Sometimes there is no security patch available to directly modify and harden a legacy product. But a so-called “virtual patch” can address a known vulnerability upstream of the insecure application itself. For example, legacy database products can be vulnerable to SQL injection attacks – when a query sent to the database sneaks in syntax which tricks the database into modifying or revealing otherwise protected data. A virtual patch could consist of rules in a firewall packet inspector or web server which look for and detect SQL injection syntax and block the request before it ever reaches the vulnerable legacy product.