The InfoSec community has become the victim of holiday terror yet again. Earlier this year, the Kaseya attack clouded the 4th of July celebrations. Today, CXOs are racing to patch the Log4j vulnerability aka Log4Shell that was discovered on December 9. While this vulnerability is likely to stay around for a while, it is important for cybersecurity professionals to take immediate steps to mitigate its threat and keep their organizations safe. More importantly, Log4Shell isn’t the first security/zero-day flaw to be discovered and it definitely won’t be the last. So, what is it that InfoSec leaders can do to detect and respond to such threats?
What is Log4j Vulnerability/Log4Shell?
Before we dive into remediation measures, let us first understand the Log4j vulnerability or Log4Shell. Crucially, why has it stumped veteran cybersecurity professionals worldwide?
Log4j is an open-source logging software used by almost all major Java-based apps and servers across the globe. This includes everything from enterprise software and cloud data centers to online gaming. Log4Shell is a zero-day vulnerability in Log4j that allows attackers to penetrate weak systems by running malicious code remotely. Within a week of discovery, Log4Shell has managed to attract an alarmingly high level of exploitation.
After Log4Shell: What Now?
The attack surface is growing by the second as vendors are getting exposed. Putting this into perspective, security researcher Greg Linares mentioned that his most active Log4j honeypot saw an average of ~3400 attempts per minute!
IT vendors are in the process of releasing patches and guiding clients on the next steps. However, there is a lot more to this vulnerability than what meets the eye. While we are yet to hear news of a high-profile data breach that can be attributed to Log4Shell, the timer for the next attack is already in motion as cybercriminals race to catalog and exfiltrate data. As CISOs continue to evaluate risk and hunt for solutions, here’s what can help tackle this situation as well as future such threats.
How a Zero Trust Security Model Can Help
A proactive Zero Trust security approach is the only way forward for enterprises of all sizes. By using micro-segmentation, a Zero Trust model creates smaller “trust zones” to isolate environments, applications, data centers and workloads. This helps effectively monitor traffic, reduces the attack surface to a minimum and restricts unauthorized lateral movement. In cases such as Log4j, by limiting processes that can interact with or execute from and to a compromised server, the lateral spread can be prevented. Moreover, Zero Trust also:
- Inspects inbound and outbound traffic closely
- Prevents the initial compromise by blocking the outbound communication to the hacker’s command-and-control server (egress filtering) by defining the appropriate policy
- Detects malicious activity and application control helps prevent unauthorized applications from running
Most importantly, Zero Trust helps secure your organization’s critical assets i.e. crown jewels by denying access to them unless a user is authorized – regardless of past authentication. This means that your critical applications would be practically invisible to the attacker even if they have managed to exploit Log4j on other applications.
As long as vulnerabilities remain and continue to evolve, they will be exploited – for attackers are getting bolder and more sophisticated by the day. It is up to enterprises to proactively secure their ecosystems by embracing Zero Trust.
To learn more about ColorTokens’ Zero Trust-based zero-day protection and other security solutions that can save you money while improving your security posture, check out our resources or get in touch.