Virtual just in time patching

Virtual Just In Time patching – how it works

One of the benefits of having the Secure Account option for your hosting is that it protects your website against new vulnerabilities discovered/disclosed for the applications you use. For example, Drupal 7.38 came out this morning with critical security updates, which leaves your Drupal 7 website vulnerable until you apply the security update. The Virtual Just In Time security is a set of firewall rules that filter all traffic received on your website. It detects and stops any attempt to exploit those vulnerabilities at the server level so that your website stays protected! We still recommend to apply security patches for your web application to enable the security at every level, however, the Secure Account option gives you time to do this when it suits you while protecting your website against the new web application vulnerabilities discovered. The Virtual Just In Time patching system updates every hour and works 24/7 for you.

The Virtual Just In Time patching is available to our Managed Secure Hosting and Shared (cPanel) plans when you select Account Vault option during the checkout process.



The value of Virtual Just In Time patching

Even in situations where an official patch is available, or a source code fix could be applied to a custom coded application, the normal patching processes of most organisations is time-consuming. This is usually due to the extensive regression testing required after code changes. It is not uncommon for these testing dates to be measured in months. For example, the Symantec Internet Threat Report stated that the average time it took for organisations to patch their systems was 55 days, while the Whitehat Security Web Security Statistics Report documented that their customers time-to-fix average were 138 days to remediate SQL Injection vulnerabilities found in their web applications. Now contrast this patching data with the fact that Symantec also reported that it only took an average of 6 days for exploit code to be released to the public and it becomes clear that traditional source code patching processes are not adequate. The Virtual Just In Time patching provides an immediate solution to protect your web application while the official security patch is being applied.

Posted in Announcement and tagged .