PROTECT
ORIGINA'S VULNERABILITY SHIELDING
AT ORIGINA, WE BELIEVE THAT PROMPT PATCHING OF THE IBM SOFTWARE ESTATE IS AN EFFECTIVE AND PRACTICAL APPROACH TO MITIGATING EXPOSURE TO SECURITY VULNERABILITIES.
We also know that patching is not always possible, or even practical, in a complex production environment.
New vulnerabilities are discovered every day but, unfortunately, vendor-issued software patches are not always available. As a result, IT teams struggle to keep pace with traditional patch management strategies along with all the other business constraints.
Virtual patching creates a security shield around applications that require protection. Virtual patching establishes a security policy that identifies and intercepts exploits of vulnerabilities before they reach the target application.
+
+
Custom
Virtual Patches
WHY ORIGINA GIVES YOU MORE
Our Vulnerability Shielding service provides several distinct advantages over vendor-supplied patches in helping you to defend against known and emerging security vulnerabilities.
IBM
ORIGINA
Patches for new security vulnerabilities may not be available from IBM for End of Support (EoS) product versions.
Patches for new security vulnerabilities may not be available from IBM for End of Support (EoS) product versions.
If a patch is available, it may not be released for
several weeks or even months after the
identification of the exploit.
IBM’s X-Force 2012 Mid-Term Risk Report
identified that 42% of all vulnerabilities disclosed
that year still had no patch available at year end.
Development of a virtual patch for our Vulnerability Shielding solution can be completed in a number of hours rather than the days or weeks it can take to develop a patch using traditional coding methods.
Products divested to another vendor and source code not available.
Origina’s Vulnerabiltiy Shielding provides a solution to mitigate new and existing vulnerabilities without requiring modifications to the software program being protected.
The patching process is notoriously time consuming, requiring assessment, analysis, testing, remediation, and implementation.
Simplified implementation methodology involving import and activation of virtual patch rules.
The business impact of planned, or unplanned, downtime can be costly for a business, in terms of lost revenue, reduced user productivity, brand damage, and more.
No requirement for system downtime or prerequisite software patches. Virtual patches can be imported and enabled seamlessly while systems remain online.
Security updates come as bundles and can therefore affect existing services and must be rigorously tested. Bundled fixes can require upgrades or the reconfiguration of systems/ applications to resume required functionality.
Virtual patches are detection rules designed to identify a specific attack vector and do not interfere with the software program code base, unlike traditional software patches.
HOW DOES VULNERABILITY SHIELDING WORK?
Origina arranges installation of the ModSecurity engine by using one of two deployment methods, either embedded in your environment or configured as a reverse-proxy. We then import and configure the OWASP Core Rule Set into the modSecurity engine. When enabled, any vulnerabilities that are identified in the data stream are mitigated before they reach the target application by using the appropriate virtual patch.
For IBM applications that are not covered by the OWASP Core Rule Set, custom virtual patches that are created by Origina can be imported to provide continued protection against new and emerging threat
There is a choice of implementation approaches:
Embedded Mode
Reverse-Proxy Mode
CUSTOMER EXAMPLE
Vulnerability Shielding is effective in defending against known vulnerabilities where a patch is not available from the vendor.
In this example, the latest, fully patched version of IBM® Websphere® Application Server v8.5.5.17 is deployed within the customer’s environment to host business applications.
The customer performed a vulnerability scan of the server and discovered eight high severity vulnerabilities.
THE SOLUTION
get better software support for your business
See how much you could save by switching to Origina