How a Log4j Vulnerability Changed Everything

At the end of 2021, the world changed for software developers when a popular logging tool, Log4j, was found to have a vulnerability. Twenty-one years ago, Log4j v1 emerged as a standard logging library for Java™ applications, and its widespread use in everything from games to banking applications means many are now compromised.

In this episode of Cloud Talk, Rackspace Technology® Chief Technical Evangelist Jeff DeVerter, Senior Manager of Threat and Vulnerability Analysis Brandon Jaster, and Security Solutions Architect Johan Moran, discuss how the Log4j vulnerability can be exploited, and what you can do to mitigate it.

Tune in to hear the following:

• What impact the Log4j can have on your organization
• Why the Log4j is the most serious security flaw to be seen in decades
• How organizations can secure networks with segmentation, patching and testing
• The importance of auditing existing IT tools, assets and processes
• Why it’s critical to upgrade applications

“The scariest part is that it's not just what is exposed to the internet, that you need to worry about,” said Jaster. “But everything in your internal networks is also vulnerable. So, it’s really important to have layers of defense in place to make sure that nothing is exposed, and everything is secured.”

The elements a robust cybersecurity strategy are explained by Moran: “Now, we need to detect if vulnerabilities are present, if the system has been exploited, and also if the system is under attack in real time.”

There are many different security tools available to organizations. “A web application firewall has signatures built into it that can see if someone is trying to exploit the application from outside,” said Moran. “It can block a cyberattack.”

In addition to tools, the importance of testing is also emphasized. “The value of a red team test or a penetration test is demonstrated to an organization because they help with defensive actions,” said Jaster. “By thinking like a bad guy who is trying to attack a network, you are able to tell the good guys what they need to do to fix things.”

The discussion goes on to cover kill chains, which are a list of actions that need to be taken for a cyberattack to be successful. “If you can limit how much information is out there, it will make the next steps in the kill chain that much more difficult to complete,” explained Jaster. “And if you can ensure your systems are patched and there is segmentation between systems, it's going to make it much harder for malicious actors.”

Organizations may be deterred by the cost of application upgrades, but as Jaster shared, “It’s even more expensive to go through recovery steps and have to send emails to customers after a cyberattack. And if security is compromised, the loss of trust can be really damaging to an organization.”

Security is an ongoing exercise. “Security is not a one-and-done job,” concluded Moran. “You don't just do a security audit once a month, once a quarter or once a year. As we’ve proved, there were four vulnerabilities released in a month for Log4j. Security checks need to be continual iterative processes with a team that’s always looking at the results, and then is able to come up with a plan of action to respond.”

Cloud Talk covers topics like multicloud, digital transformation, containers and Kubernetes, IoT, edge computing, data and more. Episodes are short and sweet — around half an hour — and available from Apple Podcasts, Spotify, Stitcher and anywhere else podcasts can be found.