Log4j Vulnerability
What to Know. What to Do. And How to Stay Ahead.
Believe you’ve been breached?
To get immediate support from our
incident response team on Log4j
Identity security best practices to contain Log4j risk
Log4Shell highlights the importance of defense-in-depth and multi-layered security
Apply Patches
Apply patches Apply the software updates already released by Apache in Log4j and monitor the page for updates. Review vendor recommendations and updates for all enterprise software platforms in use, along with any underlying OS and enterprise integrations. Check in with all your third-party vendors to make sure they’ve also patched the software you use.
Deploy Peripheral Defenses
Apply web application firewall (WAF) rules to mitigate common exploitation attempts as part of a comprehensive defense-in-depth strategy.
Protect Credentials
Restrict access to environment variables and local credentials stored in CI/CD pipelines. If an application requires a secret be handed over as an environment variable, use a secrets manager to help ensure only authenticated users get access to the clear text secrets.
Protect Tier 0 assets
Only allow privileged access to Tier 0 assets like Active Directory and DevOps workflow orchestrators from specific bastion hosts. This will make it exponentially more difficult for the attacker to escalate privileges and compromise more assets.
Implement Least Privilege
Restricting access to the minimum level needed — and taking it away as soon as it’s not needed — can go a long way in slowing down or halting an attacker’s progress by preventing lateral movement, and ultimately, minimizing the blast radius and overall impact.
If you are a current CyberArk Endpoint Privilege Manager customer, you can enable detection and protection from certain Log4j-based attack vectors by configuring an advanced Application Control policy in EPM SaaS. This will help to reduce the blast radius, alert about an ongoing attack and complicate lateral movement for the attacker.
Enable Multi-Factor Authentication (MFA)
Attackers are much less likely to succeed when required to provide a second authentication factor or another piece of approval — so this is always a best practice.
Explore Log4j Resources
Configure Log4j Mitigations
CyberArk Endpoint Privilege Manager can help mitigate Log4j vulnerability impact using advanced Application Control policies.
CVE Reports
Recently published vulnerabilities in Apache Log4j have the potential to cause remote code execution or denial of service on servers used by Java-based applications for their logging functionality.
Log4j: What to Know. What to Do. And How to Stay Ahead
In December 2020, a series of network breaches was reported in rapid succession — the beginning of what soon became known as the cyber attack that changed everything.
Learn how CyberArk helps mitigate software supply chain attacks exploiting Log4j
Comprehensive Identity Security
Multi-layered ransomware protection
Credential Theft Protection
Continuous Adaptive Trust