Waratek Patch

Runtime Vulnerability Patching

Fix your code flaws in the compilation pipeline with a real-time patch that is the equivalent of a binary code change

The Patching Problem

“My scanning tools give me a list of flaws as long as my arm on top of huge CPUs.

My team can’t patch fast enough”.

Vulnerability Scanning

A single Static Application Security Testing (SAST) report could identify hundreds—if not thousands—of instances for each vulnerability, but running SAST and Dynamic Application Security Testing (DAST) tools only identifies the vulnerabilities, it does not fix them.

Vulnerabilities also occur throughout the rest of the code in the underlying frameworks, libraries, transient dependencies, servers, services and even the runtime platform itself (JVM, .NET, etc.).

Critical Patch Updates

Routine critical patches that come from Oracle and Microsoft represent a significant part of the burden teams face. Microsoft’s Patch Tuesday is an institutional event and Oracle’s quarterly Critical Patch Updates (CPU) have more than doubled in size since April 2016 – from the 130s to the 300s per CPU in July 2017. The July 2017 CPU reflected finding a new vulnerability every 68 hours (on average) based on the Java-related CVEs patched – 2/3rds of which had a High Severity CVSS score and 87 percent of which could be remotely exploited without authentication.

Waratek Patch

Virtual Patching

Waratek Patch


Don’t just find vulnerabilities, fix them.

Apply custom security rules as well as current and historical virtual patches for instant protection.
  • Create and apply custom virtual patches
  • Library of past CPUs
  • Instant protection
  • No downtime
  • No source code changes
  • Functional equivalent physical patches
  • No break / No exploit guarantee

Physically patching known software flaws is time consuming and risky. That’s why traditional virtual patching, also referred to as virtual shielding, is often mentioned as a way to quickly protect applications against known CVEs. But, traditional virtual patches still leave you vulnerable to attack.

Only Waratek can fix the vulnerable code of a CVE with no downtime, no source code changes, and no tuning.

Waratek’s runtime virtual patching is fundamentally different. A runtime virtual patch is the functional equivalent of a physical binary patch that is applied while the application runs with no source code changes and no tuning required.

The known vulnerabilities are remediated, reducing the time-to-patch across an enterprise from weeks, months, or years to a matter of minutes.

Runtime Virtual Patching
All code required to operate the application enters the Just In Time (JIT) Compiler
Waratek applies rules that apply virtual patches
The application now operates as if the source code had been updated with the suppliers patch update
The Management Console advises the operator that the patch has been applied

Suggested Resources

Case Study

Saving Time and Costs with Virtual Patching

Download this Case Study to hear what our customers have to say

Data Sheet

Virtual Patching

Download this data sheet for an overview of Waratek Patch

See it for yourself

Schedule a demo

Patching News

April 15, 2020

Oracle April 2020 CPU represents a double-digit increase in software patches

April 10, 2020 in Alerts, Blog, Patching, Technical

Oracle Critical Patch Update Preview: April 2020 CPU could top 400 patches, a double-digit year-over-year increase

The April Oracle 2020 Critical Patch Update (CPU) could see a 37% increase in software patches across the Oracle product suite based on a pre-release of the quarterly update due…
Read More
January 15, 2020 in Alerts, Blog, Patching

Oracle January 2020 CPU includes fewer Java SE patches, but the severity base scores are higher

The number of Java SE patches in the quarterly Oracle Critical Patch Update (CPU) for January 2020 drops to 12 from the 20 included in October 2019's CPU. But, 1/3rd…
Read More
July 17, 2019 in Blog, Patching

Oracle July 2019 CPU shows a 6% increase

The number of patches in the quarterly Oracle Critical Patch Update (CPU) for July 2019 is 316 which is a 6% increase compared to the April 2019 CPU. Of the…
Read More
June 17, 2019 in Alerts, Legacy, Patching, Technical, Zero Day

[Updated] New WebLogic Zero-Day RCE Vulnerability

Oracle have issued a patch for this new vulnerability CVE-2019-2729 Please note that this Oracle fix has the same limitations as their previous fix. Oracle’s patch is available only for…
Read More