You may have seen recent news concerning the latest cyber threat, “Log4j”. Log4j is an open-source logging utility used in countless apps by organizations of all sizes. The flaw in Log4j allows attackers to easily gain remote access, as this vulnerability is a Remote Code Execution (RCE) vulnerability, over computers running applications in Java, a popular programming language.  

 At this time many applications do not have a patch released, but many do have a workaround that can be put in place.  

 If you are one of Conversant’s fully managed clients, you have already heard from us on this situation, as we are currently applying the patches and workarounds across your organization’s environment. You do not need to read further unless you are a managed client that has not yet adopted deep packet inspection with all advanced services enabled, SOC-as-a-Service, and an advanced EDR platform, such as Crowdstrike. Every organization is in a different position with their associated security evolution. There are actions required of you to properly mitigate and remediate this situation. 

The publicly available news suggests over 840,000 companies have been identified by the threat actors as being vulnerable. Threat actors are actively exploiting this vulnerability, and it can be leveraged to gain remote access to your environments, execute code, and encrypt and/or steal your data. If your organization does not have active security tool and log monitoring, you likely will not notice threat actor activity until the threat actor drops a payload that causes your systems to stop functioning as normal. 

Another vulnerability, or shortcoming, of the original fix has been discovered, and a third vulnerability is also believed to exist. Expect a chain of discovered vulnerabilities and associated fixes. Information is developing quickly on this situation. We care about you—please move briskly to mitigate this risk. 

First, the good news. If you are using CrowdStrike, CrowdStrike will protect devices running their endpoint software. Partners running CrowdStrike can review a dedicated Log4j dashboard in the CrowdStrike portal. This portal will show any attempted exploits that have been attempted. This dashboard is accessed by going to Investigate -> Vulnerabilities -> Log4Shell Vulnerability Dashboard within the Crowdstrike portal. If you are not running Crowdstrike, you should strongly consider adopting it as a complement to your other endpoint controls. Conversant has a strong partnership with Crowdstrike, and we can make this adoption painless:  this Log4j is not the first high profile vulnerability, and it will not be the last. Additionally, Crowdstrike as a service called Spotlight that provides even more insight into vulnerable systems; this service is often purchased separately. 

Additionally, Fortinet, and likely other firewall vendors, have mitigations for the Log4j risks. The links for the Fortinet mitigations are noted below. Your SOC-as-aService vendor, such as eSentire, Arctic Wolf, AlertLogic, and others, may have specific recommendations for Log4J; you should consider reading your provider’s documentation. 

You need to identify where Log4j is being used and follow individual vendor instructions to patch or work-around. To help, we have compiled the list below containing common products you may use, and we have included status of where these products/companies currently stand related to Log4j. Due to the fluidity of the issue, we have included links to allow you to get their latest status. 

If you would like for us to assist with implementing any patches or workarounds, please email our support team at support@conversantgroup.com, and we will schedule resources to reach out and assist. Please note, we, and everyone else in the country, is overwhelmed right now, so please be patient as we are moving as fast as we can given the incredible volume of requests.  

  • Citrix – Citrix Security Advisory for Apache CVE-2021-44228 
    • The following products are NOT impacted by the vulnerability at this time. 
    • ADC 
    • Cloud Connectors 
    • License Server 
    • SD-WAN 
    • ShareFile Storage Zone Controllers 
    • Virtual Apps and Desktops 
    • Workspace App 
  • Cisco – Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 
    • Some products that have been confirmed to be affected are the following. At this time there is no workaround, and a patch is being created. 
      • Firepower Threat Defense/Firepower Device Manager 
      • Identity Services Engine 
      • Unified Communications Manager 
      • ASA Software (under investigation) 
      • Prime Infrastructure (under investigation) 
      • Aironet Access Points (under investigation) 
  • Cohesity 
    • Impacted by the vulnerability; there is no workaround at this time. A patch is currently being created. 
  • CrowdStrike 
    • Released recommended settings to prevent Log4j.  
    • We have verified that all our managed partners running CrowdStrike have the recommended settings applied/enabled in the portal. 
  • Fortinet – Log4j2 Vulnerability | FortiGuard 
    • The following products are NOT impacted by the vulnerability:
      • FortiAnalyzer 
      • FortiClient / EMS 
      • FortiGate 
      • FortiManager 
    • The following products will help with protection against the Log4j vulnerability. 
      • FortiAnalyzer 
        • Outbreak Detection  
          • Version 1.00038 
          • Detects indicators for Log4j vulnerability from across the security fabric. 
        • Threat Hunting  
          • Version 6.4+ 
          • Detects indicators for Log4j vulnerability from across the security fabric. 
      • FortiClient / EMS 
        • Application Firewall 
          • Version 19.218 
          • Blocks attach attempt to exploit a Remote Code Execution Vulnerability in Apache Log4j. 
        • Threat Hunting 
          • Version 6.2+ 
          • Verify endpoint protections and monitor for any alerts related to Log4j2 exploit attempts. 
      • FortiGate 
        • IPS 
          • Version 19.218 
          • Blocks exploitation of the Log4j vulnerability.  
  • HPE Nimble 
    • Not impacted by Log4j2 at this time.  
  • Unitrends 
    • Not impacted by Log4j2 at this time. 

Other Relevant Links: