Detecting Log4Shell requires more than just a SIEM

by Bhabesh Raj, Associate Security Analyst Engineer and Kennet Harpsøe, Senior Cyber Analyst

The Log4Shell vulnerability is serious – it’s difficult to detect, used in lots and lots of software and is the perfect vehicle to get malware into your network. There’s no one cyber tool that can protect your enterprise against Log4Shell.
A combination of tools and a defense-in-depth mindset will give organizations the ability to detect post-compromise activity and put a stop to the attack.

Assume you’ve been breached – what’s next?

On Dec. 9, 2021, Apache disclosed a critical remote code execution vulnerability (CVE-2021-44228), also known as Log4Shell, which affects Apache Log4j versions 2.0-2.14.1. Log4j is a popular logging library in Java and is used in several enterprise applications, including Apache Struts, Flume, Kafka, Flink, Tomcat, Solr and VMware vCenter. Due to the prevalence of Log4j, defenders have been scrambling to identify which of their deployed applications are affected. Attempts at exploiting this vulnerability are particularly hard to detect because any string that might

Read more

Explore the site

More from the blog

Latest News