Tips From the ThreatX SOC: Managing the Log4j Vulnerability

PUBLISHED ON December 20, 2021
LAST UPDATED Dec 20, 2021

The Log4j vulnerability has created a lot of chaos for security professionals. While there is no silver bullet to addressing these issues, there are important steps companies should take. Here’s where the ThreatX SOC and threat research teams advise you to start:

Patching: Be sure to update software with patches released by the Apache Software Foundation. This is an important first step in terms of remediation. Along these lines, remember to stay current on the patches issued – for example, the Log4j patch is now 2.17 after another CVE was announced this weekend. In addition, make sure you have a change management process, and a process to handle emergency change management situations.

Understand Your Apps: At the heart of Log4j are issues related to JNDI lookups. So, the question is: which of your applications rely on JNDI? Once you have a handle on what your app landscape looks like, you’ll be able to better focus vulnerability remediation.

Review Logs:  Event and audit logs are an important part of the equation, because they will give you insight into what activity has occurred with respect to any applications at risk to the Log4j vulnerability. Make sure you are regularly – at least daily – reviewing logs to identify any indicators of an attack on or compromise of your applications.

Communicate:  In times like this, it is easy to get swept up in all of the technical work that goes into addressing a vulnerability. But, don’t let this overshadow the need to communicate risk – and progress in terms of remediation. Whether it is with internal stakeholders or external partners (e.g., service providers part of your security program), communication will go a long way.

Ultimately, defense in layers is key. Patching and reviewing logs must be combined with solid endpoint protection. ThreatX continues to partner with our customers and help them navigate this issue. We will keep you posted on what we’ve learned – and please reach out to us if we can be of any assistance.

Tags

About the Author

Neil Weitzel

Neil is the Manager of the ThreatX Security Operations Center and is located in Detroit, MI. He has 15 years of experience working in various roles from User Support to leading Security Programs. Neil has profound experience in Security Architecture and Cybersecurity best practices, which helps him provide valuable insight to security teams. Before ThreatX, Neil worked with organizations such as Cognizant as an Application Security Architect, Cigital (now Synopsys) as their Practice Director of Vulnerability Assessments, and EIQ Networks (now Cygilant) as their Director of Security Research. Neil also served as a Cybersecurity Instructor and delivered numerous Security and Defensive Programming courses to various clients such as NASA and PayPal. He is an active member of the security community and delivered lectures at DEF CON, OWASP and local security meetups. Neil also acts as an adjunct lecturer on Software Engineering at his alma mater, Indiana University.