Virtual patching Part I: What is it and why does it matter?

by Bharat Mistry

If nothing else, the past year has shown us that the traditional network perimeter as we knew it is now gone. Today’s organisations run a complex blend of remote working endpoints, cloud applications and servers alongside their traditional on-premises assets. This inevitably creates new security and compliance challenges, because all the operating systems and software that run on these endpoints need continual patching against new malware exploits. Fail in this, and CISOs run the risk of a potentially serious security incident that could lead to widespread disruption and financial and reputational damage.

The problem is that patching is not as easy as it sounds. This is where virtual patching can help.

Patching problems
Patching has become an inevitability in the modern IT organisation. Thanks to a highly motivated cybercrime underground and the efforts of white hat researchers, more vulnerabilities are being exposed and exploited today than ever. Some 20,362 were reported in 2019, up 18% on the previous year, according to one estimate. The IT landscape is also becoming more complex, thanks to investments in software-defined networks, the cloud and containers. This expands the attack surface for cyber-criminals and presents opportunities to exploit flaws in modern as well as legacy systems.

In this context, keeping track of all the software and OS versions your organisation is running can be a challenge. Yet it’s an essential element of security risk management and compliance.

The cost of patching failures
Fail to stay on top of your patching obligations and the organisation could suffer. Over half (57%) of breaches are estimated to be caused by bugs that could have been patched. And over a third (34%) of organisations that have suffered a breach claimed to have known about a vulnerability but didn’t fix it, according to one report

A serious data breach or ransomware infection could lead to:

  • Major regulatory fines (GDPR, PCI DSS etc)
  • IT costs (productivity, remediation and clean-up etc)
  • Staff productivity losses
  • A hit to the share price
  • Legal costs from resulting class action suits and lawyers’ fees
  • Brand damage leading to customer loss

What are my options?
In short, you need to be constantly aware of the vulnerability status of all software and OS versions, and understand the impact of a patch before deploying it. Testing is an important step to ensure it doesn’t do more damage than it could prevent. 

Some organisations are unable to patch promptly because:

  • They can’t afford to take mission critical systems offline to test a patch
  • If they upgrade, critical legacy applications would stop working
  • They are simply overwhelmed by the number of patches made available each month
  • They can’t afford to upgrade a legacy OS as it would require a major PC refresh

Some organisations invest in expensive extended support from OS vendors like Microsoft. This way, they can get emergency security updates beyond the end-of-life date. But that doesn’t help with the other scenarios.

Some organisations may decide to rely on endpoint and other security tools to protect vulnerable software from exploits. However, most tools don’t have the required visibility into unknown as well as known malware, and are therefore not providing the kind of comprehensive protection the organisation needs. Even those who are happy to wait for vendor updates are locked into a continuous time- and resource-intensive process of reactive patching. In some cases, the bad guys have days or weeks to exploit before a patch is even made available.

Some may decide to run the risk and do nothing in the vein hope that their systems are not in the cross-hairs of attackers. But this is a dangerous game to play as a raft online freely available tools can very quickly reveal systems that are exposed.

The value of virtual patching
The only way to solve these challenges effectively is via virtual patching from Trend Micro. Available via TippingPoint, CloudOne Workload Security and CloudOne Application Security, it offers multi-layered intrusion prevention capabilities to protect vulnerable software and OSes from known and unknown threats.

Crucially, it utilises the unique insight provided by Trend Micro’s Zero Day Initiative and our visibility into endpoint, server and application layers, to react quickest with protection. It’s also automated for simple deployment.

With virtual patching, your organisation is able to:

  • Close the window of opportunity for attackers
  • Protect legacy OSes and their applications
  • Buy time until a vendor patch can be published/you’re ready to roll out fixes
  • Prevent unnecessary downtime that might be caused by patching
  • Support regulatory compliance and best practice security
  • Go beyond extended support programmes with enhanced protection

In part two of this series, we’ll discuss several common scenarios where virtual patching can help organisations.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.