New ‘Virtual Patch’ Targets Java, .NET Vulnerabilities

Waratek announced a new security tool for Java and .NET applications that uses virtualization to quickly apply patches for long-term and newly discovered vulnerabilities.

The company positioned its new Waratek Patch as an alternative to the traditional “physical” patching process that enterprises follow after critical fixes are issued by Oracle and Microsoft — a process the company described as “a significant part of the burden teams face.”

Waratek said the virtualized patch lets enterprise developers and admins more quickly address flaws unveiled in Microsoft’s “Patch Tuesday” process and Oracle’s quarterly Critical Patch Updates (CPU), in addition to protecting against old vulnerabilities that organizations may not have gotten around to fixing yet.

Described as a “lightweight runtime plug-in agent,” the company claims the tool can enable admins to secure Java- and .NET-based apps without changing any code or having to take an application out of production. Its current library includes released patches for Java 7 and Java 8 (going back about four years), with a plan for later Java versions being added this year.

In addition to applying routine updates from Microsoft, Oracle, Apache and other software vendors, the tool can help dev and security teams create and apply custom patches based on static and dynamic application security scanning tool reports, Waratek said in a news release this week.

“This gives dev teams the opportunity to better prioritize tasks without running the risk of being breached while waiting to apply a physical patch,” noted Waratek Founder and Chief Technology Officer John Matthew Holt. “Waratek Patch allows security teams to improve compliance with company, industry and government regulations while reducing costs and labor-intensive activities associated with applying physical patches.”

Read the full article here.

This article appeared was written by Wendy Hernandez and appeared in ADT Mag

Related resources

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.