Virtual Patching

How is your team doing for getting systems patched on patch Tuesdays and when other vendors are offering updates?  If you are like most organizations you are probably somewhere between 7 and 28 days for getting patches tested and deployed to your enterprise systems.  This is hardly satisfactory considering the big risk today is zero day attacks. 

But what if you could tighten that timeframe down to 4 hours or even 24 hours?  This is where virtual patching comes in.  Virtual patching is a process of deploying temporary vulnerability protection via intrusion prevention solutions which act to protect those vulnerabilities until such time that your patches are deployed.  Now IPS and HIPS solutions do alot more than just this but strong IPS and HIPS vendors provide near real time vulnerability protection on the big patch release days and enable organizations to rollout this protection in "logging only " mode to ensure that the protection provided by the vendor will not cause any conflicts or DOS.  This logging mode can then be toggled over to prevention mode at any time and subsequently they can be completed turned off if you wish once the patches have been deployed.

Virtual patching is a time saver and an effective way to ensure that your organization has the best protection in the shortest timeframe possible.  We welcome the opportunity to further discuss the suitability of virtual patching to your organization.