Page 84 - Cyber Warnings
P. 84
of applications, operating under critical SLAs, the operational impact will be significant both
financially and temporally.
Virtual Patching
Virtual Patching is the ability to host legacy code within a virtual container that effectively
secures the application as if it was running in an updated and compliant version of the runtime.
This is important for enterprises with mission critical legacy applications that cannot be
upgraded due to technical constraints or lack of expertise.
Every established large IT consuming enterprise has these legacy applications and while there
is always a plan to replace these systems with entirely new applications over time, until they are
replaced they pose a significant risk to the business, risks that may violate the demands of
regulators. More often than not enterprises hit a brick wall where they simply have to
acknowledge that they cannot replace certain components and must resort to mitigating the
risks posed by legacy systems.
RASP implementations with Virtual Patching capability gives the business the option of safely
containing legacy applications, running them on up to date and compliant runtime environments
but without requiring the recompilation or the code changes that would be demanded by a
physical upgrade or having to rush transformation projects to avoid legal and commercial risk.
Virtual Patching can also refer to the ability to replicate the effect of binary patches with RASP.
For example, RASP can be used to replicate CPUs issued by Oracle for Java on a quarterly
basis giving businesses the option of obviating the need to apply CPU binary patches. This is
important for the enterprise as applying binary patches to hundreds or thousands of JVMs can
be complicated process requiring not only engineering resources put also scheduled down time
to affect the patch and allow application teams to complete their testing.
For large enterprises with complex patching processes that demand considerable orchestration
between development teams and operations to organise, this aspect of Virtual Patching
provides considerable cost saving and reduced risk when compared to binary updates.
Depending on the implementation of RASP, Virtual Patching can be a non-intrusive, centrally
manged, operation that can dynamically patch applications without disruption to normal
operation or scheduled down time.
Choosing the Right RASP Implementation
There is considerable variety in the way different vendors implement RASP. Enterprise users
need to consider the impact of integrating and deploying RASP technologies in their IT estates.
Careful consideration needs to be given to the impact of any code or configuration changes that
may be required to enable RASP on the applications that run on their platforms.
Many RASP vendors claim that no code changes are required or that configuration and
performance impact are minimal. However, what may seem to be a trivial code or configuration
change, when scaled to hundreds or thousands of applications can considerably impact the
speed of adoption of RASP.
84 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
