Our Cybersecurity Partner RedShield can shield you from Log4j exploits in 24 hours*
A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.
The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.
CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.
Many organisations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.
RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.
As attack signatures continue to evolve, RedShield are analysing and simulating attacks they have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of their managed service provides ongoing assurance that customers’ shielded applications are measurably secure.
If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.
For peace of mind why not take advantage of a free application security hygiene assessment (valued at $250), to discover the assets your company owns and the general state of security of these systems.
Visit redshield.co for more information.
*Subject to availability of standard and emergency deployment options and costs.
Today we are excited to announce a brand new capability from our Cyber Security partner RedShield….. Second-Factor Authentication (2FA) Shields.
The team have developed an easy to implement and cost effective alternative for organisations struggling to enable 2FA across their applications, particularly legacy apps.
Without needing to touch application code, these shields work by requiring users to provide a code supplied via either a selected TOTP authentication system or via SMS message (depending on customer preference).
Using this capability, they can implement 2FA across multiple different applications within days, without the need for development resource and without interfering with user experience.
This capability is continuing to evolve to encompass other Multi-Factor Authentication (MFA) challenge methods. If you have a specific requirement or are interested in standardising your workforce on an existing method, get in touch.
For more information and detailed service descriptions on both TOTP and SMS based 2FA shielding see below:
RedShield Security in Partnership with FusionExperience are pleased to announce their latest webinar.
A look at past, current, and future cyber security challenges for UK organisations.
In an increasingly inter-connected world, cyber security has rapidly moved up the agenda for both government and businesses in the UK. The cost of cyber-attacks is now estimated at approximately £26 billion in the UK and attacks are becoming more frequent and sophisticated. This is having a real impact on not just organisations, but everyday people.
At the same time, UK regulatory requirements continue to grow and become ever more resource-intensive to address. Consequently, security professionals are under pressure to decide where best to invest their limited time and effort. But alongside the risks there are opportunities.
Join our expert industry panellists to learn about the real impacts of cybercrime and the existing and emerging challenges in UK cyber security. Speakers will also share their experiences in solving some of the most pressing issues as well as their thoughts on how you can ensure you have the right technology, people, and processes in place to meet tomorrow’s challenges.
- Simon Newman, Head of Cyber and Business Services, UK Police Crime Prevention Initiatives (PCPI)
- Ian Hogg, Chairman and CEO, Shopworks & FastP.A.Y.E.
- Patrick Wake, Global Head of Information Security, FDM Group
- Kim Bilderback, Vice President, RedShield
To view the webinar, please visit: https://bit.ly/2VIxvho
Another UK signing for our award winning Cyber Security partner RedShield, this time a FTSE 250.
Find out how they took a proactive approach to Application Security here.
Patrick Wake, Head of Information Security at FDM Group is responsible for cybersecurity and governance compliance.
With new centres in Hong Kong, Singapore, Sydney, Leeds, Glasgow, Charlotte, Austin and West Virginia in the United States and significant increases in the size of FDM’s Toronto and Frankfurt centres, Wake believes a practical approach is what gives FDM the edge in the ever-changing wild west of the digital space.
“2020 was the biggest year on record for cybersecurity threats in the UK, with a 20% growth from 2019. Other places in the world show similar numbers with hackers taking advantage of remote working and the pandemic to increase attacks with millions of them happening per day.”
“We’ve focussed on the fundamentals of security because most attacks are preventable by patching known vulnerabilities. We know a lot of our consultants are using FDM online portals to access our information and give us theirs. This information needs to be looked after.”
To support the consultants’ career journey, FDM recently created an online portal to provide easier access to knowledge.
“The internet is a web, and everything is connected. There are constant attempts to intercept data when it’s moving through the strands of this network.”
Although the company strengthened its application firewall, more needed to be done.
“FDM aims to apply privacy protocols and security-by design to everything we do digitally. Our portal needed to be robust. The data in it has to have protection from every angle with the latest technology.”
“We wanted to take a preventative rather than reactive approach to protecting the portal, so we undertook penetration testing and added RedShield to help discover and remediate vulnerabilities.”
“We needed a service that identifies and rapidly shields vulnerabilities without touching the application code or impacting functionality, and RedShield was able to provide it for us.”
“At FDM, our strategy is to use a layered defence methodology. We already have an internal development team whose priorities are to release and apply pieces of code, undertake new projects, and perform regular system maintenance. We don’t use RedShield as an alternative to the best practice security policies and multiple controls we have in place already. RedShield is another layer of protection on top of all of that.”
FDM deployed RedShield’s software and managed services to protect its web applications in mid-2020. Since then, the two companies have established a strong working relationship.
“FDM never wanted a relationship where we just buy software and then don’t have another conversation until license renewal time. The journey with RedShield has been excellent. Everyone we’ve engaged with is very knowledgeable, and they are extremely responsive. It’s what we needed to help navigate the ever-changing digital landscape.”
“RedShield is now an integral part of FDM’s cyber strategy. There are many moving parts in FDM’s business model. We have a global team spread across all major continents and we provide tech and business training in numbers that could run in the thousands. We’re constantly learning how to stay on the cutting-edge of knowledge and technology, while ensuring our security keeps up with the growth of the business. Things move very fast in the world of FDM and cybersecurity. RedShield provides proactive application protection and stops security from becoming a handbrake on FDM’s business expansion.”
Patrick Wake, Group Head of Information Security, FDM Group
The Shopworks Delivers on its Commitment to Protecting User Data
RedShield Security, LLC is pleased to announce they will provide web application shielding & security services to The Shopworks, the UK’s fastest growing cloud-based workforce management solution provider. Their services will protect Shopworks’ on-line applications and the data of their 150,000 and growing, user base.
“We’re proud that The Shopworks has chosen us to protect their users and it’s a commitment we take seriously,” says Jason Decker, VP Business Development at RedShield. “They were clear from the outset that they would only trust this task to a company with proven technology and strong processes. Our award-winning technology, world class service and ISO27001information security certified processes fit their requirements. We believe our unique approach reduces their threat risk significantly through the constant discovery and faster remediation of vulnerabilities.”
“Our established ISO27001 process ensures that data protection and security are driving factors in the lifecycle of our application infrastructure. As such, we are delighted to be partnering with RedShield to implement their comprehensive suite of proactive monitoring, protection and 24/7 threat analysis tools across our AWS cloud hosted platforms,” says Nick Hill, CTO, at The Shopworks. “Backed by RedShield’s award winning products and service levels, we will continue to provide our customers and partners with an unrivalled level of protection over their applications and data.”
The Shopworks and its newly launched fintech app fastPAYE immediately benefits from RedShield’s proprietary Shielding solution that reduces the application threat surface by clearing vulnerabilities present in applications, without touching a single line of the code. In addition, the Shopworks will receive a comprehensive suite of proactive monitoring, protection and threat analysis tools, a fully managed cloud Web Application Firewall (WAF), Distributed Denial of Service (DDoS) protection, Anti-Automation/Bot detection and prevention, and weekly application scanning included as part of the service. Every part of the Shopworks cloud ecosystem will be monitored and managed by RedShield’s expert security analyst team 24/7.
RedShield Security, LLC
VP Business Development
+1 (424) 396-1117
+44330 323 0596
A global provider of cloud-based web application security solutions and services. RedShield is the world’s first and only web application shielding-with-a-service cybersecurity company. RedShield’s offering combines superior web application shielding software with industry-leading cybersecurity services, enduring the right shields are deployed quickly, minimizing impact and risk to the business. For more information, please visit www.redshield.co
About The Shopworks
A cloud-based, bespoke workforce management solutions provider specializing in the Hospitality, Leisure, Retail and Service sectors. Their staff scheduling solutions improves staff management and efficiencies in budgeting, scheduling and training; helping their customers save as much as 7% on staff costs. They are an ISO 27001 information security certified organization. They have recently launched an innovative Salary advance application; fastPAYE For more information, please visit www.theshopworks.com
CyberExperience, powered by award winning RedShield provides a world first “24/7 Cyber Security at-your-service” offering that shields & protects web applications.
Our solution can provide valuable benefits to your organisation immediately by protecting you against cyber threats and hackers who will already be attempting to compromise your systems and steal your data.
The one thing you can guarantee is that your web presence is under attack. Please take a few moments to read about our offering and how we can help you both now and into the future.
Web applications suffer from the balancing of staying secure with that of constant updating.
Change is constant, this is due to Compliance, Regulation, Developments, Maintenance and migrating between 3rd party cloud applications. There is never enough resource and if breaches occur then claims impact the overheads and reputational risk can cause many awkward questions as to why and how this could have been allowed to happen.
The way the security industry works can be inflexible, sadly leaving gaps due to impracticalities. Is it enough to wish and hope that a hacker or criminal won’t pursue those gaps? Time to fix can be lengthy, especially when legacy systems are involved. Can you really deploy fixes fast enough to prevent the determined hacker?
Fortunately, the problem can be solved another way – shielding - 100% assured.
Our shields are deployed at FTSE100 corporates already. One customer double ‘pen’ tested our protection because they were so surprised at how quickly we had mitigated their vulnerabilities. They were informed their application(s) were 100% covered, all done confidentially and swiftly!
We also provide a free hygiene assessment to help businesses identify areas of potential vulnerability across their web presence easily. This information is discovered using publicly available data sources. Compared to other such assessments our report doesn’t just tell developers where to look, it translates directly into actionable protection that can in a few days assure even the most obsolete of web applications.
If you would like more detailed information of the potential issues found in your security hygiene review and how we can quickly help you resolve your issues, or simply just to learn more visit www.cyberexperience.co.uk Immediately!