For years, Patchstack has pushed the boundaries of virtual patching. Over the past two years we have relentlessly innovated to deliver the fastest, most accurate vulnerability-mitigation solution for websites.
Today we are proud to unveil powerful new capabilities that take our mitigation system well beyond traditional virtual patching. And with that, we are excited to introduce RapidMitigate.
Fully programmatic mitigation rules
RapidMitigate makes it possible to deploy fully programmatic rules, each containing multiple complex conditions. Written in a custom JSON format, these rules are consumed by the Patchstack agent’s application-level mitigation engine, which sanitizes vulnerable functions and eliminates threats without touching underlying code.
Dynamic mitigation deployment
Unlike conventional virtual patching products, Patchstack RapidMitigate has deep, real-time visibility into the target application via software composition analysis (SCA). That insight lets us deploy or remove mitigation rules on demand.
Because rules are applied only where needed, we can maintain and automate over 10,000 vulnerability-specific rules - more than ten times the coverage any competitor offers. Traditional regex-based approaches must apply broad rules network-wide, creating performance drag and false positives; RapidMitigate avoids both.
Dynamic mitigation triggering
Session-level visibility allows RapidMitigate to factor in authentication states and other prerequisites, activating a vPatch rule only when conditions for exploitation exist. In some cases, vulnerabilities involve base64 or double-encoded JSON payloads. Our engine can handle these scenarios by applying targeted mutations to request parameters as needed.
This precision has two major advantages:
- It slashes false positives that disrupt admin interfaces.
- it keeps performance overhead to an absolute minimum—rules are evaluated only when a malicious request invokes a vulnerable function.
Even in an extreme case of 100 active vulnerabilities, processing 100 rules adds just fractions of a millisecond.
Multilayer mitigation
RapidMitigate is a hybrid solution: depending on the vulnerability, mitigation can occur at the application layer or one layer earlier in Apache/Nginx. While 99% of WordPress issues are best handled inside the runtime, edge-case vulnerabilities that touch raw PHP files are stopped at the server level.
Powered by Patchstack Threat Intelligence
RapidMitigate ties directly into Patchstack Threat Intelligence. The moment our researchers disclose a new vulnerability; an appropriate rule is automatically deployed.
With more than 800 WordPress plugin developers relying on Patchstack to coordinate responsible disclosure, we deliver the fastest, most comprehensive vulnerability mitigation on the market.
Available to all Patchstack users and hosting companies
RapidMitigate has been merged with virtual patching and is working without any action needed. It will be available on all Patchstack plans and in our web hosting offerings.
