By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
A virtual patch gives administrators the option of being able to review, test and schedule official patch updates without leaving the system at risk in the intervening period. Unlike traditional patching, it allows an application to be patched without touching it or its libraries, the operating system or even the system it is running on. Virtual patching aims to fix a problem by altering or eliminating the vulnerability by controlling either the inputs into or outputs from the application.
A common method of implementing a virtual patch is to place some type of a proxy or in-line packet manipulator in front of the application to control the inputs or outputs from the application, preventing or eliminating the dangerous behavior until the actual source code can be updated or fixed. An alternative approach is to change the application's runtime code, but this can introduce new risks or problems.
A benefit of virtual patching is that it can be crafted based solely on known safe behavior for an application. This kind of setting is really useful in those cases when nothing it known about how the actual attack works, such as when vendors are reluctant to discuss the specific nature of a particular threat. You can create virtual patches that both prevent the attack, as well as implement rules that define trusted behavior, thereby adding an extra layer of security. For example, an output patch could prevent an application from exposing sensitive information by dropping the connection or by allowing it to only output certain content.
There is no doubt that a virtual patch is an extremely valuable technique that can be used to provide immediate protection against identified vulnerabilities. To make the most of this patching approach, you need to stay up to date with vendor or public vulnerability disclosures and conduct your own code reviews and vulnerability assessments. Of course, if you actually suffer a security incident, virtual patching can prove to be invaluable as you have to respond to such an event immediately. Virtual patching, however, is not an alternative to patching. You will still have to deploy them whenever possible and practical, but it can provide reliable protection in the interim. Although it's probably not realistic to implement virtual patching across a large deployment of desktops, servers and data centers can certainly benefit from the quick fix it can provide.
Dig Deeper on Security patch management and Windows Patch Tuesday news
Related Q&A from Michael Cobb
Is cookie encryption enough to protect sensitive information? Expert Michael Cobb explains how salted hashes can prevent attacks, and the secure way ...continue reading
A vulnerability was found in the Blackphone's Icera modem. Expert Michael Cobb explains how attackers could hijack the device, and if this would ...continue reading
Oracle is killing off the Java browser plug-in due to security risks. Expert Michael Cobb explains the next steps for enterprises with Java-based ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.