The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Research

Apache Log4j | Are you vulnerable?

Jim-Wachhaus
By Jim Wachhaus
Director of Technical Product Marketing
December 12, 2021
Official message about Log4j impact on the CyCognito Platform.

There is no direct impact of the Log4j vulnerability to the CyCognito platform.

The least you need to know right now:

  • There is a vulnerable version of the Apache Software Foundation Log4j logging utility, starting with version 2.0 released in July 2014
  • This vulnerability is actively being exploited in the wild, and is trivial to exploit.
  • Exploiting this vulnerability allows remote code execution (RCE).
  • There is a patch available and you should immediately patch your systems.
  • A configuration change may also mitigate the vulnerable versions (if you can’t patch).
  • There is no direct impact of the Apache Log4j vulnerability to the CyCognito Platform. CyCognito will continue to monitor and investigate the situation as third-party component vendors communicate status.
  • To protect your systems, you need to know what is affected.
  • See also some Frequently Asked Questions (FAQ) and answers for more details.
  • The information in this blog was last updated on 25 January 2022 at 8:25pm ET.

You can’t protect what you don’t know about

While much has been written about the issue, why it’s bad and how to fix it, this blog post is going to quickly touch on the last bullet point which is knowing what technologies and components make up your attack surface and quickly understanding if (and how badly) you’re affected.

Right now the race is on between threat actors actively attempting to exploit affected systems and cybersecurity experts trying to assess their attack surface for systems to fix. Large companies will have hundreds or thousands of web applications and hundreds of thousands or millions of assets that are internet-facing. If those systems are running Java based software then they are likely vulnerable to attack. Do you know where your assets are?

Like COVID, this vulnerability isn’t likely to go away anytime soon. Right now it’s a pandemic-level event with rapid spread.

Eventually systems will be “inoculated” against the exploit but, there is going to be a long tail on this while security teams catch all of the many services, platforms, and applications running Java that are vulnerable. 

The easiest and fastest way to identify all of those targets is to use tools that mimic the discovery tactics that threat actors are using. In this case, attack surface management platforms can give affected organizations an edge and free up valuable (and soon to be overworked) personnel trying to respond to this cyber tsunami by automating the discovery and testing process. 

From our CEO and offensive security expert, Rob Gurzeev: “Every few months, sometimes years, another critical and widespread vulnerability is discovered. The reason it takes some organizations months and sometimes years to close security gaps (even those as notorious as Heartbleed, and likely this one) is because finding every machine and application that is vulnerable across large attack surfaces is a time-consuming and tedious manual challenge. A couple of years ago, we found a Heartbleed vulnerability in the authentication server in the Defense and Space department of a Fortune 500 company. And we found it years after the vulnerability was discovered. I suspect it will take months and years for some organizations to find all of their log4j2 vulnerabilities.” 

The longer-tail part of this “Log4Shell” pandemic/endemic is going to be the reckoning that software developers, software vendors and large enterprises that build their own apps will face in trying to patch their own software packages in a way that doesn’t render logging incomplete or break applications.

Recommendations and immediate next steps

There is no “one size fits all” solution to this issue yet, so at CyCognito we built a Log4j testing module that will actively test whether any software built or deployed by your company is affected.

Our security research and analyst teams recommend a few immediate actions:

  • CURE: Patch the Log4j versions that you know about, and patch software which uses Log4j as patches are available
  • VACCINE: Inoculate any log4j applications (use caution and read the details; this also requires a restart)
  • TEST: Test suspected assets for the vulnerability, including custom-built apps
  • TRACE: Investigate your external attack surface (with an EASM platform like CyCognito) to understand if and where you are using specifically vulnerable software. 
  • QUARANTINE: If you find a vulnerable system that can’t be patched or vaccinated consider taking them offline or putting them behind a firewall and keep monitoring them for signs of compromise.

How CyCognito customers are tracing their vulnerable machines

We’ve made it quick and easy for customers of our platform to identify assets that may be vulnerable to Log4Shell (or any new vulnerability). For Log4Shell, specifically, we’ve created a new Log4j Advisory Dashboard that showcases potentially vulnerable assets.

To manually search your inventory of external assets in the CyCognito platform, follow these steps:

  1. Log into the CyCognito Platform.
  2. Choose the Assets tab.
  3. Select IP Addresses.
  4. Paste this query into the search box (updated 22 Dec 21 4:15pm ET):
    service contains_any {logstash, flink, druid, struts, solr, atlassian, jboss, vmware, metabase, cisco:sd-wan_vmanage, cisco:identity_services_engine, cisco:unified_communications_manager, ibm:curam_social_program_management, sysaid, coldfusion, spark, epolicy_orchestrator, tapestry, oracle:e-business_suite, kaseya:virtual_system_administrator, manageengine:adaudit_plus, graylog, ibm:websphere_portal, couchbase:couchbase_server, forcepoint:email_security, github_enterprise, netiq:access_manager, linoma:goanywhere_mft, graylog}
  5. Press ENTER.

Be prepared for the next Log4Shell (or Heartbleed or Solarwinds or…)

The best way to address this vulnerability (and any future hair-on-fire vulnerability exploit) is to have access to a comprehensive internet-facing asset inventory, along with the ability to quickly test your internet-exposed assets for exploitability of both existing and new vulnerabilities.

This visibility will relieve the stress during the impact analysis phase of response. It will allow your teams to quickly get into patch-or-mitigate mode.

Using an external attack surface management platform which can perform automated tests on assets to validate both the vulnerability and the fix will allow internet security teams to quickly and confidently address the issues and resume business as usual.


Topics





Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.