A New Year with No Patch Management Hangover

By on

This blog post was written by Teresa Wingfield.

The frequency of database and application vulnerabilities is increasing.  Testing and deploying vendor-issued patches is an ongoing, arduous process that results in a time window of system vulnerabilities that exists until IT staff can bring business-critical databases and applications off-line and deploy patches. The longer the vulnerability window the greater the security risk.

Traditional Patch Management Challenges

With the growth of vulnerabilities, many organizations struggle when using traditional patch management strategies for remediation.   Our new white paper from Aberdeen Group, “Beyond the Patch: Reducing the Risk of Database and Application Vulnerabilities” identifies the key shortcomings of traditional patch management that make remediation so painful:

  • Vendor patches may not be available
  • Vendor patching may not be possible or practical
  • Vendor patching is costly, time consuming and inconvenient
  • Vendor patching does not support up-to-date visibility into what’s happening in your environment

In fact, Aberdeen found that in a $100 million company with 100 database instances, vendor  patching over the course of one year is likely to be complex and time consuming. dbpatchingstatsA Virtual Patching Strategy

This New Year you may want to try a different patch management approach.  In comparison to traditional vendor patching, virtual patching can be a highly effective strategy for addressing both the likelihood and business impact aspects of security-related risk.  Aberdeen defines virtual patching as establishing a policy enforcement point that is external to the resource being protected to identify vulnerability exploits before they reach their target.  Virtual patch management offers the following benefits:

  • Automatic updates since direct modifications to resources being protected are not required.
  • Reduced risk since virtual patching reduces the window of vulnerability when vendor patching is not available, not possible, not practical, or deferred to avoid cost and inconvenience.
  • Lowers business impact because virtual patching reduces lost user productivity and lost revenue during the time that databases and applications are disrupted by traditional vendor patching.

A Virtual Patching Solution

McAfee Virtual Patching for Databases shields databases from the risk presented by unpatched vulnerabilities by detecting and preventing attempted attacks and intrusions in real time without requiring database downtime or application testing. This virtual patching solution also helps you continue to protect databases running old database management system (DBMS) versions that are no longer supported by the vendor, adding to the useful life of legacy databases and saving your organization time and money.

McAfee Virtual Patching Advantages

  • Gain protection from threats even before installing vendor released patch updates
  • Eliminate the need for IT and security teams to have DBMS–knowledge
  • Keep production databases online, thanks to non-intrusive software design
  • Protect databases seamlessly with automatic distribution of ongoing updates
  • Facilitate compliance with standards such as PCI DSS, HIPAA, and others


Leave a Comment

Similar articles

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and ...
Read Blog
Here's some cool trivia for you: What profession currently has a zero-percent unemployment rate, pays an average of $116,000 a year, and is among the top in-demand jobs in the world? A lawyer? A pharmacist? A finance manager, perhaps? Nope. The job we're talking about is a cybersecurity specialist and, because of the increase in cyber ...
Read Blog