Virtual patching Part II: Two scenarios to help you manage cyber risk

by Gurmail Singh

In the previous part of this three-part series, we explained how organisations are increasingly exposed to financial and reputational risk through unpatched vulnerabilities. The bad news is that these flaws are being found and exploited on an ever-growing scale, thanks to the work of legitimate researchers on the one hand and cybercrime groups and nation state actors on the other. Fail to manage this risk effectively and your organisation may suffer a major data breach and/or ransomware-related outage.

Let’s take a look at two scenarios where virtual patching can help:

Scenario 1: The legacy estate
An organisation is running a sunset estate of machines, supporting hundreds or potentially thousands of live users and applications. It is unable to upgrade all of these because of the cost of new hardware and software licenses, and IT time. In some cases, certain OS versions are no longer supported by the vendor, and/or upgrades aren’t possible because business-critical legacy applications will not work on newer versions.

It’s a challenge that many technology leaders have faced in mid- and large enterprises, especially in verticals that run lots of legacy IT, such as manufacturing, public sector and healthcare. At the same time, IT managers will come under intense pressure from their CISOs and CIOs to find a solution, because of the financial and reputational risk of non-compliance with GDPR and other regulations.

Very often, the answer is to put faith in existing security tools to protect vulnerable systems, and simply hope that attackers focus their efforts on other organisations.

Scenario 2: The software-defined datacentre & Self-healing
A modern organisation runs a software-defined datacentre to support public, private or hybrid cloud infrastructure. An attacker able to successfully exploit known or unknown vulnerabilities in this IT set-up would be able to cause major financial and reputational damage to the organisation. Fortunately, the company understands these risks and the importance of patch management. 

However, the challenge is the sheer volume of patches being released every month, across open source and proprietary systems. Microsoft alone has averaged well over 100 for each month in 2020. These each have to be prioritised according to the systems affected and how critical the vulnerability is, and then tested prior to deployment to avoid serious system outages. Most will have different patch update mechanisms, adding to the administrative burden—especially for small IT teams.

Even if the organisation finds a way to coordinate and standardise patch management in an effective, automated and risk-based manner, it remains exposed until vendors issue their updates. In the case of zero-day threats, there is a major risk of pre-patch exploitation.

Why virtual patching works
Virtual patching works by providing multi-layered intrusion prevention to shield vulnerable software and operating systems from both known and unknown threats. It fixes the problems highlighted in the above scenarios, by offering:

  • Insight from Trend Micro’s Zero Day Initiative and our visibility into endpoint, server and application layers, to offer rapid protection, even when vendor patches are still unavailable
  • Simple deployment, as an appliance or agent that sits on the host
  • Compatibility with all on-premises, hybrid cloud and software-defined environments
  • No need to take systems offline to test a patch, or live with the bug
  • Recognition by regulators as best practice protection for IT systems
  • Co-existence with other security tools as part of multi-layered threat protection

One Trend Micro customer detected a critical vulnerability affecting thousands of legacy remote user endpoints and servers. It knew it would take 3-5 years to modernise their entire estate. If it paid for extended support from Microsoft it would have cost the firm millions. With Trend Micro’s virtual patching capabilities IT was able to switch on protection within days and provide immediate assurance to the business that it was secure and compliant.

In the final part of this series, we’ll be taking a look at some of the common objections to virtual patching and dispelling some persistent myths.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.