News of the Apache Log4j vulnerability exploit came on December 9th, and is striking fear into the software world, for both vendors and users. Log4j is the most popular java logging service with over 400,000 Github downloads; Log4j has been embedded in hundreds of Internet services and products from companies all over the world, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and many more.
Exploiting this vulnerability is simple and allows threat actors to bypass authentication, control java-based web servers via numerous device types (see diagram to the right) and launch remote code execution attacks. New variations of the original exploit are already being introduced – over 60 in less than 24 hours. The attack surface grows by the minute. Good credential management and advanced authentication won’t help as this exploit is pre-authentication, which means an attacker doesn’t need to authenticate to your web applications in order to attack.
IT Operations is on the front lines to protect every enterprise from Log4j
Step one: FIND Log4j wherever it exists
Investigate every internet-facing application, website, and system that you own or use. This includes self-hosted installs of vendor products and cloud-based services. Focus on internet-facing systems that contain sensitive data. Once you’ve completed assessing your hosted apps and vendor systems, move on to endpoint applications including Java-based apps like WebEx, Minecraft, and Citrix.
By noon CST on Friday, December 10th, BigFix had provided customers with specialized tools to help find log4j wherever it existed in their environment, including file systems, across nearly 100 operating system variants. Full visibility is step one to provide complete protection against Log4j based threats.
Step two: Patch, patch, patch. Patch in the same order in Step one. If no patch or workaround is yet available, uninstall.
BigFix automates discovery, management, and remediation of all endpoints whether on-premises, mobile, virtual, or in the cloud – regardless of the operating system, location, or connectivity.
The pandemic has forced many endpoints into home environments which creates makes it more difficult to keep your endpoints patched and compliant. Operations teams cannot rely on employees working from home to patch their own systems, even with clear instructions. Many of them will also ignore your requests so you need to adopt systems that enforce continuous compliance, like BigFix.
IT Operations is essential to beating this. BigFix is the essential tool for IT Operations
We believe this vulnerability is not going to go away any time soon. We’re just starting to get a glimpse of how this is being exploited. New ransomware attacks have already been launched using this vulnerability. Buckle up IT Operations teams, it’s going to be a while before this vulnerability is fully remediated.
How can BigFix help?
BigFix automates discovery, management, and remediation of all endpoints whether on-premises, mobile, virtual, or in the cloud – regardless of the operating system, location, or connectivity. BigFix Insights for Vulnerability Remediation integrates with leading vulnerability management solutions like Tenable to remediate vulnerabilities like Log4j faster than any other solution in the market.
|For the latest information about Log4J, visit https://www.hcltechsw.com/bigfix/log4j.|
For more information about BigFix, please visit www.bigfix.com.