The log4j vulnerability was announced on December 10, 2021, and ranks as one of the worst in history. How to secure log4j? The best resolution is to upgrade to a secure version. However, sometimes that is not possible, or at least it takes time. In these scenarios, run-time protection for log4j, or other vulnerabilities can be a lifesaver.
In organization that have hundreds or thousands of applications it can take days, or even weeks of all-out effort to upgrade these applications. Or it could be that the vulnerable applications are supplied by a vendor and the vendor does not have a fix immediately available. Run-time protection can be applied with a few clicks of a mouse, the video below walks you through how that works:
In this video, Julius Musseau and Delan Elliott show how:
- How access to a vulnerable library can be controlled
- Either for the full library or surgically for just the method(s) that is at the root of the vulnerability.
- This enables the organization to respond instantly to new vulnerabilities.
- It applies to vulnerabilities such as CVE-2021-44228, and CVE-2021-45046
- But can be applied to any Java based vulnerability.