Additional steps to remediate log4j

Log4j remediation is much more than just patching. Here are additional steps you may not have considered in your Log4j response:

  1. Do you know if you have Log4j, or any of the other libraries in which Log4j is embedded, in the apps you have developed internally? (You do have a way to track and manage all the code you develop both locally and in the cloud? and the libraries your products use?)
  2. Have you blocked the exploit, shutdown systems, or patched all vulnerable libraries in all apps/systems you control? (You do know how to do this?)
  3. Have you scanned your logs to detect malicious strings to see if you were already compromised prior to the public announcement? (Word has come out that this was being exploited as early as 12/1)
  4. Have you contacted all of the SaaS vendors you use to get confirmation that they have completed the above steps for their systems? (You do know all the SaaS your company uses?)
  5. If you cannot get this confirmation, do you know what your risk exposure is based on the impact should their systems be compromised? (You do track the risk for all of your SaaS vendors based on the criticality of their services or the data they hold to your operations?)
  6. Have you reviewed/updated your incident response plan to deal with a log4j compromise should it occur or you discover it, either on your systems or a 3rd party? (You do have IR plans prepared?)
  7. Have you briefed your senior management on the issue and risk? (You do have a line to your senior management?)
  8. Have you briefed and prepared your customer support and sales organizations so that they can effectively respond to customer inquiries on this issue? (You do know who these groups are?)

This crisis is far from over and today is effectively “Day 1” of the public fallout from this disaster. Get prepared to deal with it now!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s