This is not a post on what Log4j is, or what controls you need to put in place. There are too many articles about that already. If that’s what you’re looking for, please read this great post from our Founder, Chairman, and CTO, Casey Ellis.
Today’s post is about what front line security and technology teams should be mindful of in the coming weeks/months, particularly those that are reeling from or have been impacted by the Log4j vulnerability in its various shapes or forms. Some things to consider for battling it:
Be in Red-Alert Mode (for many weeks):
Use Deep Assurance Tools and Ensure that Trusted Images and Continuous Testing Practices are in Place, such as:
Watch Out for Upcoming Third-Party Supply Attacks
Evolve your Controls with the Times
Be on Guard for Log4j-born Malware, Worms and Ransomware
Increase Management (and Regulatory – if applicable) Oversight:
Review Investment Slates and Reprioritize:
See our full list of Log4j/Log4Shell resources here.