New 'Virtual Patch' Protects Apps Against Known Flaws
This week virtualization-based application security provider Waratek announced the release of the newest addition to its Runtime Application Security Platform, Waratek Patch.
Described as a "lightweight runtime plug-in agent," the company claims admins can secure Java- and .NET-based apps without changing any code or having to take an application out of production. Its current library includes released patches for Java 7 and Java 8 (going back about four years), with a plan for later Java versions being added this year.
In addition to "instant protection from known flaws," Wartek Patch can apply routine updates from Microsoft, Oracle, Apache and other software developers. Dev and security teams can also create and apply custom patches based on scanning tool reports.
"This gives dev teams the opportunity to better prioritize tasks without running the risk of being breached while waiting to apply a physical patch," noted Waratek Founder and Chief Technology Officer John Matthew Holt. "Waratek Patch allows security teams to improve compliance with company, industry and government regulations while reducing costs and labor-intensive activities associated with applying physical patches."
With Waratek Patch, the company claims organizations can:
- Instantly patch applications with no code changes or downtime required
- Create and apply custom virtual patches from scanning tool reports
- Apply Java & .NET current critical patch updates as virtual patches
- Improve compliance with company, industry and government regulations by adding a library of virtual CPU patches to add updates that may not have been applied in the past
According to the release, any vulnerability that's been patched with the plug-in cannot be exploited and the company guarantees that, once installed, the virtual patch will not break an app.
To learn more about the entire Runtime Application Security Platform, visit the company's Web site.
Wendy Hernandez is group managing editor for the 1105 Enterprise Computing Group.