Enterprise Business Products
- Trend Micro Deep Security
  - Protection Modules
    - Vulnerability Gaps

Vulnerability Gaps

Challenge

The process of patching applications—including operating systems, enterprise applications such as database, email and FTP servers, ERP or CRM applications, as well as custom web applications—can be disruptive and expensive:

Patches need to be properly tested, installed, and documented before they’re deployed. Often it can be months before patches are made available by vendors. Your Service Level Agreements with customers, pertaining to up-time, can impair your ability to quickly deploy necessary patches.

In the case of custom-built web applications, the developers with the necessary subject matter expertise may not be available to fix the application: they may be busy with other projects, or no longer with the company.

A vulnerability gap exists between the time the vulnerability is first discovered, and the time that it is patched or shielded. In many cases, this gap can extend for weeks or months before it is deployed to all production systems. In most cases, systems need to be rebooted to apply the patch, and it can be weeks or months before a suitable window of opportunity is available to do this with a mission critical system.

During this gap, critical systems, applications and data are vulnerable to attacks.

Solution

Trend Micro’s best-of-breed host intrusion defense system provides a virtual patch that complements your normal patching process. It allows organizations to avoid emergency, event-driven patching costs by shielding newly discovered vulnerabilities until the appropriate patch is developed, properly tested and deployed.

Provides out-of-the-box protection for over 100 commercial off the shelf enterprise applications, including servers (database, web, FTP, mail, DNS), desktops (web and email clients, plug-ins, Microsoft Office), and web applications.

Filters that shield newly discovered vulnerabilities are automatically delivered within hours, and can be pushed out to thousands of hosts in minutes, without a system reboot. This dramatically reduces the vulnerability gap, and allows organizations to deploy patches more efficiently, on a scheduled basis.

Once the vendor-supplied patch is deployed, the filters can be turned off, to help maximize system performance.