Our Cybersecurity Partner RedShield can shield you from Log4j exploits in 24 hours*
A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.
The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.
CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.
Many organisations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.
RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.
As attack signatures continue to evolve, RedShield are analysing and simulating attacks they have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of their managed service provides ongoing assurance that customers’ shielded applications are measurably secure.
If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.
For peace of mind why not take advantage of a free application security hygiene assessment (valued at $250), to discover the assets your company owns and the general state of security of these systems.
Visit redshield.co for more information.
*Subject to availability of standard and emergency deployment options and costs.
