On December 9, 2021, a vulnerability was reported in Log4j2, an open source tool widely used by developers within Java applications. If exploited, the vulnerability – CVE-2021-44228 – could allow an attacker to perform remote code execution (RCE) on a vulnerable system.
When the Log4j2 vulnerability was reported, ThreatX immediately began implementing and testing rules to block CVE-2021-44228 attacks against our customers. Since then, we have continued to monitor for Log4j2 attacks and have implemented mitigation measures to protect our customers. The ThreatX platform itself does not use Log4j and is not at risk.
For ThreatX customers, our Attacker-Centric Behavioral Analytics is a critical part of mitigating the Log4j2 threat. Since this attack can be launched in a variety of ways, signature-based defenses will fall short. By monitoring and detecting suspicious behavior over time, ThreatX has identified many versions of the attack and enabled our customers to defend potentially vulnerable servers.
ThreatX is committed to helping our customers defend against attacks on their web applications and APIs. To this end, the ThreatX Security Operations Center is continually monitoring for new vulnerabilities such as the one in Log4j2. As these are uncovered, we will ensure measures are in place that enable the ThreatX platform to protect our customers. In addition, ThreatX recommends all companies perform regular vulnerability scanning and monitor for suspicious behavior that might point to a compromise.