Rimini Street announced the launch of Rimini Street Advanced Database Security – powered by McAfee.
The product is a new, next-generation database security solution that protects databases from known and unknown vulnerabilities by monitoring and analyzing database communications traffic, and blocking attempted attacks before they reach the database using “virtual patching.”
Virtual patching provides database users with a faster time-to-protect the database in comparison to traditional software vendor patching. Traditional vendor patching is often ineffective due to late patch delivery, complexity to apply code patches, and the expense of regression testing existing code.
Rimini Street Advanced Database Security, is immediately available for Oracle, SAP, IBM and Microsoft databases under support contracts with Rimini Street.
The Rise of Virtual Patching
Sometimes known as “external patching” or “vulnerability shielding,” virtual patching establishes a protective policy enforcement gateway that is outside the resource being protected and works to identify and intercept attempted exploits of vulnerabilities before they reach their target.
With virtual patching, direct modifications to the resource being protected are not required, and updates can be automatic and adapt to continuously evolving threats.
When a security attack vector is blocked using virtual patching solutions, traditional vendor software patching can become redundant or irrelevant.
Virtual patching is often more comprehensive, more effective, faster, safer and easier to apply than traditional vendor patching, and provides organizations a faster time-to-protection against vulnerabilities with a more cost-effective solution, without any need to impact production systems.
With traditional vendor security patching models, there is an inherent risk that code patches will cause new, unforeseen issues with core business systems.
Virtual patching does not require the extensive, time-consuming and costly regression testing that must be performed across every instance and release level, and with each code patch being introduced into mission-critical production systems.
The Fall of Traditional Vendor Security Patching
Security professionals have found that traditional vendor security patching models are outdated and provide ineffective security protection due to late delivery of patches, complexity to apply patches and the expense of regression testing – leaving enterprise systems vulnerable for months, sometimes even years.
In fact, many companies only apply security patches once per year – if at all – due to the significant downtime, labor and cost.
With a half-life of vulnerabilities being less than 30 days, the majority of cyber-attacks happen before a patch is released by the database software vendor.
According to the Aberdeen Group:
- There is often a significant lag time between the public disclosure of a vulnerability and the availability of a patch from the vendor, which can leave many enterprise systems vulnerable for months.
- 42% of known database vulnerabilities are not addressed by vendor patching within a year. In addition to the delayed release of patches, the time required and business disruption created in applying vendor delivered security patches leads many organizations to delay or forgo altogether applying these patches.
- The cost involved to apply the patches to their database environment is also an inhibitor.
- Research data highlights that for a mid-size company with 100 database instances, the traditional vendor security patching model has a median business cost of around $4
“The new product provides a holistic and highly effective level of security protection for database customers of any size in comparison to traditional vendor patching methodologies,” said Brian Day, president, Mercury Technology Group.
“We are deploying this virtual patching capability on behalf of joint customers with Rimini Street, and we are impressed with the speed of protection and
comprehensive coverage of this integrated database security solution.”