Virtual Patching for CVE Gaps, Unpatchable Vulnerabilities, and Uncertain Times - Atomicorp - Own Your Security. Protect Your Data.

By Michael Shinn

Atomicorp WAF-based virtual patching provides a timely safety net when vulnerability data is lacking or CVE fixes impossible.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has increased its role in NIST NVD and MITRE CVE program management in 2025. This is part of a stated effort to improve data quality and emphasize modernization and international participation in its “Quality Era.” However, the transition period of reformation has caused anxiety related to NVD and CVE funding and raised questions about possible interruption to known vulnerability data streams.

In times of uncertainty or when no patch is available or time is limited, organizations can manage risk by adding virtual patching to their vulnerability programs. Virtual patching acts like a temporary patch to quickly shield systems and data from exploitation of unpatched, unknown, or misconfiguration vulnerabilities until a real patch can be applied. It’s crucial for protecting weak default settings, unsupported “WontFix” software, and end-of-life systems, and as a defense-in-depth measure against zero day vulnerability exploitation.

Virtual Patching—for When Traditional Patching Won’t Do

Virtual patching can be achieved through Atomicorp’s advanced web application firewalls (WAF) products and WAF capabilities, enabling real-time software and web application protection.

Atomicorp WAF solutions enable customers to incorporate virtual patching into near- and long-term plans as part of a defense-in-depth security strategy to reduce risk from unpatched systems. So, if there is a hypothetical CVE data stream crisis, virtual patching can help organizations to secure their IT data and OT infrastructures without having to individually address specific CVEs. 

Short Term Actions 

Atomicorp recommends that enterprise and federal agencies:

• Continue to actively manage CVE data streams and patching programs—and don’t leave unsupported, unpatchable, or legacy and EOL software unmonitored.
• Prepare for potential CVE data disruptions and gaps in coverage by implementing contingency plans leveraging multiple data sources and redundancy in vulnerability detection systems.
• Mitigate against potential vulnerability exploits for which there is no CVE record, known vulnerability or patch through virtual patching. It’s easy and inexpensive—Schedule a Demo.
• Address unpatchable flaws on vulnerable systems with virtual patching, which blocks exploitation attempts at the network level without changing the original code. This non-intrusive method works by filtering malicious traffic through firewalls, web application firewalls (WAFs) and intrusion prevention software. It’s ideal for phased rollout and legacy system defense, where patches are unavailable or impossible.

Long Term Actions 

• Continue to identify where virtual patching can complement traditional patching programs, such as on software systems that can’t be patched or during CVE data stream interruptions or internal patching delays.
• Tap into additional sources of global intelligence such as Atomicorp, OSSEC, ModSecurity, and vulnerability and weakness databases to target vulnerability exploitations at the Common Weakness Enumeration (CWE) level, where each CWE addresses thousands of vulnerabilities.
• Detect and identify vulnerable, unpatchable, and unsupported legacy and end-of-life software and firmware systems in your computing environment and remediate through Atomicorp virtual patching and firewall and intrusion prevention functions.

Learn how to apply virtual patching. Contact Us.

Atomicorp Virtual Patching: Address Unpatchable, Unpredictable . . . 

With virtual patching, a user organization can remediate against the unpredictable in addition to the unpatchable. Virtual patching provides a key element in a defense-in-depth strategy for protecting systems for which patches don’t exist, are too slow in becoming available, or are too difficult or impossible to patch. 

Move beyond just patching. Atomicorp’s web application firewall (WAF) solutions mitigate the problem of unpatchable software and enable MITRE Common Weakness Enumeration (CWE) response through WAF capabilities such as traffic inspection, deep filtering, malware detection and blocking, IP whitelisting, virtual patching, and more. 

Discover what our enterprise WAF solution, Atomic WAF, can do.

Request a Demo

Preemptive Vulnerability Resolution

Atomic ModSecurity Rules and Atomic WAF block and defend against whole categories of attack methods and threats that patching programs can’t cover. Be able to:

• Identify and resolve uncategorized vulnerabilities, including overarching MITRE CWE level weaknesses.
• Harden security configurations and controls against uncategorized and zero day vulnerabilities and for unsupported and end-of-life software that can’t be patched.
• Detect malicious payload signatures and anomalous behavior in real time.
• Take the pressure off end users by blocking many social engineering and phishing attacks before the deception and payload lands in their in-boxes.

Atomic ModSecurity Rules and WAF for All Size Users

Atomicorp offers ModSecurity-based solutions to protect applications and APIs running on Apache, IIS, and Nginx web servers. These rich WAF rulesets and WAF solutions protect applications such as websites, content management systems, web hosting control panels, reverse proxy servers, containers, and more.

Check out our Atomic ModSecurity solutions for the web application firewall ruleset or WAF solution that’s right for you.

Try Atomic ModSecurity Rules

Monthly subscription is $22.50 per server. Volume discounts available. Want to try it out first? It includes a free 14 day trial.