The log4j vulnerability was announced on December 10, 2021, and ranks as one of the worst in history. How to secure log4j? The best resolution is to upgrade to a secure version. However, sometimes that is not possible, or at least it takes time. In these scenarios, runtime protection for log4j or other vulnerabilities can be a lifesaver.
In organizations that have hundreds or thousands of applications, it can take days or even weeks of an all-out effort to upgrade these applications. Or it could be that the vulnerable applications are supplied by a vendor, and the vendor does not have a fix immediately available. The runtime protection can be applied with a few clicks of a mouse and save you a lot of time. This video below walks you through how that works.
How to secure log4j instantly at runtime?
In this video, Julius Musseau and Delan Elliott show how:
- How to access a vulnerable library can be controlled
- Either for the full library or surgically for just the method(s) that is at the root of the vulnerability.
- This enables the organization to respond instantly to new vulnerabilities.
- It applies to vulnerabilities such as CVE-2021-44228, and CVE-2021-45046
- But can be applied to any Java-based vulnerability.