Resources and expertise to evaluate and remediate your enterprise's attack surface from Log4j vulnerabilities.
Enterprises across the globe are currently impacted by one of the largest security vulnerabilities of our era. With full stack expertise required to identify and understand the scope of their exposure, and complex remediation tasks required to minimize risk, the companies that move slowest will find themselves easy targets for data exposure.
CDW is at the forefront of enterprise security. With security experts across network, datacenter, and cloud, we can assess and remediate your risk. Whether in-house developed applications, or commercial solutions, we can accurately evaluate your Log4j exposure.
Anyone selling security without remediation is just capitalizing on current market need. We can secure your environment by:
- Patching commercial solutions
- Refactoring or modernizing in-house applications
- Implement CI/CD DevSecOps security scanning to ensure new workloads are deployed securely
Get an assessment of your internal and external risks, and a proactive remediation plan that you team can execute on. Need help? We have trained professionals ready to assist.
US Cybersecurity & Infrastructure (CISA) Advisory
https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Talos Threat Advisory
https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
Impacted Tech Vendors
NPR Coverage, Deep Industry Challenges
Wired Coverage, Hundreds of millions of devices affected
https://www.wired.com/story/log4j-log4shell/
ARSTechnica, Zero-day ubiquitous; grave thread to the Internet
Catastrophic Log4j Security Fail Threatens Enterprise Systems & Web Apps Worldwide
https://www.searchenginejournal.com/log4j-security-fail/429821/
Apache Disclosure
https://logging.apache.org/log4j/2.x/
NIST CVE
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
MITRE CVE (And Impacted Commercial Products)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228
LunaSec CVE Research
https://www.lunasec.io/docs/blog/log4j-zero-day/
Cisco Incident Response Statement
https://tools.cisco.com/security/center/resources/prod_svc_info_log4j.html
DataBricks Evaluation & Assessment
Microsoft Research & Exploit Remediation Evaluation
VMWare Investigation
https://blogs.vmware.com/security/2021/12/investigating-cve-2021-44228-log4shell-vulnerability.html
ZScaler Response Statement
Grep Logs for Active Exploitation
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Log4Shell Source Code Evaluation
https://github.com/lunasec-io/lunasec/releases/tag/v1.0.0-log4shell
Log4j Exploitation Detection Details
https://bishopfox.com/blog/log4j-zero-day-cve-2021-44228
Log4j External Passive Detection
https://github.com/fullhunt/log4j-scan
Log4j Remote Code Execution Test
https://github.com/whwlsfb/Log4j2Scan
Logout4Shell - Log4j “Vaccination”
https://github.com/Cybereason/Logout4Shell
Log4Shell Vulnerable App Simulator