edgescan - Virtual Patching and WAF integration - Reducing "time-to-fix"

By -


What is a Virtual Patch?


The idea of virtual patching is to apply a rule on a perimeter endpoint which mitigates/reduces the risk of the vulnerability being exploited. This can be performed without changing any application source code and is in effect applying a rule to an IDS/IPS or WAF such that it is aware and can defend against a particular attack vector and protect a system from exploitation or breach.


When you consider the numerous use cases when organizations can’t simply edit and fix the source code, the benefits of virtual patching becomes apparent.
  • It is a scalable solution as it is implemented in a single location (the firewall) vs. installing patches on all hosts.
  • It reduces/mitigates risk of breach or exploitation until a vendor-supplied patch is released or while a patch is being tested and applied.
  • The source code is not altered and hence it reduces the likelihood of code conflicts or introducing errors.
  • It provides timely protection for mission-critical systems that may not be taken offline but have an exposed vulnerability.
  • Legacy/3rd Party Apps; The code may not be available but we need to fix the vulnerability.
"Defenders are always on the back-foot as time to fix is longer than time-to-exploit. This slow reaction time creates a permanent offensive advantage to the attacker."

 edgescan provides continuous vulnerability managed coupled with expert validation and support via its cloud based SaaS. It manages over 20,000 systems globally every month and provides full-stack vulnerability management to our clients. 

A new feature in edgescan gives or users the ability to generate rules for a chosen firewall vendor/version which are customized to the vulnerabilities unique to the application in question.

  • Auto-generation of firewall rules gives you the ability to patch a critical issue very quickly using your Web Application Firewall.
  • No need to change the applications source code (and maybe that's not possible).
  • Multiple web application vulnerabilities can be mitigated at the same time.
  • No need to be a firewall expert.
  • The edgescan API gives access to automating rule generation and easy deployment to pre-production / production environments.
Generating Virtual Patch rules for an entire application is as simple as hitting the "WAF Rules" button.

Rules generated for Citrix Netscalar
WAF Rules generation for a single selected vulnerability




Comments

Post a Comment

Popular posts from this blog

Edgescan, why we do what we do.....

By -
Image
  The cyber security industry is full of solutions to make you more secure. Some are unproven and other approaches work if deployed properly. Our industry is very fragmented. for example a recent "Cyber Defense" award I noticed has 195 categories!  I suppose we need to ask ourselves as companies from time to time why we do what we do?  So, the following post is, I guess, the reason we developed Edgescan and why we believe its a decent solution to help organizations improve and be more resilient in relation to cyber security and system protection.... Vulnerability scanning alone did not work. The idea of software testing software for vulnerabilities is a good one but both sides of the equation may have bugs. Bugs in one side (The target) may result in vulnerabilities, whilst bugs on the other side (Scanner) may result in false negatives and false positives.  Accuracy : To that end we built edgescan as a combination of automation to discover vulnerabilities at scale but  when c
Read more

20 years of Vulnerability Managment - Why we've failed and continue to do so.

By -
Image
Cyber Security: Keeping Pace with Change. Getting breached can really ruin your day. Actually it normally happens on a friday evening as you are about chill for the weekend. The cause of must breaches is not rocket science, its more to do with the poor approach we have accepted because we underestimate the threat actor.  - An attacker does not scan your website/network once a quarter with a commercial or open source scanner or perform an annual penetration test against your systems to see if there is any low hanging fruit, so how do we expect to defend against such an advisory using that approach? Systems change now more frequently than ever due to the ease of cloud deployments and the speed of software deployments due to iterative development techniques. The rate of change increase results in exposures quickly manifesting and the organisation not even being aware of the exposure in the first place. Many organisations dont know what they have exposed on the public Internet. We need t
Read more

Edgescan and Huawei - Cybersecurity - Irish Times Article and Panel Discussion

By -
Image
I recently was interviewed by the Irish times on why is everything getting hacked and how can we change the game.... https://www.irishtimes.com/special-reports/cybersecurity-focus/criminals-have-an-inbuilt-advantage-in-the-great-cyber-arms-race-1.4651078  A recording of the Panel with Andy Purdy, CSO of Huawei North America. https://www.youtube.com/watch?v=cQJ1uSQ4IEk&t=33s Both are decent and worth a listen.
Read more