If you can’t wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives.
The feature, called virtual patching, comes with the newly released version 2 of the company’s Web Application Firewall, a set of software for securing Web applications against malicious behavior.
Virtual patching can address one of the most thorny problems in enterprise IT security, that of protecting against a recently discovered software flaw. Sometimes attackers can start misusing a software bug as soon as it is discovered —- this is called a zero day flaw.
“Engineering teams can take a long time to fix a problem. Until then, security guys will have sleepless nights worrying about a vulnerability anybody can exploit,” said Sumedh Thakar, Qualys chief product officer.
Commercial enterprises continue to be dogged by unrecognized vulnerabilities in their Web applications, which can be used by attackers to gain entry to internal networks or disrupt operations. More than a third of the one million most highly trafficked Web sites are vulnerable to compromise due to unpatched or misconfigured software, a March 2015 survey from IT security firm Menlo Security firm found.
Qualys’ firewall can be installed as a virtual image on a server that also runs Web applications. The firewall serves as a proxy, examining all incoming traffic, looking for malicious code that could take advantage of software defects, application framework flaws, Web server bugs, and even improper configurations.
To identify malicious traffic the software pulls updates about the latest vulnerabilities from Qualys, and incorporates results from the security scan of the customer’s network, Thakar said.
The firewall was designed to block network traffic that looks suspicious, such as a great deal of traffic from a single Internet address. The virtual patching capability is an additional control measure, one that allows the administrator to set up blocking rules around a specific application.
If a potential vulnerability is found, the administrator is notified through a Web-based console. There, an option is presented to apply a virtual patch to the trouble spot, meaning that traffic going to that part of the application will be inspected to ensure that the vulnerability is not being exploited.
For instance, if an input form for collecting birth dates has been found to accept non-numeric characters, a virtual patch can be applied to block any input to the form that has non-numeric characters. This would prevent an attacker from injecting database commands into the system by way of the form.
The Qualys Web Application Firewall is available for an annual subscription of US$1,995, for small businesses, and $9,995 for larger enterprises based on the number of web applications and virtual appliances.
The Web Application Firewall was one of a number of upgraded and new products Qualys announced at the RSA Conference, held this week in San Francisco. The security company updated its Continuous Monitoring software to watch against threats in the internal network, in addition to the network perimeter it was designed to oversee. The company also released its Cloud Agent Platform, a set of technologies for outfitting devices with software to watch for potential security threats.