Every security patch issued by Oracle, Microsoft, IBM, Apache or any other software developer starts a relay race. One team is the malicious hackers who seek web applications containing the new vulnerability to steal an organization’s data. It may take attackers a few days or weeks to find a victim, but once inside a system, it will be nearly 200 days before the attack is noticed and another 60+ days before the attack is stopped. Source: Ponemon Institue 2017 Cost of Data Breach Study
The other runners are company application security and development teams. Once a routine or emergency patch is issued, it may be weeks, months or years – if ever – before a patch is fully deployed across an enterprise application. The consequences of losing the race between the hackers and the security professionals can be disastrous.
of all malicious attacks are aimed at the application layer
(SOURCES: DHS, Verizon)
of all successful exploits until at least 2020 will be based on vulnerabilities known to security and IT professionals for at least one year
Binary Functionality Without Code Changes
Traditional approaches to web application security like Web Application Firewalls and RASP solutions that rely on heuristics cannot help you win the race against attacks from known (or unknown) software flaws.
Waratek’s unique, virtualization-based approach to application security allows teams to apply routine and emergency security updates without taking an app out of production. Vulnerabilities are mitigated immediately and automatically – allowing Dev teams to focus on permanent fixes for the highest level vulnerabilities and determine if lower level vulnerabilities require code changes.
With Waratek you reduce the time and effort spent on patch updates, saving time and money.
And because the application code is never touched or restarted, there is no risk of disrupting a mission critical app.
Virtual Patching with Waratek
A virtual patch can be applied within hours of the release of a routine or emergency patch, dramatically reducing your risk profile and attack surface.
Waratek Products for Virtual Patching
A lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.
- Create and apply custom virtual patches
- Virtual patches of Java and .NET critical patch updates
- Library of past CPUs to Java 4
Fighting automated cybersecurity attacks with manual tools
December cybersecurity trends make it clear, it’s time to fight back December 2018 has been a tough month in the cybersecurity community. In the span of a few days, we’ve…Read More
Lucky ransomware: Satan virus variant poses risk of extensive infection
Linux and Windows Platforms at risk via 10 CVEs Overview Independent security researchers at NSFOCUS and Sangfor have identified a Satan worm/virus variant that impacts Linux and Windows platforms and…Read More
Reduce costs to increase security
A new study challenges conventional wisdom about manual patching Quick question: How much time and money are you spending on patching known vulnerabilities? There’s a good chance your answer…Read More
Try A Demo
& Get Protected.
Get a free POC when you schedule now.