Runtime Vulnerability Patching

It doesn't need to be difficult to patch legacy and critical enterprise applications

Speed is of the essence

Every security patch issued by Oracle, Microsoft, IBM, Apache or any other software developer starts a relay race. One team is the malicious hackers who seek web applications containing the new vulnerability to steal an organization’s data.
It may take attackers a few days or weeks to find a victim, but once inside a system, it will be nearly 200 days before the attack is noticed and another 60+ days before the attack is stopped.

Source: Ponemon Institute 2017 Cost of Data Breach Study

of all malicious attacks are aimed at the application layer

(SOURCES: DHS, Verizon)

of all successful exploits will be based on known vulnerabilities

(SOURCE: Gartner)

Binary Equivalent Security Without Code Changes

Traditional approaches to web application security that rely on heuristics cannot help you win the race against attacks from known (or unknown) software flaws. With Waratek, a virtual patch can be applied within hours of the release of a routine or emergency patch, dramatically reducing your risk profile and attack surface.

Waratek’s unique approach to application security allows teams to apply routine and emergency security updates without taking an app out of production.


Vulnerabilities are mitigated immediately and automatically – allowing Dev teams to focus on permanent fixes for the highest level vulnerabilities.


With Waratek you reduce the time and effort spent on patch updates, saving time and money and freeing your Dev team to work on innovation.


Application code is never touched and restarting the app is not required. This eliminates the risk associated with patching your mission critical apps.

Remediating years of vulnerabilities and updating an out-of-date Java JRE without changing a single line of code.

US BasedGlobal Media Company
Monitoring Application Security

Suggested Resources

Case Study

Virtual Patching while under attack

Download this Case Study to hear what our customers have to say

See it for yourself.

Schedule a demo

Patching News

April 24, 2019 in Alerts, Legacy, Patching, Technical, Zero Day

New WebLogic Zero-Day RCE Vulnerability

We’ve been alerted to a potential WebLogic zero-day from a credible source. According to the reports, Oracle WebLogic wls9_async and wls-wsat components trigger a deserialization remote command execution vulnerability. This…
Read More
March 4, 2019 in Blog, Legacy, Patching, Zero Day

Secure Coding is Great, but is it Enough?

Despite our best efforts to write secure code, computer security breaches at major banks, retailers and government agencies are making front page headlines on a regular basis. Here are five…
Read More
February 20, 2019 in Blog, Legacy, Patching

Takeaways from the Recent Global CIO Banking Summit

Last week, we returned from the Global CIO Banking Summit in beautiful Dorking, England. After spending three days with about 100 delegates from some of the world’s largest financial institutions,…
Read More
December 13, 2018 in Blog, Legacy, Patching, Zero Day

Fighting automated cybersecurity attacks with manual tools

December cybersecurity trends make it clear, it’s time to fight back December 2018 has been a tough month in the cybersecurity community.  In the span of a few days, we’ve…
Read More