Sentrigo today rolled out a stopgap measure of sorts for the treacherously long period between a database vulnerability discovery, patch creation, and deployment. The new Hedgehog vPatch software, which is a spinoff of the database security firms existing database monitoring software, detects exploits against newly discovered and known bugs.
This so-called virtual patch agent software resides on the database itself and generates alerts, and can shut down or quarantine a user session in Oracle and Microsoft databases. But Slavik Markovich, CTO of Sentrigo, says Hedgehog vPatch is no substitute for actually patching a vulnerability. Were not saying dont deploy patches. We tell our customers to deploy them, Markovich says. We recommend that they deploy them as fast as they can.
But in reality, few organizations patch thoroughly, or at all, notes Markovich. In a survey Sentrigo conducted earlier this year of over 300 Oracle database administrators, consultants, and developers, only ten percent of them say they expediently install Oracle Critical Patch Updates (CPUs) after an Oracle quarterly patch release.
Sentrigos virtual patching software is aimed at firms that arent able to sufficiently keep up with the patch cycle or must delay patching because they cant disrupt their business applications at that time, for instance. The softwares announcement coincides with the release of Oracles quarterly CPU today .
Its [Hedgehog vPatch] either [for] a stopgap, or good for legacy systems you cant patch," says Rich Mogull, founder of Securosis. "A lot of outdated apps rely on old versions of the database.
The software watches the database memory and inspects each transaction, says Sentrigos Markovich, and includes protection from pervasive SQL injection attacks. Hedgehog vPatch is priced at $750 per CPU for a one-year subscription.
Kelly Jackson Higgins, Senior Editor, Dark Reading