Article

Waratek Secure and Oracle Patch Updates: Securing Mission Critical Apps in Minutes

Waratek Secure (delivered via our Threat Remediation offering) and Oracle Critical Patch Updates serve distinct but complementary roles in securing Oracle applications. Here’s a look at how they are different and how they complement each other.

Oracle Patches

  • Purpose: Oracle provides official patches, typically released quarterly as Critical Patch Updates (CPUs), to fix known security vulnerabilities and bugs within their software. These patches involve updates to the application code itself.
  • Scope: They address a wide range of CVEs across various Oracle products, including database, middleware, and applications.
  • Deployment: Applying Oracle patches usually requires downtime for the application or database to be updated, tested, and restarted. This process can be time-consuming, complex, and may introduce compatibility issues.
  • Coverage: Oracle patches address the root cause of vulnerabilities by modifying the software code.

Waratek Secure

  • Purpose: Waratek ARMR, a secure solution that includes virtual patching technology and immutable security rules provides an immediate layer of security against known and even certain zero-day vulnerabilities. Known as Waratek Secure, this runtime application security protection solution (RASP) does not require any changes to the application code or downtime to act as both a preventative and remediation control.
  • Scope: Waratek focuses on Java applications, including those from Oracle (like WebLogic and E-Business Suite). It intercepts and analyzes application behavior at runtime without impacting the functionality of the application with a library of virtual patches for CVEs dating to 2009.
  • Deployment: Virtual patches are deployed as rules or small files via a lightweight agent applied instantly without application restarts.
  • Coverage: Instead of fixing the underlying source code, Waratek Secure identifies and blocks common attacks using standard rules in addition to virtual patches that target and repel malicious requests or activities that attempt to exploit vulnerabilities.

Waratek and Oracle Critical Patches Work Together

  • Immediate Protection: Waratek provides protection for known vulnerabilities and Zero Day bugs, often before Oracle releases an official patch. Waratek Secure’s rules and virtual patches take immediate effect without a required app restart. This is crucial as attackers often try to exploit vulnerabilities rapidly after public disclosure. For example, Waratek released a virtual patch for a critical Oracle WebLogic flaw (CVE-2020-14882) that was under active attack, coinciding with Oracle’s CPU release.
  • Bridging the Patching Gap: Applying Oracle patches can take time due to testing, scheduling downtime, and coordinating across different systems. Waratek’s virtual patching fills this gap by providing continuous protection until official patches can be applied.
  • Protection Against Unpatched Systems: Organizations may have systems where applying Oracle patches is difficult or not immediately feasible due to various constraints (e.g., legacy systems, compatibility concerns). Waratek provides a security layer for these systems.
  • Zero-Day Attack Mitigation: While Oracle patches address known vulnerabilities, Waratek’s immutable runtime protection generally detects and blocks novel attacks (zero-day exploits) by identifying anomalous or malicious behavior.
  • Reduced Downtime and Risk: Waratek’s non-intrusive deployment avoids the downtime and potential instability associated with applying traditional patches.
  • Customizable Patching: Waratek allows security teams to create and deploy custom virtual patches based on findings from security scanning tools, offering a more tailored and active approach to vulnerability management.
  • Improved Compliance: By providing timely protection against known and zero-day vulnerabilities, Waratek helps organizations meet compliance requirements while they plan and execute their standard patching cycles.

Summary

Oracle patches are like replacing a broken door into a building, while Waratek virtual patching is like having a security guard that prevents anyone from entering the door.

Oracle critical patch updates provide a long-term fix for known vulnerabilities by addressing the root cause of flaws in an application’s code. Waratek virtual patching offers immediate and ongoing protection at runtime by preventing the exploitation of known vulnerabilities and oftentimes Zero Day vulnerabilities, complementing the traditional patching process.

Both – Oracle CPUs and Waratek Secure – are essential for a strong security posture.

Ready to see Waratek Secure in action? Explore our platform today to learn how you can transform your organization’s approach to Java security

About Waratek

Based in Dublin, Ireland, Waratek is the leader in the next significant shift toward active security platforms. Organizations around the world rely on our solutions to prescriptively secure their business-critical applications. Rather than focusing on lagging indicators like network traffic and regex, we fix vulnerabilities in the code while your applications run. Security professionals and developers love our solutions for the low friction and ease of scalability.

Related resources

Walking the Tightrope: Assessing Risk Tolerance For Mission Critical Applications
The Fork in the Road: Prioritizing Application Vulnerabilities vs. Runtime Protection

The Fork in the Road: Prioritizing Application Vulnerabilities vs. Runtime Protection
Are Cloud Native and Runtime Protection Security a Perfect Match?

Are Cloud Native and Runtime Protection Security a Perfect Match?

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.

Book a demo
Start tour