New 'Virtual Patch' Targets Java, .NET Vulnerabilities

Waratek announced a new security tool for Java and .NET applications that uses virtualization to quickly apply patches for long-term and newly discovered vulnerabilities.

The company positioned its new Waratek Patch as an alternative to the traditional "physical" patching process that enterprises follow after critical fixes are issued by Oracle and Microsoft -- a process the company described as "a significant part of the burden teams face."

Waratek said the virtualized patch lets enterprise developers and admins more quickly address flaws unveiled in Microsoft's "Patch Tuesday" process and Oracle's quarterly Critical Patch Updates (CPU), in addition to protecting against old vulnerabilities that organizations may not have gotten around to fixing yet.

Described as a "lightweight runtime plug-in agent," the company claims the tool can enable admins to secure Java- and .NET-based apps without changing any code or having to take an application out of production. Its current library includes released patches for Java 7 and Java 8 (going back about four years), with a plan for later Java versions being added this year.

In addition to applying routine updates from Microsoft, Oracle, Apache and other software vendors, the tool can help dev and security teams create and apply custom patches based on static and dynamic application security scanning tool reports, Waratek said in a news release this week.

"This gives dev teams the opportunity to better prioritize tasks without running the risk of being breached while waiting to apply a physical patch," noted Waratek Founder and Chief Technology Officer John Matthew Holt. "Waratek Patch allows security teams to improve compliance with company, industry and government regulations while reducing costs and labor-intensive activities associated with applying physical patches."

With Waratek Patch, the company claims organizations can:

  • Instantly patch applications with no code changes or downtime required
  • Create and apply custom virtual patches from scanning tool reports
  • Apply Java & .NET current critical patch updates as virtual patches
  • Improve compliance with company, industry and government regulations by adding a library of virtual CPU patches to add updates that may not have been applied in the past

According to the release, any vulnerability that's been patched with the plug-in cannot be exploited and the company guarantees that, once installed, the virtual patch will not break an app.

To learn more about the entire Runtime Application Security Platform, visit the company's Web site.

About the Author

Wendy Hernandez is group managing editor for the 1105 Enterprise Computing Group.