This blog post was written by Teresa Wingfield.
The frequency of database and application vulnerabilities is increasing. Testing and deploying vendor-issued patches is an ongoing, arduous process that results in a time window of system vulnerabilities that exists until IT staff can bring business-critical databases and applications off-line and deploy patches. The longer the vulnerability window the greater the security risk.
Traditional Patch Management Challenges
With the growth of vulnerabilities, many organizations struggle when using traditional patch management strategies for remediation. Our new white paper from Aberdeen Group, “Beyond the Patch: Reducing the Risk of Database and Application Vulnerabilities” identifies the key shortcomings of traditional patch management that make remediation so painful:
- Vendor patches may not be available
- Vendor patching may not be possible or practical
- Vendor patching is costly, time consuming and inconvenient
- Vendor patching does not support up-to-date visibility into what’s happening in your environment
In fact, Aberdeen found that in a $100 million company with 100 database instances, vendor patching over the course of one year is likely to be complex and time consuming. A Virtual Patching Strategy
This New Year you may want to try a different patch management approach. In comparison to traditional vendor patching, virtual patching can be a highly effective strategy for addressing both the likelihood and business impact aspects of security-related risk. Aberdeen defines virtual patching as establishing a policy enforcement point that is external to the resource being protected to identify vulnerability exploits before they reach their target. Virtual patch management offers the following benefits:
- Automatic updates since direct modifications to resources being protected are not required.
- Reduced risk since virtual patching reduces the window of vulnerability when vendor patching is not available, not possible, not practical, or deferred to avoid cost and inconvenience.
- Lowers business impact because virtual patching reduces lost user productivity and lost revenue during the time that databases and applications are disrupted by traditional vendor patching.
A Virtual Patching Solution
McAfee Virtual Patching for Databases shields databases from the risk presented by unpatched vulnerabilities by detecting and preventing attempted attacks and intrusions in real time without requiring database downtime or application testing. This virtual patching solution also helps you continue to protect databases running old database management system (DBMS) versions that are no longer supported by the vendor, adding to the useful life of legacy databases and saving your organization time and money.
McAfee Virtual Patching Advantages
- Gain protection from threats even before installing vendor released patch updates
- Eliminate the need for IT and security teams to have DBMS–knowledge
- Keep production databases online, thanks to non-intrusive software design
- Protect databases seamlessly with automatic distribution of ongoing updates
- Facilitate compliance with standards such as PCI DSS, HIPAA, and others