IT professionals are alarmed about the Log4j security vulnerability. What is currently the greatest difficulty facing companies? Which companies are particularly hard hit and what should those responsible do now? A comment from Dr. Sebastian Schmerl, Director Security Services EMEA at Arctic Wolf.
What is currently the greatest difficulty facing companies?
The difficulty for many companies currently is to identify whether they are using Log4j and in which configuration. This often cannot be answered easily without active monitoring, a software inventory or vulnerability scanning. The situation is different for companies that use solutions such as Arctic Wolf Managed Detection & Response and Managed Risk. Statements can be made here very quickly and measures can be taken.
Which companies does Log4J hit particularly hard?
Log4J hits companies of all sizes equally hard. Larger companies should have established processes and procedures for this type of incident, which then “only” have to be implemented. The difficulty here lies in the size and complexity of the IT landscape.
Medium-sized customers have smaller IT landscapes, but often typically do not have any of these emergency processes or there is a lack of know-how. It is to be expected that many German companies will not patch the software vulnerability for a long time, similar to Hafnium or Exchange, and will therefore be easy victims. It can also be assumed that several different attackers will break into the company without protective measures.
What should companies do now?
Now is the time to be vigilant and act quickly: Companies should follow the software vendors' patch announcements regarding CVE-2021-44228, implement available workarounds on confirmed vulnerable systems, and take confirmed vulnerable publicly available systems offline until they are patched.
At Arctic Wolf we work with the Arctic Wolf platform. It detects evidence of Log4J exploits and our concierge teams work closely with customers to customize the Log4J configuration to be secure or to patch Log4j.
More at ArcticWolf.com
About Arctic Wolf
Arctic Wolf is a global market leader in security operations and offers the first cloud-native security operations platform to protect against cyber risks. Based on threat telemetry, which includes endpoint, network and cloud sources, the Arctic Wolf Security Operations Cloud analyzes more than 1,6 trillion security events per week worldwide. It provides business-critical insights into almost all security use cases and optimizes the customers' heterogeneous security solutions.