The Log4j vulnerability has created a lot of chaos for security professionals. While there is no silver bullet to addressing these issues, there are important steps companies should take. Here’s where the ThreatX SOC and threat research teams advise you to start:
Patching: Be sure to update software with patches released by the Apache Software Foundation. This is an important first step in terms of remediation. Along these lines, remember to stay current on the patches issued – for example, the Log4j patch is now 2.17 after another CVE was announced this weekend. In addition, make sure you have a change management process, and a process to handle emergency change management situations.
Understand Your Apps: At the heart of Log4j are issues related to JNDI lookups. So, the question is: which of your applications rely on JNDI? Once you have a handle on what your app landscape looks like, you’ll be able to better focus vulnerability remediation.
Review Logs: Event and audit logs are an important part of the equation, because they will give you insight into what activity has occurred with respect to any applications at risk to the Log4j vulnerability. Make sure you are regularly – at least daily – reviewing logs to identify any indicators of an attack on or compromise of your applications.
Communicate: In times like this, it is easy to get swept up in all of the technical work that goes into addressing a vulnerability. But, don’t let this overshadow the need to communicate risk – and progress in terms of remediation. Whether it is with internal stakeholders or external partners (e.g., service providers part of your security program), communication will go a long way.
Ultimately, defense in layers is key. Patching and reviewing logs must be combined with solid endpoint protection.