Waratek Patch
Runtime Vulnerability Patching
Fix your code flaws in the compilation pipeline with a real-time patch that is the equivalent of a binary code change
The Patching Problem
Vulnerability Scanning
A single Static Application Security Testing (SAST) report could identify hundreds—if not thousands—of instances for each vulnerability, but running SAST and Dynamic Application Security Testing (DAST) tools only identifies the vulnerabilities, it does not fix them.
Vulnerabilities also occur throughout the rest of the code in the underlying frameworks, libraries, transient dependencies, servers, services and even the runtime platform itself (JVM, .NET, etc.).
Critical Patch Updates
Routine critical patches that come from Oracle and Microsoft represent a significant part of the burden teams face. Microsoft’s Patch Tuesday is an institutional event and Oracle’s quarterly Critical Patch Updates (CPU) have more than doubled in size since April 2016 – from the 130s to the 300s per CPU in July 2017. The July 2017 CPU reflected finding a new vulnerability every 68 hours (on average) based on the Java-related CVEs patched – 2/3rds of which had a High Severity CVSS score and 87 percent of which could be remotely exploited without authentication.
Waratek Patch
Apply custom security rules as well as current and historical virtual patches for instant protection.
- Create and apply custom virtual patches
- Library of past CPUs
- Instant protection
- No downtime
- No source code changes
- Functional equivalent physical patches
- No break / No exploit guarantee
Physically patching known software flaws is time consuming and risky. That’s why traditional virtual patching, also referred to as virtual shielding, is often mentioned as a way to quickly protect applications against known CVEs. But, traditional virtual patches still leave you vulnerable to attack.
Only Waratek can fix the vulnerable code of a CVE with no downtime, no source code changes, and no tuning.
Waratek’s runtime virtual patching is fundamentally different. A runtime virtual patch is the functional equivalent of a physical binary patch that is applied while the application runs with no source code changes and no tuning required.
The known vulnerabilities are remediated, reducing the time-to-patch across an enterprise from weeks, months, or years to a matter of minutes.
All code required to operate the application enters the Just In Time (JIT) Compiler
Waratek applies rules that apply virtual patches
The application now operates as if the source code had been updated with the suppliers patch update
The Management Console advises the operator that the patch has been applied
Suggested Resources
Case Study
Saving Time and Costs with Virtual Patching
Download this Case Study to hear what our customers have to say
Patching News
Java Deserialization Vulnerability in WebSphere Application Server
Guidance on Java Deserialization Vulnerability in WebSphere Application Server ND (CVE-2019-4279) Security Bulletin IBM issued a security bulletin on Wednesday 15th May that advised of a critical vulnerability affecting IBM…
Read More Secure Coding is Great, but is it Enough?
Despite our best efforts to write secure code, computer security breaches at major banks, retailers and government agencies are making front page headlines on a regular basis. Here are five…
Read More 