[ad_1]
The Apache Log4j vulnerability (CVE-2021-44228) is on the thoughts of almost each cybersecurity and IT staff proper now due to its widespread utilization, ease of exploitation, and broad assault floor. This weblog supplies an outline of how Cisco Safe Endpoint helps shield your setting from attackers exploiting this vulnerability.
What You Have to Know About Log4j
On Thursday, December 9, the Apache Software program Basis disclosed a safety vulnerability in Apache Log4j, a Java-based logging library extensively utilized by builders around the globe. This library can be usually utilized by industrial and open-source instruments resembling Apache Struts 2, Apache Solr, Apache Fink, Apache Druid, Apache Kafka, Elasticsearch, and extra.
This vulnerability permits attackers to remotely execute malicious code on affected servers, enabling them to achieve full management of those servers. Broadly believed to be simple to use, this vulnerability has obtained the utmost CVSS severity rating of 10.0 and a 93/100 rating from Kenna Safety, Cisco’s risk-based vulnerability administration resolution.
How Cisco Safe Endpoint Helps
Cisco Safe Endpoint quickly identifies and protects in opposition to Log4j exploits in a number of methods. It blocks threats that attempt to exploit the Log4j vulnerability with multifaceted prevention strategies, together with machine studying and behavioral safety. Moreover, sturdy detection and response capabilities cut back dwell time. Lastly, wealthy risk intelligence from the Cisco Talos safety analysis staff means that you can have the most recent safety from attackers.
In case any threats get by, superior Endpoint Detection and Response (EDR) performance resembling SecureX Menace Searching and Orbital Superior Search shortly uncovers indicators of Log4j exploitation makes an attempt and post-exploitation exercise resembling lateral motion, suspicious command launch and others. This contains two new Orbital queries that determine entities affected by the Log4j vulnerability on Home windows and Linux units (windows_log4j_monitoring and linux_log4j_monitoring). To learn to use these queries to detect Log4j assaults, please see the beneath video.
As well as, with prolonged detection and response (XDR) capabilities from the built-in Cisco SecureX platform, you get a extra full view into the risk panorama for the Log4j exploit. This lets you automate response actions to isolate and quarantine compromised endpoints – lowering the time it takes to detect and remediate a risk that leverages the Log4j vulnerability. Lastly, cloud Indicators of Compromise (IOCs) in Safe Endpoint have been up to date to incorporate new Log4j-related detections and new clamAV signatures can be found to dam assaults exploiting Log4j.
For extra data on the Cisco response to Log4j, together with how different Cisco Safe options can shield you from this vulnerability, please see the Cisco Talos Menace Advisory web page and the Cisco Occasion Response web page for Log4j. To be taught extra about Safe Endpoint, please go to our product web page.
We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Related with Cisco Safe on social!
Cisco Safe Social Channels
InstagramFacebookTwitterLinkedIn
Share:
[ad_2]