When it comes to the Log4j vulnerability, and any other zero day or recently discovered vulnerability, our customers know all-too-well how critical it is to quickly find out how exposed their operations are, and if they’ve been compromised. And luckily, there are many solutions available that simply help identify vulnerabilities. But the ideal scenario is tying together a view of the systems across a company’s entire cloud environment and looking for active signs of compromise. We’ve seen this both reduce risk and better protect businesses long-term. And this is especially important given how challenging it can be to find all programs and systems impacted by Log4j.
The new realities of security
Every few years a cyber security issue hits the internet that is so significant, it creates both panic and global awareness. It serves to shine a light on the delicate relationship we have with technology, as well as give us a charter to monitor, build, and connect systems in new, more thoughtful ways.
But with lessons from major security events like the Heartbleed vulnerability (2014) and Meltdown attack (2017), why the urgency around Log4j? Simply put, scale. While casual computer users have probably never heard of Log4j, this logging software has been used across the entire internet for years. The Log4j software is so widely used, in fact, it can be found in everything from video games to the Mars rover to most internet-connected systems we use to live, work, and play. For this reason the mad scramble by security teams has been focused on peeling back these layers of development to find all uses of Log4j so they can be properly patched.
The truth is, however, we may be living with Log4j for some time. As attackers evolve how to exploit it (and other findings in the code base), companies will have to continue to patch and lock systems down, and the industry will continue to find new places where Log4j is used and exploitable.
Treating the cause, not just the symptom
The significant growth in scale through cloud computing, coupled with the need to innovate faster and with more agility, has shifted security from an access problem to a data problem. This has put both developers and security pros in uncharted territory, and today’s security tools can’t and won’t keep up. A more holistic focus on the security operation, however, can offer customers better visibility into threats before they occur. Some best-practices to consider include:
- Automatically detecting anomalous activity before a vulnerability is even uncovered. By installing systems that automatically learn how an environment normally operates that data can help find anomalous behavior even before a vulnerability is known, widely publicized, and patched — helping security teams find potential exploits and take action faster.
- Architecting a single platform for runtime threat detection, vulnerability management, and more. By bringing together vulnerability, compliance, and posture management, with automated runtime threat detection for both workloads and cloud APIs, security and DevOps teams are empowered with a common source of truth, surfacing only the alerts that matter most.
- Continuous coverage, from build to runtime. With a persistent approach to monitoring and managing vulnerabilities and misconfigurations across a cloud environment, from development through production, team’s gain a rich, real-time visual of insights to eliminate active threats.
Thanks and support
At Lacework, we recognize how challenging it’s been as security teams work diligently to understand and address the Log4j vulnerability. We have seen the entire industry come together to tackle this monumental threat, and Lacework’s security experts have been closely monitoring the situation to determine how to best help our customers. In order to equip both customers and non-customers with the appropriate knowledge and resources, we are rolling out a Cloud Care program. The new offering is comprised of three primary pieces:
- Threat Hunting Assessment. This resource is free for anyone in the industry who is feeling compromised or not sure where to start. The assessment is designed to accelerate an organization’s Log4j discovery and other anomalous behavior across their cloud environment.
- Coverage “Booster.” This ‘booster’ program, which is available at no additional fee to Lacework customers for the next four weeks, offers the ability to increase consumption of the Lacework agent to uncover anomalies in our customers’ infrastructure that might not have otherwise been discovered.
- Expert Advice. The Lacework Customer Success team is providing 24/7 support to anyone in the industry in need of help, guidance, or simply as a starting point. Especially with the holidays around the corner and reduced staffing, we anticipate attackers will continue to exploit Log4j vulnerabilities through the remainder of the year, and want to support our fellow security teams as much as possible.
To get started or for more information, please visit Lacework Cloud Care.
Copyright 2021 Lacework Inc. All rights reserved.