Frequently Asked Questions (FAQ)
Security and vulnerabilities
Origina uses a layered approach to cybersecurity to protect customers IBM software from security vulnerabilities and threats. As a part of the strategy, Origina leverages existing IBM® Fix Packs and security patches that customers are entitled to.
Origina’s layered approach to cybersecurity avoids placing the weight of IBM software security solely on a security patch as a silver-bullet solution to preventing all vulnerabilities from being exploited. Relying only on vendors to deliver a security patch for a security threat can leave a company vulnerable during the period of time it takes to create the patch – or if the patch is never created.
Instead, Origina helps customers develop better IBM software security from the ground-up through a variety of established and industry-recognized tactics, which includes:
- Service transition reviews
- Software product hardening guides
- Proactive vulnerability advisories
- Virtual patching (vulnerability shielding)
- Entitled Fix Packs and security patches
- Workarounds (changes to the way the software or external applications function)
- Independent code fixes
These tactics provide better protection against common and emerging security threats by implementing stronger security controls. These security techniques are widely recognized by and leveraged as a part of security frameworks such as NIST, Cyber Essentials or the CIS Top 20.
In many cases, a security vulnerability can be mitigated without touching the source code of the application. In fact, software product hardening – which tweaks parts of the application to make it more difficult to exploit – can prevent up to 85 percent of known vulnerabilities.
Learn more about Origina’s approach to IBM software security here.
A security vulnerability is a flaw or weakness in a software application which can be exploited by threat actors to gain access to private systems or information.
There are over 50 software security vulnerabilities that are discovered each and every day, according to Imperva. These vulnerabilities can range from critical weaknesses which require patches from the software’s vendor to fix, to low-priority errors which can be mitigated through practical techniques like security hardening and stronger configurations. Access to the source code of the application isn’t always a requirement for protecting against a security vulnerability.
Origina protects customers from security vulnerabilities within their IBM software through a layered approach to cybersecurity that’s consistent with advice from the leading cybersecurity frameworks in the world. Origina implements strong security controls through a variety of techniques which combine to provide greater protection against the most common security vulnerabilities.
With more comprehensive protection being applied to the endpoints which may be exploited, companies avoid using security patches as a silver bullet – i.e., the last line of defense against a vulnerability. In fact, a layered approach to defending against security vulnerabilities is akin to a proactive (or preventative) cybersecurity strategy. Security patches, in this regard, are associated with a reactive strategy.
Learn more about Origina’s layered approach to cybersecurity here.