Waratek Patch
Runtime Vulnerability Patching
Fix your code flaws in the compilation pipeline with a real-time patch that is the equivalent of a binary code change
The Patching Problem
Vulnerability Scanning
A single Static Application Security Testing (SAST) report could identify hundreds—if not thousands—of instances for each vulnerability, but running SAST and Dynamic Application Security Testing (DAST) tools only identifies the vulnerabilities, it does not fix them.
Vulnerabilities also occur throughout the rest of the code in the underlying frameworks, libraries, transient dependencies, servers, services and even the runtime platform itself (JVM, .NET, etc.).
Critical Patch Updates
Routine critical patches that come from Oracle and Microsoft represent a significant part of the burden teams face. Microsoft’s Patch Tuesday is an institutional event and Oracle’s quarterly Critical Patch Updates (CPU) have more than doubled in size since April 2016 – from the 130s to the 300s per CPU in July 2017. The July 2017 CPU reflected finding a new vulnerability every 68 hours (on average) based on the Java-related CVEs patched – 2/3rds of which had a High Severity CVSS score and 87 percent of which could be remotely exploited without authentication.
Waratek Patch
Apply custom security rules as well as current and historical virtual patches for instant protection.
- Create and apply custom virtual patches
- Library of past CPUs
- Instant protection
- No downtime
- No source code changes
- Functional equivalent physical patches
- No break / No exploit guarantee
Physically patching known software flaws is time consuming and risky. That’s why traditional virtual patching, also referred to as virtual shielding, is often mentioned as a way to quickly protect applications against known CVEs. But, traditional virtual patches still leave you vulnerable to attack.
Only Waratek can fix the vulnerable code of a CVE with no downtime, no source code changes, and no tuning.
Waratek’s runtime virtual patching is fundamentally different. A runtime virtual patch is the functional equivalent of a physical binary patch that is applied while the application runs with no source code changes and no tuning required.
The known vulnerabilities are remediated, reducing the time-to-patch across an enterprise from weeks, months, or years to a matter of minutes.
All code required to operate the application enters the Just In Time (JIT) Compiler
Waratek applies rules that apply virtual patches
The application now operates as if the source code had been updated with the suppliers patch update
The Management Console advises the operator that the patch has been applied
Suggested Resources
Case Study
Saving Time and Costs with Virtual Patching
Download this Case Study to hear what our customers have to say
Patching News
Oracle Critical Patch Update Preview: April 2020 CPU could top 400 patches, a double-digit year-over-year increase
The April Oracle 2020 Critical Patch Update (CPU) could see a 37% increase in software patches across the Oracle product suite based on a pre-release of the quarterly update due…
Read More
Oracle January 2020 CPU includes fewer Java SE patches, but the severity base scores are higher
The number of Java SE patches in the quarterly Oracle Critical Patch Update (CPU) for January 2020 drops to 12 from the 20 included in October 2019's CPU. But, 1/3rd…
Read More
