Sentrigo’s Virtual Patching Bridges a Chasm
April 30, 2009
Next steps
Request a demo
Contact me
Sales
+1 (408) 970-3305
OR +44 (0)2076 499959
Download Now
14 Day Eval Versions
Sentrigo’s Virtual Patching Bridges a Chasm in Database Security Processes
Within 48 hours of Oracle’s release of its April 2009 Critical Patch Update, Sentrigo has released a security update containing virtual patching coverage for the vulnerabilities published in the CPU. Learn how Sentrigo’s vPatch protects Oracle customers from both the risks mitigated by and generated by security patch releases.
Oracle periodically releases Critical Patch Updates (CPUs) to fix security issues in its products. When installed, these patches are valuable in mitigating the risk of attacks on Oracle databases. However, once such a CPU is released, the clock starts ticking on a new level of risk for customers who have not yet applied the patch: it makes it profoundly easier for attackers to discover the vulnerabilities addressed in the patch, and exploit them before customers have the time to schedule its deployment.
To the rescue comes Sentrigo’s Security Research team. Drawing on rich experience in database security and proprietary CPU analysis tools and techniques, the team employs a three-phased program to mitigate the additional exposure to attacks caused by a security patch release.
First, within a few days of the release, Sentrigo locates and “virtually patches” the vulnerabilities which are most readily and easily discoverable by a potential attacker studying the Oracle patch. This April, less than 48 hours have elapsed when Sentrigo released 8 new vPatch rules protecting customers against the most acute risks of Oracle’s April 2009 CPU.
Second, within a few more weeks, Sentrigo identifies and protects its customers against the remaining vulnerabilities. Less than 2 weeks following Sentrigo’s first-aid Security Update this April, a second wave of vPatch rules was added to protect against remaining vulnerabilities published in the CPU. This included, in addition to 2 new rules, 3 rules which have already been in place, and only enjoyed an upgrade.
The first 2 stages are designed as a “first response” to the increased risk a security patch release brings about. Such a response is often intentionally inclusive in order to make sure the risk is properly addressed. For a period of time following the aggravation of the risk, we may therefore expect an increased amount of false alerts.
The third phase is longer and more subtle, and intended to address these false alerts. In time, more information about the vulnerabilities is revealed and studied. Some of this information originates in Sentrigo’s customers and their experience with the vPatch rules. Sentrigo’s Security Research team continuously improves these rules, to increase the level of confidence in the validity of alerts, while keeping the high level of coverage they provide.