Why Virtual Patching?

Patching databases for security is a long and cumbersome process:

• When a vulnerability is discovered, either by a "white hat" (ethical hacker) or by the DBMS vendor, it is logged by the vendor.
  
• The DBMS vendor develops a patch. This takes several months or sometimes longer.
• The DBMS vendor then distributes the patch.
  
• Customers need to test the patch first to make sure it does not impact existing applications. They then need to schedule downtime to install the patch - for multiple databases this may be a major undertaking.
• Throughout this period - many months - the database remains vulnerable.
  

Virtual patching is a security layer that addresses vulnerabilities without touching the DBMS itself, and without requiring database downtime. It provides a quick and easy fix to database vulnerabilities until such time when the vendor patches can be applied.

Hedgehog Virtual Patching

Sentrigo's Red Team seeks new vulnerabilities proactively and continuously, and issues virtual patches through the security updates mechanism – essentially predefined Hedgehog rules that generate alerts or stop attacks that exploit the newly discovered vulnerabilities.

Some vulnerabilities are discovered and patched before the DBMS vendors issues a patch, and others would be patched only after the vendor patch - usually within days, which allows rapid protection against exploits.