Posts

Showing posts from July, 2016

edgescan - Virtual Patching and WAF integration - Reducing "time-to-fix"

Image
What is a Virtual Patch? The idea of virtual patching is to apply a rule on a perimeter endpoint which mitigates/reduces the risk of the vulnerability being exploited. This can be performed without changing any application source code and is in effect applying a rule to an IDS/IPS or WAF such that it is aware and can defend against a particular attack vector and protect a system from exploitation or breach. When you consider the numerous use cases when organizations can’t simply edit and fix the source code, the benefits of virtual patching becomes apparent. It is a scalable solution as it is implemented in a single location (the firewall) vs. installing patches on all hosts. It reduces/mitigates risk of breach or exploitation until a vendor-supplied patch is released or while a patch is being tested and applied. The source code is not altered and hence it reduces the likelihood of code conflicts or introducing errors. It provides timely pr...