Waratek Patch

Runtime Vulnerability Patching

Fix your code flaws in the compilation pipeline with a real-time patch that is the equivalent of a binary code change

The Patching Problem

“My scanning tools give me a list of flaws as long as my arm on top of huge CPUs.

My team can’t patch fast enough”.

Vulnerability Scanning

A single Static Application Security Testing (SAST) report could identify hundreds—if not thousands—of instances for each vulnerability, but running SAST and Dynamic Application Security Testing (DAST) tools only identifies the vulnerabilities, it does not fix them.

Vulnerabilities also occur throughout the rest of the code in the underlying frameworks, libraries, transient dependencies, servers, services and even the runtime platform itself (JVM, .NET, etc.).

Critical Patch Updates

Routine critical patches that come from Oracle and Microsoft represent a significant part of the burden teams face. Microsoft’s Patch Tuesday is an institutional event and Oracle’s quarterly Critical Patch Updates (CPU) have more than doubled in size since April 2016 – from the 130s to the 300s per CPU in July 2017. The July 2017 CPU reflected finding a new vulnerability every 68 hours (on average) based on the Java-related CVEs patched – 2/3rds of which had a High Severity CVSS score and 87 percent of which could be remotely exploited without authentication.

Waratek Patch

Runtime
Virtual Patching

Waratek Patch

 

Don’t just find vulnerabilities, fix them.

Apply custom security rules as well as current and historical virtual patches for instant protection.
  • Create and apply custom virtual patches
  • Library of past CPUs
  • Instant protection
  • No downtime
  • No source code changes
  • Functional equivalent physical patches
  • No break / No exploit guarantee

Physically patching known software flaws is time consuming and risky. That’s why traditional virtual patching, also referred to as virtual shielding, is often mentioned as a way to quickly protect applications against known CVEs. But, traditional virtual patches still leave you vulnerable to attack.

Only Waratek can fix the vulnerable code of a CVE with no downtime, no source code changes, and no tuning.

Waratek’s runtime virtual patching is fundamentally different. A runtime virtual patch is the functional equivalent of a physical binary patch that is applied while the application runs with no source code changes and no tuning required.

The known vulnerabilities are remediated, reducing the time-to-patch across an enterprise from weeks, months, or years to a matter of minutes.

Runtime Virtual Patching
All code required to operate the application enters the Just In Time (JIT) Compiler
Waratek applies rules that apply virtual patches
The application now operates as if the source code had been updated with the suppliers patch update
The Management Console advises the operator that the patch has been applied

Suggested Resources

Case Study

Saving Time and Costs with Virtual Patching

Download this Case Study to hear what our customers have to say

Data Sheet

Virtual Patching

Download this data sheet for an overview of Waratek Patch

See it for yourself

Schedule a demo

Patching News

June 17, 2019

[Updated] New WebLogic Zero-Day RCE Vulnerability

May 29, 2019 in Alerts, Legacy, Patching

Java Deserialization Vulnerability in WebSphere Application Server

Guidance on Java Deserialization Vulnerability in WebSphere Application Server ND (CVE-2019-4279) Security Bulletin IBM issued a security bulletin on Wednesday 15th May that advised of a critical vulnerability affecting IBM…
Read More
March 4, 2019 in Blog, Legacy, Patching, Zero Day

Secure Coding is Great, but is it Enough?

Despite our best efforts to write secure code, computer security breaches at major banks, retailers and government agencies are making front page headlines on a regular basis. Here are five…
Read More
February 20, 2019 in Blog, Legacy, Patching

Takeaways from the Recent Global CIO Banking Summit

Last week, we returned from the Global CIO Banking Summit in beautiful Dorking, England. After spending three days with about 100 delegates from some of the world’s largest financial institutions,…
Read More
December 13, 2018 in Blog, Legacy, Patching, Zero Day

Fighting automated cybersecurity attacks with manual tools

December cybersecurity trends make it clear, it’s time to fight back December 2018 has been a tough month in the cybersecurity community.  In the span of a few days, we’ve…
Read More