ERP Security Solutions – Traditional Patching versus Virtual Patching
29th January 2018
Oracle and SAP regularly provide security patches for their current product versions to protect their customers from new security vulnerabilities as they arise. In the past, this approach was “best practice” but largely because it was the only choice.
This method of security patching is hopelessly out of date; it is dependent on the vendor identifying loopholes within their code. Often, vendors identify these because one or more of their customers has suffered an attack. This is a very reactive approach. What’s more, the vendors only provide patches for the latest supported versions of their software. Almost all customers run a variety of older software versions and are quite happy with them, except of course for the lack of any security updates from the manufacturers. See recent critical security flaw in Oracle Identity Manager and critical PeopleSoft applications vulnerability articles published by Computing.
“Vendor security patching is like finding that you have a leaky dam and plugging the holes as and when they appear by sticking your fingers in them”
Mark Smith, CEO Support Revolution speaking at the Gartner Summit, on 21st September 2017 in London
Traditional software vendors have done their best for many years and provided fixes for many security vulnerabilities in their products. The trouble is that customers cannot possibly keep up with the speed that threats are appearing, otherwise they would need to constantly patch or upgrade every system that they have. This is not feasible; applying vendor patches to test systems, going through system testing, user acceptance testing and then rifling these changes through the various environments before they get onto the live system is a huge and onerous task.
But there is a solution. It’s obvious really when you think about it. You put in a new dam upstream of the old leaky dam.
In IT terms, this means putting protection all around your systems to protect them and then apply updates to that “fence”, therefore protecting everything within it. Simple.
Support Revolution’s “Advanced Security” is based on Trend Micro’s Deep Security solution which works in exactly this way. Deep Security was rated #1 in the Gartner Magic Quadrant for Endpoint Protection Platforms.