Log4j – Be Prepared, Keep Calm, Respond Wisely

The announcement of the Log4j vulnerability is arguably the most significant, widespread, and concerning threat, our industry has seen to date. However, it reflects how reliant we have become on shared codebases, which would suggest that this will not be the last, or necessarily the worst, we will encounter.

This raises the question of what you do now and how do you protect yourself in the future? Entire books could be (and probably will be) written on the subject, but here are a couple of key points to remember:

• Being prepared offers the best defence. Using the well-established principles in the many examples of Security Frameworks that are available will provide strong protection from unexpected vulnerabilities. A common approach is to Identify your assets, Protect them appropriately, Detect unusual behaviour, Respond to threats as they eventuate, and be prepared to Recover if you are compromised. Frameworks from CIS, NIST, ISO, SOC, and others can assist in building these processes into your organization.

• Limit risk by only exposing services to the internet when it is necessary. By hiding services that are not required for public consumption, you significantly reduce your attack surface. While it is increasingly “uncool” to use VPN technology, with many preferring to offer all services via the Internet, VPNs provide valuable protection for your critical or high-risk services. When you must connect services to the internet, version and identity management become critical.

• When vulnerabilities such as Log4j are announced, remain calm and analyze your risk. Devices and software that are not exposed are far lower priority than internet exposed services. If necessary, employ workarounds suggested by vendors, or disconnect at-risk applications from the internet until they can be fixed. When available apply patches that provide lasting protection, again, focusing on the most exposed and at-risk devices or applications first.

• Work with others, such as Charter to share knowledge and expertise, as well as to assist where resourcing is limited. Responding to such vulnerabilities can be a heavy burden and keeping up with the rapidly evolving status of many applications can be difficult. Sharing those burdens can offer relief to your organization, as well as bring new perspectives to your process.

Charter takes pride in our ability to stand with our customers in difficult times providing knowledge, experience, tools, and capabilities to enhance our customers' protection. Please reach out to us if we can be of assistance now or in the future.

Ronnie Scott