February 23, 2011
By: Dan Sarel
Hedgehog vPatch is useful for data centers
It boils down to providing protection for databases during a crucial period of time. Patches are regularly issued by database vendors to address known vulnerabilities in their DBMS software. But for a variety of reasons, enterprises are not always able to install those patches in a timely manner; often, they are not installed at all. Yet, once the patch is released, hackers know about the weakness, and can exploit systems that are not yet patched, gaining access to sensitive records. That’s where vPatch comes in. It gives organizations a reliable way to protect their databases and bridge the security gap that exists between the issuance of vendor patch updates and the actual installation of those patches.
The Hedgehog vPatch
Hedgehog vPatch, now called McAfee Virtual Patching for Databases, is based on database patching that Sentrigo pioneered in 2008 when it unveiled virtual patching technology. It combines a small non-intrusive sensor on each database server with a set of frequently updated rules to detect in memory any attempts to exploit known vulnerabilities as well as common hacking techniques. The system can be configured to respond in a variety of ways: issuing a real-time alert, terminating the session, placing the user in quarantine and updating the enterprise firewall to block access from the source IP address. Sentrigo updates the virtual patching rules when we discover new vulnerabilities, when new vulnerabilities are made public, and when each new vendor patch is released, to protect customer systems from the latest exploits.
Benefit for data center/IT managers
In addition to protecting databases during the critical period in between the issuance of vendor patches and the actual installation of those patches, Hedgehog vPatch solves two of the major problems that delay and often prevent the installation of vendor patch updates. Because the Hedgehog sensor is read-only and installed as a user process, it doesn’t make any changes to the DBMS software itself. Therefore, it does not require any database downtime, and does not require the same level of application testing that a physical patch requires – major reasons many organizations delay patching.
An additional benefit of virtual patching is that the system can protect older versions of databases that are still in use in the organization, yet are no longer supported by vendor patches. This can be a significant issue, as frequently the vulnerability discovered in the current release of a DBMS is also present in earlier versions, but without a patch the system is at risk.