DEF CON , Events , Governance & Risk Management

Fixing Unpatched Vulnerabilities Without Traditional Patches

Cato Networks Leader Etay Maor Explains Why Old Vulnerabilities Still Pose a Threat
Etay Maor, chief security strategist, Cato Networks

Threat actors continue to exploit known vulnerabilities such as Log4j in large enterprises, often with devastating consequences, said Cato Networks Chief Security Strategist Etay Maor.

See Also: How Enterprise Browsers Enhance Security and Efficiency

Many organizations struggle to patch intricate, complex systems or to identify vulnerabilities in third-party components amid unpredictable risks, and Maor urged companies to adopt virtual patching and cloud-based systems. Virtual patching helps mitigate risks from vulnerabilities without directly applying patches - focusing on blocking exploitation attempts rather than resolving the underlying flaw, he said (see: Why Are Security Fears About ChatGPT So Overblown?).

"You don't actually patch the vulnerability, but you're protecting your systems against the exploitation of that vulnerability," Maor said. "The systems might be vulnerable, but the attack will never reach them because the virtual patching prevents the actual exploitation, the actual attack."

In this video interview with Information Security Media Group at DEF CON 2024, Maor also discusses:

  • The persistent challenge of patching known vulnerabilities such as Log4j;
  • The effectiveness of virtual patching in mitigating exploitation risks;
  • How enterprises can manage risks from AI applications and IntelBroker.

Prior to joining Cato Networks in 2021, Maor was the chief security officer for IntSights, where he led strategic cybersecurity research and security services. Maor has also held senior security positions at IBM, where he created and led breach response training and security research, and RSA Security's Cyber Threats Research Labs, where he managed malware research and intelligence teams.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.