Device42 aims to identify Log4j vulnerabilities

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.


Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), recently issued a statement to address a major security flaw in Log4j. “To be clear, this vulnerability poses a severe risk,” Easterly said. “We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.”

In response to CISA, and using its integration with PowerBI, Device42 has built dashboards designed to help IT teams find and remediate Log4j issues in real time. This feature will specifically show a graphical representation of how many systems have a version of the Log4j software package deployed, along with details on which piece of software exists on those devices. Device42 integrates with Microsoft PowerBI using the Device42 ODBC (Open Database Connectivity) driver package, which is currently available for Microsoft Windows.

This dashboard provides an overview of all application components with command line arguments using vulnerable Log4j reports. These identified applications would be targets for immediate inspection and potential remediation.

“Log4j represents an unprecedented cyber security event and the potential for damage is incalculable,” said Raj Jalan, CEO and founder of Device42. “As IT teams work to roll-out patches, it will be critical for organizations to identify the servers impacted immediately. Our dashboards provide a real-time look at components that could be vulnerable.”

How Log4j works?

Log4j is widely used for tracking software events, essentially a logging library. Take a peek under the hood of an enormous amount of software systems, such as Android phones, smart TVs, Minecraft game servers, and the management systems that govern any backup power supply, and you’ll find Log4j — a small but highly efficient piece of open source software. Any Apache versions from 2.0 to 2.14.1 with Log4j are vulnerable and easily exploitable with a web request and a simple user string.

The new Device42 dashboard is designed to provide an inventory of the software deployed in an IT environment that could be potentially vulnerable to the Log4j flaws.  The optional Application Dependency Mapping capability allows for advanced discoveries such as  inspecting the Java JVM arguments for any references to Log4j and identifying vulnerable versions, as well as accessing the details of where this software is deployed in their environment.

The Log4j vulnerability has been assessed as a critical threat, or a 10, on the Common Vulnerability Scoring System (CVSS) by the National Vulnerability Database (NVD). CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities.

While searching for ways to keep your system safe, CISA recommends asset owners take three additional, immediate steps regarding the Log4j vulnerability:

  1. Enumerate any external facing devices that have Log4j installed.
  2. Make sure that your security operations center is actioning every single alert on the devices that fall into the category above.
  3. Install a web application firewall (WAF) with rules that automatically update so that your SOC is able to concentrate on fewer alerts.

Mitigating the Log5j threat

Ultimately, the Log4j vulnerability means that hackers can bypass passwords and other security restrictions. At that point they could use a simple line of script to spy on corporate communications, steal data, or even money. The Device42 dashboard could help security teams identify the locations on your network where this vulnerability exists, take appropriate defense actions, and create a safer environment.


Originally appeared on: TheSpuzz

Scoophot
Logo