Max Severity log4j Vulnerability Released – How Can You Defend From It?

Shalom Carmel Chief Information Officer at GlobalDots
3 Min read

On December 10, 2021, a new maximum severity security problem was publicly released to the American National Vulnerability Database (NVD), related to the log4j Java logging library. This problem received a CVSS (Common Vulnerability Scoring System) score of a perfect 10.0 – the highest possible severity score.

This high-severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability allows an attacker to exploit the remote system and the remote code execution if the service log’s incoming data uses Log4j 2 versions 2.0 to 2.14.1.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%


How to defend from log4j and similar problems

Although log4j has an unusual severity, this is not the first time a vulnerability pops up, and this will not be the last. There are 3 steps an organisation must take to mitigate log4j and similar issues. 

1. Know your application stack.

The organisation must be aware of where java, rust or .net are used, at which versions, and with which 3rd party libraries. 


2. Create barriers for access and reduce the attack surface.

Place your applications behind managed WAF that do virtual patching as first aid, SASE that scan network patterns, or Zero Trust Access solutions to allow only authorized traffic. 

3. Log everything to 3rd party immutable log services.

3rd party logging solutions ensure that you can look for affected apps and bad traffic even during a crisis. In GlobalDots, we especially value logging solutions with a wide, up-to-date integration catalogue and advanced visualization. These help you gain insights from areas of your infrastructure where in-application logs are hard to consume.

GlobalDots partners join the effort

Lacework

Our most recent addition to the Cloud Workload Protection portfolio now offers a free 14-day threat assessment for a faster detection of log4j issues affecting your public cloud environment.

Access it here.

Hystax Acura

Our partner announced as follows regarding the Acura automated cloud migration platform:

Acura doesn’t use Log4j in its own code. However, there is one third-party component that can be impacted there – ELK (Elasticsearch-Logstash-Kibana) stack which serves for logging for remote replication agents, so potentially attackers can use the Logstash vulnerability to perform the attack.

To mitigate this, users should cover the ingress port udp/12201 of Hystax Acura controller (or respective Load Balancer in case of HA deployment) by a whitelist of known source IP ranges where replication agents work.

Hystax Support team will reach out clients for the implementation of an update to their Acura deployments, once the updated version of ELK stack is released.

Cato Networks

Our leading SASE vendor reports that Cato customers have already been informed that if they have the Cato IPS enabled, they are protected. Cato is actively blocking the traffic signature of this vulnerability automatically. No patching or updates to the Cato platform is required.

Authorized partners of Cato Networks can utilize Cato’s rapid response blog post

Cato security researchers continue to monitor this exploit and have provided interesting and valuable insights that you can read here.

How can GlobalDots protect you from log4j vulnerabilities?

Globaldots is constantly looking into its internal systems to ensure that they are not susceptible to log4j issues. We review all 3rd party technology partners in our portfolio for log4j issues and mitigation steps. If you have a question about log4j issues with a technology implemented by Globaldots, please contact log4j@globaldots.com.


For further information and assistance about how to defend from log4j and similar vulnerabilities, contact us

Latest Articles

A Breakthrough in Observability: Cost-Effective Tracing

In an era where more observability vendors are offering tracing ingestion and visualization as part of their services, GlobalDots stands out by providing a set of data optimization features that significantly reduce costs, maximize insights, and create a scalable tracing strategy​. The Need for Cost-Effective Tracing How One AI-Driven Media Platform Cut EBS Costs for […]

Miguel Fersen Director for Iberia and LATAM, GlobalDots
25th May, 2023
Streamline Your Alert Management with Groupings

Alerting is crucial for avoiding outages, not just responding to them. That’s why GlobalDots recently added to its portfolio an innovation that revolutionizes the way alerts are processed, enabling teams to achieve their goals proactively and resolve issues quickly. Handling alerts on a large scale can be difficult, especially when dealing with hundreds or even […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
2nd February, 2023
It’s time to unleash the power of the force!

There’s a galactic misconception that monitoring CDNs has no value and is too expensive to store and index. While that used to be true, it’s now the worst mistake an IT-jedi can make!  GlobalDots, a 20-year CDN expert, teamed with observability innovator Coralogix, to develop a next generation observability platform for monitoring Content Delivery Networks’ […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
12th December, 2022
Real-time CDN analysis that identifies trends & detects anomalies

Finally, you can utilize your CDN to its full potential, using the most innovative solutions in the market. Real-time log analysis was never really possible, particularly for online businesses that deal with large amounts of traffic. With today’s technology, you can process logs instantly, view dashboards, and receive alerts before bad things happen. How One AI-Driven […]

Miguel Fersen Director for Iberia and LATAM, GlobalDots
14th November, 2022

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services