New tools are starting to become available to IT managers who are looking for ways to protect their systems from worms and other attacks while they work to test and install security patches issued by software vendors.
For example, Blue Lane Technologies Inc., a startup in Cupertino, Calif., this month introduced a security appliance called PatchPoint that addresses specific vulnerabilities in Windows and other products. But instead of requiring users to install software on their systems, PatchPoint sits in front of servers and mimics the full functionality of vendor-issued patches. The approach is designed to let IT staffs “hold down the fort” until they’re ready to apply the actual patches, said Jeff Palmer, Blue Lane’s president and CEO.
Redwood City, Calif.-based Determina Inc. this month announced software that has a similar goal. For the past year, Determina has been selling a “memory firewall” technology that’s designed to run inside an application’s memory and prevent any activity that’s deemed to be inconsistent with normal behavior.
Determina’s new Vulnerability Protection Suite combines the memory firewall with a real-time flaw-remediation tool. But unlike Blue Lane’s approach, Determina’s product works by applying very small bits of corrective code to fix the underlying vulnerability on the server. “The code is literally on the order of a couple of bytes,” said Determina CEO Nand Mulchandani, adding that systems administrators can install and uninstall the code “at the click of a button.”
Such products can buy IT managers the time they need to do the required amount of regression testing and analysis work on patches, said Christofer Hoff, director of enterprise security services at Western Corporate Federal Credit Union in San Dimas, Calif. WesCorp is an early user of Blue Lane’s technology.
The credit union has suffered its share of problems with patches that failed to deploy properly or ended up impairing critical IT services, according to Hoff.
“The dilemma has been in deciding whether the risk associated with an unpatched vulnerability is greater than that associated with deploying an untested patch,” Hoff said. He added that Blue Lane’s appliance saves him from having to make an either/or decision.
Richard Ptak, an analyst at Ptak, Noel & Associates Inc. in Amherst, N.J., said that with hackers taking advantage of new software flaws more and more rapidly, IT staffs are coming under increasing pressure to deploy patches as quickly as they can — often without appropriate testing.
“On the one hand, you want to protect your resources,” Ptak said. “On the other, you don’t want to run the risk of messing up your production environment.”
Determina’s software supports only Windows servers, while Blue Lane’s appliance also works with Sun Solaris systems as well as Oracle databases and the Apache open-source Web server. PatchPoint pricing starts at US$30,500. Determina’s software starts at US$750 for each protected server.