Today’s systems can be considered as very advanced as well as complex, with multiple dependencies and interrelationships. It requires a lot of time to develop a fix and test it in operation. Implementation of a virtual patch does not modify the operation of the underlying application or the systems that interact with it. It is possible to run the patch in monitor mode to evaluate any potential impacts before turning on the blocking functions.
Goals of Virtual Patching
There are numerous scenarios where organizations can’t simply immediately edit the source code, the value of virtual patching becomes noticeable.
The two primary goals of Virtual Patching are:
Fixation of application source code needs time. Virtual patches are used to immediately implement a mitigation for a vulnerability that has been identified.
(a) In certain circumstances, it is practicable to attain 100 percent of attack surface reduction, like missing positive input validation security.
(b) In other cases, the virtual patch might not be able to mitigate the vulnerability completely. But it can lessen the potential of an offender to exploit it by restricting inputs and outputs of system interactions.
For example, the offender can send the attack to the system but the WAF can block any of the outputs that could be returned to the attacker.
Advantages of Virtual Patching
From an organizations perspective, the merits are:
The benefits from a web application security consultant’s perspective, virtual patching reveals another approach for providing services to their clients. At present, a consultant can offer to create virtual patches to externally address the issues outside of the application code.
See the link: Virtual Patching