Making a case for virtual patching

The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem.

Dubbed Sentrigo and launched in Nov. 2006, the Israeli firm contends that by adding a layer of host-based activity monitoring and intrusion protection technology on top of almost any commercial database, it can beat back attempts to take advantage of both known vulnerabilities and so-called zero day flaws in the systems.

Rather than struggling to deploy the latest patch from Oracle, IBM, or any other database vendor quickly -- and potentially throwing business-critical systems offline in the process -- Sentrigo executives say that the virtual patching functionality built into its Hedgehog Enterprise package allows companies to stay protected while assessing their options.

While the company is only in the process of signing up its initial customers, its leaders maintain that the firm can quickly become a major player in the database security market simply through the addition of virtual patching to other more traditional tools.

Because the technology sits on top of the database itself and becomes conditioned to the type of activity such a system experiences on a daily basis, the product can easily spot any suspicious commands and block attacks in real time, Sentrigo officials said.

Sophisticated database hacks, often delivered in the form of hard-to-notice Trojan threats, are frequently able to circumvent security systems by laying low until the moment they have been programmed to strike.

By using virtual patching to defend the very flaws such attacks try to take advantage of at the time they are being exploited, said Slavik Markovich, the company's CTO, the problem can be essentially defeated.

"Turnaround of database patch deployment within enterprises can take months as everything is tested, and we also see a lot of vendors re-issuing patches, so there is a lot of grey area that hackers can take advantage of, and we see them actively trying to do this," Markovich said. "Because our technology sits in the database monitoring transactions, it can respond immediately and use virtual patching to contain any vulnerabilities right as they're being attacked."

At least one other company, Blue Lane Technologies, has also begun offering virtual patching tools, but unlike Sentrigo, the vendor has not pieced the application together with other database security applications, such as vulnerability scanning and auditing.

Hedgehog's virtual patching technique works by using a database's operating system to access the machine's shared memory, which it then scans directly, rather than using APIs to query the system, as many rival technologies would.

Selling virtual patching

Markovich said that he completed a straw poll of database administrators at a recent Oracle customer meeting and found that many enterprises were taking months and even years to get security patches in place, which he cited as a serious trend that has not yet received much publicity.