Like many other threats in the past, the Log4Shell vulnerability came out of nowhere to become a top concern for companies around the globe. Within the first 72 hours of the discovery, over 840,000 cyberattacks were reported using the Log4Shell vulnerability that allowed bad actors to exploit systems and extract data or execute malicious code.
Like most IT professionals out there, you probably wondered “Am I going to be impacted? Are we ready to defend our systems against this threat?”
Considering how ubiquitous Log4Shell is, and how trivial the vulnerability is to exploit, companies needed to be able to respond quickly and identify their exposed hosts in a matter of hours, not weeks.
So how ready were you really? If your company was like most, you threw resources at monitoring and performing patchwork prevention while waiting for your vendor’s responses to the threat that would eventually come in form of hotfixes. Meanwhile, you were likely still left in the dark as to how many of your hosts were exposed
Log4Shell – Fukushima or Tip of the Iceberg?
Our RSP Team wrote a recent blog that went into more details on the Log4Shell vulnerability which you can read here. |
The consensus is that these kinds of attacks are just the beginning. The severity of this vulnerability brought the digital and security communities together, which helped avoid it becoming a big catastrophe. However, we expect to see more, severe attacks ahead. Some of the initial attack scans did nothing but secure access to a vulnerable target without deploying any malware. This is intentional as the breach remains undetected until such a time that the bad actor is ready to deploy its malware, or sell that information to the highest bidder.
We need to respond now and shift the way we look at vulnerabilities. These are no longer just the security teams’ concerns – they involve engaging developers, service desk, operations, and IT management.
As Service Desk teams, we can help by having an up-to-date asset list that identifies all assets running in our environments. You can’t protect what you don’t know. Completing a proper Discovery and Asset management scan can go a long way in closing gaps in your understanding and mobilizing your security efforts.
BMC Helix Discovery uses TPL, or patterns, to discover information in your infrastructure. It scans your network and asks a set of questions to each one of them, returning information on all software and components installed into each one of them. BMC Discovery’s agentless architecture means no host will be left behind.
Having these asset maps ready is an invaluable measure. You can learn more about Asset Discovery here.
In response to a vulnerability like Log4Shell, Asset Discovery allows organizations to move quickly and identify hosts that were exposed to a threat:
Online was able to leverage Asset Discovery to help a number of our clients with timely information to help them make critical decisions in even less time.
The time to act is now. You don’t want to fall victim to the Log4j vulnerability now or ever. This threat will be replaced with another one, and then one more. Let us help you so you never have to ever wonder if you are ready ever again.