Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting task before, it is now more urgent than ever. Typically, most organizations are not prepared for such a severe risk as very few have mapped any of their machines that are using these popular Java libraries. It is not just a few hundred machines, it’s hundreds to tens of thousands that need to be identified and determined if it is holding a risk. There are so many common services that are vulnerable to this exploit, cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable. But where do these organizations even begin? It’s a big task, we need to first find out from our security teams or vendors we collaborate with to understand what has actually been affected and what needs to be remediated.
The biggest question on everyone’s mind: is my business exposed to Log4Shell?. Given how universal this Java logging package is, the ramifications of this vulnerability are quite severe. To perform remote code execution, an attacker only needs to send a simple malicious request that contains a formatted string that is picked up by the Log4J library.
But that’s just it – to what end is just being able to identify the vulnerability and check that you have protection in place going to be enough? It is more important to have the tools in place that give you insights into how an attacker moves in your network so you can harden your security and prevent being breached and compromised.
The biggest challenge is clear: being able to identify where Log4Shell is in context to your assets is the number one priority. It is standard procedure that organizations can patch vulnerabilities, but it is not about being able to patch or not, there are thousands upon thousands of assets that have Log4Shell, security teams need to prioritize which of those risks need to be dealt with first to prevent the exploitation.
There are 4 things that XM Cyber does:
- Identifies across the entire environment where the Log4Shell library and vulnerability exist
- Highlights which of the Log4Shell vulnerabilities can be exploited as part of an attack path and the conditions in the environment that enable it
- Prioritizes which device needs to be fixed first to disrupt potential attack paths using Log4Shell exploitation
- Provides guided remediation for mitigating the highest risk instances of Log4Shell
You can’t prevent what you can’t see, visibility is key in overcoming Log4Shell attacks
The reality is, there are many services and apps that are using this library, unfortunately not all standard security tools will be able to find the relevant CVE. You need observability of the Log4J library across the entire environment, only then can you check if it can actually be exploited by an attacker. Understanding where Log4Shell can be exploited in an attack path to compromise your critical assets means that organizations can now prioritize where to focus their remediation efforts. By continuously modeling attack paths, including attack scenarios around Log4Shell, you’ll have full attack graphs of your exposures.
Stop focusing on the vulnerability and identify where the risk of exploitation exists
While there are hundreds of thousands of assets out there to patch, understanding how attackers can exploit the vulnerability to compromise critical assets is key in the remediation process. This is what separates XM Cyber’s attack path management platform from every other solution. Because at the end of the day, this won’t be the last CVE we will see. Vulnerabilities will continue to arise and putting them in the context of our critical assets and prioritizing what needs to be fixed first will keep us ahead of the attackers.
Don’t let Log4Shell get in the way of the holiday season, get ahead with prioritized remediation
When it comes to remediation, what is the most efficient and cost-effective way to mitigate all the risks of the Log4Shell vulnerability? It won’t be manually patching each device, there isn’t enough time or resources to get it done, and frankly, it is a means to no end. There will always be vulnerabilities and alerts and unpatched systems. Our security teams must focus on what needs to be fixed first – and that will come from spotting the hidden connections between vulnerabilities, misconfigurations, and user behavior as it relates to an exploitable attack path, and how attackers move laterally. This will give us our key intersections where most attack paths converge where we can quickly go in and apply the remediation immediately – proactively cutting off the threat before the vulnerability is exploited.
We are dedicated to enabling customers to identify the Log4Shell vulnerability, reveal the exploitable attack paths, and quickly remediate. Follow our security bulletin for live updates and the latest developments for all things Log4Shell.