The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Research

Set Up Your Log4J Response Plan

Jim-Wachhaus
By Jim Wachhaus
Director of Technical Product Marketing
December 17, 2021

There is no “one size fits all” solution to the Apache Log4j issues yet, so at CyCognito we have implemented two CyCognito testing modules (one passive, one active). We have also performed an internal assessment on our exposure to these vulnerabilities in order to protect our customers’ data. 

Based on our experience responding to these issues, advice from expert CISOs, and our community of customers, here are some steps for a simplified response plan you can use today and for future outbreaks. For a much more detailed response we recommend the CISA Apache Log4j Vulnerability Guidance.

Our security research and analyst teams recommend performing the following immediately:

  • SELF-ASSESSMENT: If you are a software or technology services vendor your first priority should be ensuring your customers’ data is secure.
    • Investigate your Bill of Materials (BOM) in any software you provide.
    • Check with your third party partners that they are not affected in a way that affects your software or service.
    • Monitor all logsservices, and traces acting as if an incident did occur until you can be confident one did not.
  • TRACE: Investigate your external attack surface first (with an external attack surface management platform like CyCognito) and internal attack surface second to understand if and where you are using specifically vulnerable software. Here’s a list of software we know about so far.
  • PRIORITIZE: Start with the assets in your external attack surface that are vulnerable. An exploit to these vulnerable hosts can provide the initial access to a much wider breach and subsequent cleanup.
  • CURE: Patch the Log4j versions that you know about in your external attack surface, and patch software which uses Log4j as patches are available in your internal attack surface.
  • VACCINATE: Inoculate any log4j applications (use caution and read the details; this also requires a restart)
  • TEST: Do ongoing and continuous testing of suspected assets for the vulnerability, including custom-built apps. Plan for this process to continue for years as this vulnerability is in a ubiquitous open source technology. New exploits will be disclosed and old images may be brought online.
  • QUARANTINE: If you find systems that can’t be patched or vaccinated consider taking them offline or putting them behind a firewall and continue monitoring affected assets for signs of compromise.
  • MASK: Another way to protect systems that can’t be patched or vaccinated is to use compensating controls like web application firewalls (WAF) and eXtended Detection and Response (XDR) that “virtually patch” vulnerable hosts until other mitigations can be implemented.
  • COMMUNICATE – Risk teams need to be aware of current status; business and technical risk managers need up-to-date information on remediation plans and progress. Think about what to communicate to the CISO, Chief Risk Officer and business VP’s responsible for profit and loss. Daily email briefings can reduce the need for redundant one on one discussions.
    • PEOPLE: Keep in mind that while this looks like a technology crisis it’s also a people problem. Make sure your people are informed about what to do, who to communicate with, and that they are expected and encouraged to take breaks, especially with the holidays approaching. Gratitude and appreciation for their efforts will go a long way!
  • DISCLOSURE: Whether affected or not, your management team may need to do something in this regard if you are a provider of software or services.
    • If you are affected, disclose to your customers and your partners in a rapid and public fashion so they can take precautions.  
    • If you are not affected, communicate your status and steps taken to ensure you were not affected.
  • ASSUME BREACH: Log4j is an evolving situation and we do not yet understand all of the Tactics, Techniques and Procedures being used as we speak. Perform impact mitigating measures such as the following:
    • Rotate security resources on affected systems, such as passwords, certificates, and tokens. 
    • Flag affected security resources listed above as potential Indicators of Compromise (IOCs), particularly with regards to North-South network flows.
    • Continue to update SIEM solutions with evolving IOCs and run against historic logs  
    • Power cycle or redeploy affected resources to clear working memory without regard to initial investigation conclusions

If you’d like to connect with a CyCognito representative to see how we can help, please contact us.


Topics





Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.