Virtual Patching

You might discover hundreds of open doors if you scan your website for security vulnerabilities. Our AppSec research across 1400 websites protected by AppTrana uncovered 33,000 critical, medium, and high vulnerabilities in Q2, 2023.

What’s more alarming is that 31% of these vulnerabilities remained open for over 180 days, with 1729 classified as critical or high.

The ideal solution is to patch the system against vulnerabilities. Even with a clear understanding of the consequences of leaving vulnerabilities unpatched, many organizations are slow in fixing these vulnerabilities. 

It is impractical to patch all vulnerabilities at once for multiple reasons. In such cases, the next best solution is virtual patching.

Unpatched Vulnerabilities and Their Real-World Consequences

In a Ponemon Institute study, 60% of breached companies pointed to their failure to patch known vulnerabilities as the reason for compromise.

For example, one of history’s most well-known data breaches was a direct consequence of overlooking the patching process – Equifax Data Breach (2017).

In 2017, Equifax, one of the largest credit reporting agencies, fell victim to a massive data breach that exposed the sensitive information of nearly 147 million individuals. The breach was attributed to an unpatched Apache Struts web application framework vulnerability.

Similarly, the unpatched Apache Log4j vulnerability (CVE-2021-44228) enabled attackers to inject malicious code via log messages. Widespread impact affected Java-based applications, leading to remote code execution, data breaches, and system compromise. 

Other well-known examples are collective vulnerabilities observed in Microsoft’s Exchange servers, including ProxyLogon, ProxyShell, and ProxyNotShell. 

These vulnerabilities consistently served as gateways for cybercriminals to breach Exchange server email accounts, steal sensitive information, and control unpatched systems. 

The Solution: Virtual Patching

Unlike traditional patching, which involves modifying the source code of an application or system to fix vulnerabilities, virtual patching is applied without altering the underlying code.

Virtual patching protects an application by examining the web application traffic and blocking the attacks while in transit. It creates a barrier at the WAF level and shields the application from any malicious activities.

The primary advantage of virtual patching is its ability to provide immediate protection against known vulnerabilities, even if the official patches from software vendors are not yet available or feasible to apply. 

Other benefits include:

• Downtime Prevention: Critical systems that demand high availability and cannot afford downtime are shielded by virtual patching, ensuring uninterrupted operations.

• Cost-effective: Virtual patching aids in minimizing or even eliminating the immediate expenses associated with urgently patching vulnerabilities.

• Preserved Patch Cycles: This approach supports the maintenance of an organization’s regular patching cycles, ensuring a structured and consistent security posture.

These benefits make virtual patching an ideal choice for businesses. It adds an extra layer of security to protect against threats.

Based on the finding in our state of application security report Q2, 2023, we have identified that AppTrana blocked 1.1 billion malicious requests across 1400 websites.

Out of these, 41% of the requests were stopped using AppTrana’s core security rules, while 59% were blocked using custom rules designed to match the specific requirements of each application.

Managed Services: Navigating the Complexities

While the effectiveness of virtual patching is widely recognized, it introduces the additional responsibility of monitoring applications to detect instances of false positives. How do you know if the identified vulnerability is not a false alarm?

You can’t manage this without security professional support. For this reason, many organizations that don’t have in-house resources turn to managed WAF. 

The managed services team offers expertise and support that address the complexities associated with security operations, allowing businesses to focus on their core competencies.

As part of the onboarding process for each application onto AppTrana, a solution engineering team oversees the deployment to guarantee the absence of false positives or misconfigurations within the first 14 days. This commitment extends post-deployment, offering ongoing false positive monitoring as part of the service.  

Conclusion

If an attacker finds a vulnerability, their next step is often exploitation. The journey through vulnerability management, virtual patching, and managed services offers a robust defense against breaches. Embrace these strategies to block cyber threats and proactively secure your business’s bottom line. 

Vinugayathri is a Senior content writer of Indusface. She has been an avid reader & writer in the tech domain since 2015. She has been a strategist and analyst of upcoming tech trends and their impact on the Cybersecurity, IoT, and AI landscape. She is a content marketer simplifying technical anomalies for aspiring Entrepreneurs.