A replay of a live DBTA webcast on overcoming gaps in database patch deployment is available on-demand on the DBTA website. Presented last week by former Citicorp CISO Mike Stiglianese and Sentrigo vice president of marketing Andy Feit, and hosted by Tom Wilson, president of DBTA and Unisphere Research, the webcast covered why organizations find it so difficult to patch databases in a timely manner, often delaying patch deployment by weeks, months and even years; the risks to data security that delays create; best practices for patch deployment; and why the use of virtual patching offers a compelling case for database security.
Ironically, said Stiglianese, the risk to organizations is the greatest right after a patch is announced up to the time that patch is implemented because once the new vulnerability becomes widely known, hackers begin actively working on how to exploit it.
Sentrigo's vPatch, a virtual patch solution, identifies and prevents in real time attempts to hack into the database; and does so without change to database binaries or disrupting database operation. In addition, vPatch protection is continuously updated.
With vPatch, a small sensor is installed on each database server, as opposed to monitoring the network, Feit explained. By being a host-based patch, it is the closest to a real patch, Feit said. "Ideally, our recommendation is to apply every patch as soon as you possibly can. It is going to be safest if you can do that. But we know that most organizations can't possibly do it inside of a number of days. A lot of organizations, the bulk of them, can't do it within a matter of weeks and for many organizations, it is more than 3 months."
The presentation explained in detail the benefits of virtual patching and also featured a case study on how a regional bank used Sentrigo Hedgehog vPatch to meet a compliance audit's patching requirements.
To access this webcast replay, go here.