Blog

How to instantly secure log4j

The log4j vulnerability was announced on December 10, 2021 and ranks as one of the worst in history. How to secure log4j? The best resolution is to upgrade to a safe version. However, sometimes that is not possible, or at least it takes time. In these scenarios, run-time protection for log4j, or other vulnerabilities can be a lifesaver.

In organization that have hundreds or thousands of applications it can take days, or even weeks of all out effort to upgrade these applications. Or it could be that the vulnerable applications are supplied by a vendor and the vendor does not have a fix immediately available. Run-time protection can be applied with a few clicks of a mouse, the video below walks you through how that works:

How to protect log4j instantly at run-time with Julius Musseau and Delan Elliott

In this video, Julius Musseau and Delan Elliott show how:

  • How access to a vulnerable library can be controlled
  • Either for the full library or surgically for just the method(s) that is at the root of the vulnerability.
  • This enables the organization to respond instantly to new vulnerabilities.
  • It applies to vulnerabilities such as CVE-2021-44228, and CVE-2021-45046
  • But can be applied to any Java based vulnerability.

If you are looking to secure log4j, or other libraries, contact us, or try out MergeBase for free.

Discover More from MergeBase

Open Source Protection

Stay on top of the real risk of open source at any time.

Avoid false positives and get sophisticated upgrade guidance based on risk, compatibility and popularity.

More on Continuous Protection

Add RunTime Protection

Detect and defend against known-vulnerabilities at runtime. The only SCA to do so.

The quickest way to respond to an imminent threat like log4j with CVE-2021-44228.

More on Run-time Protection

Shift Left Now

CodeGreen is an early-warning defence for your in-house development and integrates directly into GitHub and BitBucket

More on BitBucket and Github apps