Wednesday, August 12, 2020

Why / Why Not Virtual Patching

 While the goal of many organizations is to maintain operating systems and other business application software are always up to date with latest security patches, realities impede the progress in being able to quickly address a vulnerability before a malicious adversary can be taken advantage.

There are many factors that complicate the ability to mitigate a given vulnerability once it has been identified. These factors include:

  • Obsolete/legacy applications being used by the organization.
  • Application dependencies that can caused the functional errors when being patched. Therefore, proper testing is required before applying a patch to the software or operating system in a application system and to address issues that can be introduced by the patch.
  • Operational delays due to lack of resources and expertise within the organization to allocate for vulnerability management.

Therefore, the patch response time vary greatly due to the above given circumstances.

In a situations where traditional patches are not feasible, a virtual patch can be utilized to reduce the likelihood of a successful cyber attack. It helps to mitigate vulnerabilities in a separate layer, where you get to fix problems in applications without making alteration to the application directly. A virtual patch deals with the process or method of fixing problems by altering or eliminating vulnerabilities by controlling the inputs and outputs to and from the applications.

The virtual patching solution helps organizations to:

  • Mitigates the risk of an exploit quickly, until an effective, permanent patch can be tested and released by the application vendor for vulnerabilities in operating systems and business applications.
  • Maintain normal patching cycle without interrupting operations, if a vulnerability arises midway between scheduled patch releases.
  • Reduces or eliminates time and money spent performing emergency patching.
  • In certain cases, before the original patch is released virtual patching could have the risk mitigation.
  • While virtual patching offers many advantages to the organization, it also has limitations such as:
  • Virtual patching will not be able to address all possible ways, or all of the possible locations, in which an exploit can occur as a result of a particular vulnerability.
  • Development of countering exploitation for each security issue due to rapidly discovered new vulnerabilities
  • While virtual patching serving as a compensating control to delay the patch cycle, the organization always need to fix vulnerabilities to prevent the associated risks.
  • While a virtual patch can avert an immediate crisis, the virtual patch cannot eliminate inherent defects in an application program that is poorly developed.

Hence, a successful implementation of a virtual patching solution provides an additional layer of security to the organization's IT infrastructure which helps to reduce the risk of many critical security vulnerabilities that cannot be resolved due to various dependencies.

0 comments: