Palo Alto Networks’ Post

View organization page for Palo Alto Networks

1,091,675 followers

As vulnerabilities go, the Apache Log4j issue is another huge broadside to IT and security departments globally. Worse, for most companies, remediation will likely take weeks. What do C-level executives need to know about Log4j? More importantly, how can they steer their organizations to come out safely on the other side? Join a discussion with Wendi Whitmore, Palo Alto Networks SVP of Unit 42 and Ankur Shah, Palo Alto Networks SVP of Product, Prisma Cloud, to better understand the impact of the Apache Log4j vulnerability.

Understanding and Dealing with the Apache Log4j Vulnerability

www.linkedin.com

The Unit 42 Threat Research Team has put a detailed blog together about the vulnerability and is updating several times per day if you need more details. https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/

Hirosh Hareendranath It is critical to patch your systems ASAP. Important to note, IF you happen to notice your machine was magically patched, that could be an indicator of compromise, as actors are known to patch a vuln once exploited. This way nobody else can gain access. Just a FYI.

John Reuben

30 years of start-up expertise for both enterprise software vendors and a non-profit I founded. Currently working with three startups to acquire their first customers. I Stand With Israel!

2y

Evolven can discover log4j libraries and their versions anywhere on any host that the Evolven agents run on. We will be offering companies the opportunity to deploy our agents to search exclusively for log4j, both 𝗮𝗰𝘁𝗶𝘃𝗲, and 𝗶𝗻𝗮𝗰𝘁𝗶𝘃𝗲. Specifically: •      A list of all log4j components anywhere in the environment •      The list includes also components used by non-running applications, packed inside WAR, EAR and other archive files •      The report exact locations of the log4j libraries and their versions  𝗧𝗵𝗲 𝗶𝗻𝗮𝗰𝘁𝗶𝘃𝗲 𝗶𝗻𝘀𝘁𝗮𝗻𝗰𝗲𝘀 𝗰𝗮𝗻 𝗻𝗼𝘁 𝗯𝗲 𝗱𝗲𝘁𝗲𝗰𝘁𝗲𝗱 𝗯𝘆 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 𝘁𝗼𝗼𝗹𝘀 𝗼𝗿 𝗹𝗼𝗴 𝗿𝗲𝗮𝗱𝗲𝗿𝘀.   If you feel that your organization could benefit from this, please try me at john.reuben@evolven.com. Evolven Software

Like
Reply
Ertugrul K.

Cyber Security Analyst • Fraud Investigation Instructor • Blockchain Aficionado

2y

Expecting Devops to be more security aware is like expecting public to police society themselves. Information Security is a field as sophisticated as coding.

Aiman Rashid

Solutions Architect | Technology Architect | Cyber Security | Network Security | Information Security Management | ISO-27001

2y

With unlimited possibilities of obfuscated payload, how much can we depend on the signature based security (vulnerability protection) provided by PA or any other vendor?

Our inspiring product SecHard allows you to detect #Log4j #vulnerability by scanning thousands of your systems in a few minutes. Moreover, you can remediate the vulnerability in all systems just a single click. Please watch our video to see how fast we do it. https://www.linkedin.com/posts/oyapaktas_log4j-vulnerability-securityhardening-activity-6877669076991283201-GGic

Like
Reply
See more comments

To view or add a comment, sign in

Explore topics