A guide to responding to the Log4j vulnerability - Lacework

A guide to responding to the Log4j vulnerability

Lacework Labs

February 24, 2022

On December 10th, 2021, CVE-2021-44228 took the security industry by storm when a remote code execution vulnerability was discovered in the popular logging library “Log4j”. Almost two months after this event, and numerous new CVEs ([1],[2],[3]), the industry is still feeling the fall out of this vulnerability. As companies worked to patch their software, and push out updates to prevent exploitation, and monitor for signs of compromise, attackers manipulated their payloads to bypass traditional rule based detection platforms. Which is why Lacework is releasing our latest research on how to respond to Log4j vulnerabilities in your environment. Following an easy to use four step process, our latest research paper outlines how the Lacework’s Polygraph platform enables teams to identify security issues, and resolve them before they become security incidents.

Our vulnerability management pane enables teams to prioritize patching, and remediation efforts for mission critical hosts. Following the announcement of CVE-2021-44228, the internal security research team at Lacework, Lacework Labs, saw observed opportunistic attackers continue to evolve their payloads throughout the week to spread various DDoS bots, and Cryptocurrency mining malware. Notably, there are public advisories of adversaries using Log4j vulnerabilities as an initial access mechanism to then deploy ransomware ([1], [2]).

Given the amount of applications that leverage Log4j as a 3rd party library, it can be difficult to identify within an environment. Here at Lacework, we’ve developed additional improvements to our next generation agent to detect, and alert our customers to vulnerable Log4j versions that are in their production workloads. We’ve also created our Cloud Care Rescue Program. This includes a free 14-day Cloud Threat Hunting assessment, access to our subject matter experts in Cloud Security, and a dedicated 24/7 hotline. This program covers AWS, Google Cloud, Azure and leading container platforms such as Docker deployments and Kubernetes. No matter where you are on your cloud journey, Lacework has solutions to help you scale securely.

While Log4j is the issue currently in all security practitioner’s minds, experts are always concerned about what’s next. Lacework’s continuous monitoring and cloud workload visualization technology identifies anomalies that matter to your organization’s workload. From API calls from strange locations to new regions being used in your cloud environments, we bring “what’s weird” to the surface. From Log4j to the next thing, security teams can rest easy knowing Lacework is in their environment. Curious about how to protect and respond to Log4j vulnerabilities in your environment? Check out our latest white paper on how to strategically respond to Log4j, and the next threats in your organization’s environment!