This post is also available in: 日本語 (Japanese)
The recent Apache Log4j vulnerabilities are a particularly pernicious problem for two reasons. First, Apache Log4j has a very large footprint as a back-end logging library that is incorporated into many widely-used, open sourced and internally developed applications used by enterprises around the world. Issues with Apache Log4j affect almost everyone. Second, remediation can take weeks. The best way to protect yourself is to upgrade to the latest version; however, that requires that you first know where every instance needs to be patched and second that Java 8 is installed. There are many reasons why customers may not be able to upgrade for days or weeks, including the big effort required to upgrade Java before applying this patch, the full test cycle needed before upgrading Log4j, so it doesn’t break applications or year-end production freezes.
Palo Alto Networks customers are protected from attacks exploiting the Apache Log4j remote code execution (RCE) vulnerability as outlined below. In addition, we offer a number of solutions to help identify affected applications and incident response if needed.
To give you time while your teams patch the vulnerabilities, Palo Alto Networks customers are protected by our Next-Generation Firewalls with an active Threat Prevention security service, Cortex XDR and Prisma Cloud:
Every time a new security vulnerability surfaces, a race begins between attackers and defenders to identify vulnerable systems. The question defenders need to answer is: What is my full inventory of affected assets? Here’s how Palo Alto Networks can help provide this visibility:
If you think that you have an incident related to the Log4j vulnerability or simply need additional capacity to respond and remediate faster, Unit 42 can help. If you are concerned that you may have been impacted, you can contact Unit 42 for a compromise assessment and incident response services. For detailed findings on the Log4j vulnerability, see Unit 42’s summary.
Even if you’re not an Apache Log4j user, it's still likely that one of your partners, customers or suppliers uses software that includes the vulnerable component. This week’s vulnerability demonstrates the fragility of our large, interdependent technical ecosystem. A well-known concept in supply chain is the bullwhip effect where unforeseen fluctuations in supply can cost an individual company more than actual market demand fluctuations. In cyber security, we’re experiencing our own version of the bullwhip effect, only everyone is affected by infrastructure that makes a single vulnerability a global incident.
To stay on top of the latest Log4j analysis and mitigation, as well as the latest vulnerability updates, please continue checking the Unit 42 blog or register for our threat intelligence briefings, Unit 42 Briefing: Apache Log4j Threat Update.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.