Q

When should a virtual patch be used?

Learn how virtual patches can help administrators review, test and schedule official patch updates and find out about the benefits a virtual patch provides, such as protection against identified vulnerabilities.

In what situations is a virtual patch appropriate, and is it a safe, recommended way to get an immediate fix for an emerging flaw?
Patch management is certainly the bane of most network administrators' workload. They have to balance securing the system with making sure they don't break it. When a security patch is issued, it can be a stressful time waiting for a maintenance window to install the fix. The business is at risk of attack and the hackers have all the information they need to break in. Many organizations find they can't patch their systems at the rate new vulnerabilities are discovered. At best, it is a painful process, disrupting day-to-day business and requiring additional time and resources for testing and deployment.

A virtual patch gives administrators the option of being able to review, test and schedule official patch updates without leaving the system at risk in the intervening period. Unlike traditional patching, it allows an application to be patched without touching it or its libraries, the operating system or even the system it is running on. Virtual patching aims to fix a problem by altering or eliminating the vulnerability by controlling either the inputs into or outputs from the application.

A common method of implementing a virtual patch is to place some type of a proxy or in-line packet manipulator in front of the application to control the inputs or outputs from the application, preventing or eliminating the dangerous behavior until the actual source code can be updated or fixed. An alternative approach is to change the application's runtime code, but this can introduce new risks or problems.

A benefit of virtual patching is that it can be crafted based solely on known safe behavior for an application. This kind of setting is really useful in those cases when nothing it known about how the actual attack works, such as when vendors are reluctant to discuss the specific nature of a particular threat. You can create virtual patches that both prevent the attack, as well as implement rules that define trusted behavior, thereby adding an extra layer of security. For example, an output patch could prevent an application from exposing sensitive information by dropping the connection or by allowing it to only output certain content.

There is no doubt that a virtual patch is an extremely valuable technique that can be used to provide immediate protection against identified vulnerabilities. To make the most of this patching approach, you need to stay up to date with vendor or public vulnerability disclosures and conduct your own code reviews and vulnerability assessments. Of course, if you actually suffer a security incident, virtual patching can prove to be invaluable as you have to respond to such an event immediately. Virtual patching, however, is not an alternative to patching. You will still have to deploy them whenever possible and practical, but it can provide reliable protection in the interim. Although it's probably not realistic to implement virtual patching across a large deployment of desktops, servers and data centers can certainly benefit from the quick fix it can provide.
This was first published in February 2009

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close