Innovative virtual patching provides broad, easy to apply and faster time-to-protect database security as compared to traditional software vendor patching; New product part of Company’s Global Security Services solutions
LAS VEGAS, June 7, 2017 – Rimini Street, Inc., a global provider of enterprise software products and services, and the leading independent support provider for Oracle and SAP products, today announced the launch of Rimini Street Advanced Database Security. The product, available today and enhanced with technology from McAfee, one of the world’s leading cybersecurity companies, is a new, next-generation database security solution that protects databases from known and unknown vulnerabilities by monitoring and analyzing database communications traffic, and blocking attempted attacks before they reach the database.
Rimini Street Advanced Database Security provides users with a fast time-to-protect the database in comparison to traditional software vendor patching. Traditional vendor patching is often ineffective due to late patch delivery, complexity to apply code patches, and the expense of regression testing existing code. Rimini Street Advanced Database Security is immediately available for Oracle, SAP, IBM and Microsoft databases under support contracts with Rimini Street.
The Rise of Virtual Patching
Sometimes known as “external patching” or “vulnerability shielding,” virtual patching establishes a protective policy enforcement gateway that is outside the resource being protected and works to identify and intercept attempted exploits of vulnerabilities before they reach their target. With virtual patching, direct modifications to the resource being protected are not required, and updates can be automatic and adapt to continuously evolving threats. When a security attack vector is blocked using virtual patching solutions, traditional vendor software patching can become redundant or irrelevant.
Virtual patching can be more comprehensive, more effective, faster, safer and easier to apply than traditional vendor patching, and provides organizations a faster time-to-protection against vulnerabilities with a more cost-effective solution, without any need to impact production systems. With traditional vendor security patching models, there is an inherent risk that code patches will cause new, unforeseen issues with core business systems. Virtual patching does not require the extensive, time-consuming and costly regression testing that must be performed across every instance and release level, and with each code patch being introduced into mission-critical production systems.
The Fall of Traditional Vendor Security Patching
Security professionals have found that traditional vendor security patching models are outdated and provide ineffective security protection due to late delivery of patches, complexity to apply patches and the expense of regression testing — leaving enterprise systems vulnerable for months, sometimes even years. In fact, many companies only apply security patches once per year — if at all — due to the significant downtime, labor and cost. With a half-life of vulnerabilities being less than 30 days, the majority of cyber-attacks happen before a patch is released by the database software vendor.1
According to the Aberdeen Group:2
- There is often a significant lag time between the public disclosure of a vulnerability and the availability of a patch from the vendor, which can leave many enterprise systems vulnerable for months.
- 42% of known database vulnerabilities are not addressed by vendor patching within a year.
- In addition to the delayed release of patches, the time required and business disruption created in applying vendor delivered security patches leads many organizations to delay or forgo altogether applying these patches.
- The cost involved to apply the patches to their database environment is also an inhibitor.
- Research data highlights that for a mid-size company with 100 database instances, the traditional vendor security patching model has a median business cost of around $4 million.
“The new Rimini Street Advanced Database Security product provides a holistic and highly effective level of security protection for database customers of any size in comparison to traditional vendor patching methodologies,” said Brian Day, president, Mercury Technology Group. “We are deploying this virtual patching capability on behalf of joint customers with Rimini Street, and we are impressed with the speed of protection and comprehensive coverage of this integrated database security solution.”
Rimini Street Global Security Services
As part of its robust support services, Rimini Street helps its clients identify, mitigate and protect against security risks and vulnerabilities, and achieve a more secure application and technical environment through strategic consultation, recommendations and partner solutions — such as the Rimini Street Advanced Database Security. Launched in 2015, Rimini Street Global Security Services (GSS) is a team of expert security engineers and architects led by Josh Sosnin. Mr. Sosnin has more than 15 years of global experience in information security and IT compliance, and holds various security and audit certifications, including CISSP, CISM, and CISA. Prior to joining Rimini Street, he served as Chief Information Security Officer (CISO) for Aramark (NYSE: ARMK), a $15 billion, Fortune 500 company with nearly 300,000 employees.
“Today we have delivered a comprehensive, cost-effective and advanced database security solution, enhanced with technology from McAfee, that moves past the weaknesses, challenges and pitfalls of traditional vendor security patching,” said Mr. Sosnin. “Rimini Street supports some of the largest companies in the world who are operating some of the most expansive and complex IT infrastructures globally — including thousands of database instances. In a world of evolving threats, we are committed to being at the forefront of innovative security strategies and solutions, such as holistic security and virtual patching, both of which are leveraged in our new Rimini Street Advanced Database Security.”
1Qualys Research, “The Laws of Vulnerabilities 2.0,” 2009
2Aberdeen Group, “Beyond the Patch: Reducing the Risk of Database and Application Vulnerabilities,” October 2016 and Aberdeen Group, Virtual Patching and Database Security: An Effective Compensating Control, April 2013