I’m sure by now you are well aware of the Log4j 2 vulnerability which is putting an unprecedented number of companies at risk. In case you haven’t heard, here are a couple of quick links to get you up-to-date and advise you on how to mitigate it:
- https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know
- https://www.crowdstrike.com/blog/log4j2-vulnerability-analysis-and-mitigation-recommendations
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
The big question, however, for those who are directly responsible for the security of your company or perhaps indirectly responsible as the application owner or as operational support, is where are the vulnerabilities located? Which Applications? Which Servers? Which tools are susceptible to the Log4Shell; and more importantly, how confident are you that you found every instance of it?
Using the SIFF configuration monitoring platform, you can quickly discover the location of the Log4j vulnerability by using a SIFF Service Definition (SD) to discover and identify the java processes that are using Apache Log4j, then leverage a SIFF Policy Definition (PD) to validate whether these instances are compliant or not (i.e. Log4j version <= 2.14.1). Violations are flagged, users notified, and the platform can be configured to trigger automated remediation actions.
To make this easy, we have created these SD/PD and included them in the built-in SIFF community library. You simply have to activate these definitions and they will automatically examine any SIFF-managed devices for the Log4Shell vulnerability and notify you.
If you are interested in learning more about using SIFF to ensure security and configuration compliance as well as how SIFF can help monitor configuration changes in your environment, learn more here.
