan virus variant poses risk of extensive infection

Linux and Windows Platforms at risk via 10 CVEs Overview Independent security researchers at NSFOCUS and Sangfor have identified a Satan worm/virus variant that impacts Linux and Windows platforms and…

Read More
October 24, 2018 in Blog, Patching

Reduce costs to increase security

A new study challenges conventional wisdom about manual patching   Quick question:  How much time and money are you spending on patching known vulnerabilities?  There’s a good chance your answer…

Read More
October 18, 2018 in News, Patching

One-third of the 12 new Java SE bugs carry a severity rating of high or critical

Waratek Issues Guidance on Oracle Oct 2018 CPU   89% of the Java SE flaws can be exploited without user credentials    DUBLIN and ATLANTA – October 17, 2018 –…

Read More

Try A Demo
& Get Protected.

Get a free POC when you schedule now.