Five Severe Oracle CPU Vulnerability Patches Applied Virtually
DUBLIN (April 20, 2016) – Waratek has released an immediate update in coordination with today’s quarterly Oracle Critical Patch Update (CPU) for Java that allows customers to virtually patch their Java applications without taking their apps out of production.
“Hackers are successful because many businesses of all sizes can’t afford the time and effort needed to apply critical patches in a timely manner.” commented John Matthew Holt, CTO and Co-Founder of Waratek. “Virtual patching allows companies to add the most up-to-date Java patches without shutting down high-value assets – the apps needed to run their business.”
Today’s CPU includes five (5) vulnerabilities (CVEs) with a “high” CVSS score between seven (7) and 10. Waratek’s initial virtual patch addresses these severe vulnerabilities and the company will release an additional virtual patch to address the remaining, lower-risk vulnerabilities.
By updating the Waratek rules engine, customers using the company’s Runtime Application Self-Protection (RASP) solution are able to virtually patch their workloads to remediate vulnerabilities included in the physical Oracle CPU.
Virtual patching does not require applications protected within a Waratek secure, virtual container to be taken out of production to get the benefits of vulnerability updates. Traditional patching methods require applications to be shut down and the update applied before restarting the app – a time consuming and disruptive operation that often leads to organizations falling behind in fixing known vulnerabilities.
“Application security is more than just fixing business-logic bugs like XSS in a web-facing application,” noted Holt. “Vulnerabilities anywhere in the application stack – like the one’s in today’s CPU – undermine the security of the entire software stack. Unfortunately, most enterprises today manage business-logic security and rest-of-stack security in disparate ways with disparate tools.”
“Application security teams responsible for business-logic security, and platform/infrastructure teams responsible for patching compliance, should investigate the new RASP solutions that provide whole-app/whole-stack protection at all software layers.”
Waratek has developed a disruptive RASP technology using a secure, virtual container that self-protects Java applications from known and unknown risks without negatively impacting performance. A highly accurate solution that produces zero false positives*, Waratek requires no additional servers, sensors, instruments, code changes, or tuning to work out of the box, with an installation & remediation time of 30 minutes or less per JVM.
Waratek has received ten industry awards, including the 2015 RSA Conference’s Innovation Sandbox Award. Waratek Ltd is based in Dublin, Ireland and serves EMEA. Waratek Inc, is based in Atlanta, Georgia and serves the Americas.