Device42 aims to identify vulnerabilities in Log4j

Missed a Future of Work Summit session? Head over to our Future of Work Summit on-demand library to stream.


Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), recently issued a statement to address a major security flaw in Log4j. “To be clear, this vulnerability poses a serious risk,” Easterly said. “We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.

In response to CISA and using its integration with PowerBI, Device42 has created dashboards designed to help IT teams find and resolve Log4j issues in real time. This feature will specifically display a graphical representation of the number of systems on which a version of the Log4j software package is deployed, along with details of the existing software on those devices. Device42 integrates with Microsoft PowerBI using the Device42 ODBC (Open Database Connectivity) driver package, currently available for Microsoft Windows.

This dashboard provides an overview of all application components with command line arguments using vulnerable Log4j reports. These identified applications would be the targets of immediate inspection and possible remediation.

“Log4j represents an unprecedented cybersecurity event and the potential for damage is incalculable,” said Raj Jalan, CEO and Founder of Device42. “As IT teams work to deploy patches, it will be critical for organizations to immediately identify affected servers. Our dashboards provide real-time insight into components that may be vulnerable.”

How does Log4j work?

Log4j is widely used for software event tracking, basically a logging library. Take a look under the hood of a massive amount of software systems, such as Android phones, smart TVs, Minecraft game servers, and the management systems that govern any backup power, and you’ll find Log4j – a small but very effective piece of open source software. All Apache versions from 2.0 to 2.14.1 with Log4j are vulnerable and easily exploitable with a web request and a simple user string.

The new Device42 dashboard is designed to provide an inventory of software deployed in an IT environment that could potentially be vulnerable to Log4j flaws. The optional application dependency mapping capability enables advanced discoveries such as inspecting Java JVM arguments for any reference to Log4j and identifying vulnerable versions, as well as accessing details of where this software is deployed in their environment.

The Log4j vulnerability has been rated as a critical threat, or a 10, on the Common Vulnerability Scoring System (CVSS) by the National Vulnerability Database (NVD). CVSS is an open framework for communicating the characteristics and severity of software vulnerabilities.

While researching ways to protect your system, CISA recommends that asset owners take three additional immediate actions regarding the Log4j vulnerability:

  1. List all external devices on which Log4j is installed.
  2. Make sure your Security Operations Center acts on every alert on devices that fall into the above category.
  3. Install a Web Application Firewall (WAF) with rules that update automatically so your SOC can focus on fewer alerts.

Log5j Threat Mitigation

Ultimately, the Log4j vulnerability means hackers can bypass passwords and other security restrictions. At this point, they could use a single line of script to spy on corporate communications, steal data, or even money. The Device42 Dashboard could help security teams identify where in your network this vulnerability exists, take appropriate defensive measures, and create a more secure environment.

VentureBeat

VentureBeat’s mission is to be a digital marketplace for technical decision makers to learn about transformative technology and transact business. Our site provides essential information on data technologies and strategies to guide you in the direction of your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on topics that interest you
  • our newsletters
  • gated thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

Comments are closed.