Virtual Patching: Patch Those Vulnerabilities before They Can Be Exploited

virtual patching view infographic: Dodging a Compromise: A Peek at Exposure Gaps

In Trend Micro’s 3Q 2014 security roundup, Pawan Kinger, Director for Deep Security Labs stated that “The possibility of seeing another vulnerability as big as Shellshock in the future is likely. Heartbleed and Shellshock provided new avenues for attackers to look at.” Indeed, after serious vulnerabilities like Heartbleed and Shellshock, many organizations are continuously being attacked. Having both gone unnoticed for many years, these incidents suggest that there might be more uncovered vulnerabilities in business systems and applications that were previously thought to be safe.

[Read: Vulnerabilities Under Attack: Shedding Light on the Growing Attack Surface]

Below are five critical vulnerabilities that were discovered and disclosed over the third quarter of 2014, apart from the aforementioned high-profile exploits. Four affected Internet Explorer while one affected Adobe Flash Player.

How vulnerabilities become a problem for organizations

Vulnerabilities are almost always patched by vendors, especially when they're considered critical. However, not all organizations and users apply them, or apply them immediately, and IT personnel are often left in a state of flux. The average organization takes over 30 days to patch standard operating systems and applications, and months or years to patch more complex business applications and systems. But what takes enterprises longer to patch?

Uptime preservation – IT personnel might be hesitant to patch as it could involve downtime while critical business servers are offline.

Cost reduction – replacing legacy systems or upgrading in-house developed applications could be costly and time consuming. In effect, IT groups become hesitant to fix or replace something that still functions, regardless of its version.

Given these challenges, an enterprise could be exposed to security problems that may result in network and system compromise, critical data exposure, security measure compromise, reputation damage, and financial loss. Addressing such problems require the right tools. Technologies like virtual patching can help mitigate threats in the event of zero-days, acting as an agentless emergency tool that organizations can use to quickly secure vulnerabilities on affected servers and endpoints. Here’s how your organization can benefit from virtual patching:

  • Higher consolidation by offloading virtual patching from individual VMs to a single security virtual appliance
  • Faster performance by neutralizing security storms and resource contention from simultaneous patching
  • Better manageability by eliminating agents for virtual patching and the need to configure and update each one
  • Stronger security by providing instant-on protection for new VMs coordinated by the dedicated security appliance

Learn more about the importance of virtual patching on the embedded infographic: Dodging a Compromise: A Peek at Exposure Gaps

virtual patching

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.