A global financial services company selected Waratek to apply virtual patches without code changes while vulnerable applications continued to run.
Prior to evaluating Waratek, the customer assessed hundreds of internal web applications, finding multiple Java versions that required quarterly patching of security vulnerabilities. As a result, the Company determined that a traditional upgrade or patching program was not feasible due to:
- Significant financial costs and staff time required to patch hundreds of applications at least four times per year on a timely basis
- Operational burdens that could negatively impact customers
Waratek is integrated into the Company’s application hosting platform and applies virtual patches that are the code equivalent of an Oracle Critical Virtual Patch (CPU). Virtual patching hundreds of applications means application development teams do not spend time upgrading to new versions of Java along with testing and deployment activities related to traditional physical patching. This avoids the financial and operations barriers to patching Java-based applications.
In global production for two years, the company has realized other benefits from Waratek’s virtualization approach to application security:
- No false positives have been generated by Waratek in two years of production in unconditional blocking mode.
- Emergency virtual patches have been developed in less than 24 hours for newly discovered high severity vulnerabilities like Struts 2; protection is instant compared to traditional patching protocols.
- Unique approaches to application security such as Name Space Layout Randomization (NSLR) and Component Privilege De-Escalation mitigate complex attacks that fall outside the 2013 OWASP Top Ten.
- Staff members now focus on improving applications and infrastructure to better serve customers and shareholders. Waratek provides real-time attack alerts to security teams and comprehensive data that guides development teams to vulnerable sections of code.
- Waratek’s virtual patching allows customers to instantly apply routine and emergency security patches in a more cost effective and time efficient manner – without code changes or removing an application from production to deploy a patch. This dramatically reduces the risk of a cyberattack well as decreases the human and financial resources needed to keep up-to-date on required patches.
Further, the Company has seen the elimination of false positives during two years of live production in unconditional blocking mode. Performance overhead while under attack averages a very low 3%. Other clients have seen performance improvements during normal operations after modernizing applications on out-of-date platforms.
- Performance overhead at scale
- Reduction in false positives
- Code changes required