LOG4J SUPPORT AND VIRTUAL PATCHING
In late November 2021, Alibaba’s Cloud Security Team reported the vulnerability to Apache. On December 9th, 2021, a publicly-available POC (proof-of-concept) was released on GitHub. Log4j2 versions between 2.0 and 2.14.1 are impacted by CVE-2021-44228, also known as Log4Shell.
Valtix customers with virtual patching enabled mitigate exploitation by auto-updating to Log4j2 version 2.15.0. Valtix customers with automatic updates for IDS/IPS rules and who have IDS/IPS in prevent mode, mitigate exploitation of CVE-2021-44228. Valtix’s built-in visibility allows for customers to quickly review all logs for related Log4Shell exploitation.
VALTIX MULTICLOUD RESPONSE PROGRAM
Whether you are a Valtix customer or not, we are here to assist you with any cloud security questions or solutions, including:
- 90 Days of Valtix Enterprise (Without Limits) For Mitigation of Any Log4J Exploit Attempts
- 2 Hours Security and Cloud Architecture Consultation from Our Solutions Team Specialists
Get Started And Sign Up For Our Free Tier Program >>
Have Questions? Contact Us For More information LOG4J >>
Steps to Virtual Patch LOG4J on AWS, AZURE, GCP, OCI
STEP 1: VIRTUAL PATCH INCLUDING WAF AND IPS
Virtual patching is a proactive security process that incrementally reduces exposure through the application of an Intrusion Prevention (IPS) and WAF policy.
Valtix published updates from Talos and Trustwave rulesets to the Valtix Controller that contain the ability to detect and protect against the vulnerability. The ruleset update for each is listed as follows:
Talos (IDS/IPS): 2.9.11-[December 12, 2021] / 2.9.11-12122021
Trustwave (WAF): 3.0.2-[December 12, 2021] / 3.0.2-12122021
These updates apply to IDS/IPS Profiles (Talos) and WAF Profiles (Trustwave). Each have benefits for protecting against the vulnerability for various use-cases (Ingress, Egress and East/West).
Profiles that are configured to update Automatically will see the updates applied based on the delay configured in the Profile (immediate or delayed by N days). The Profiles that are configured to update Manually will need to be updated by a user with appropriate permissions to do so. It is strongly recommended to configure your Profiles for Automatic updates and to receive these updates immediately after publish date.
Valtix provides a full web application firewall with full auto updating ruleset. This will also identity the GEO IPs of any source traffic and correlate them with known malicious IPs.
A) Step-by-step IPS Instructions
B) Apply an Auto-updating ruleset WAF Profile
Step 2: Apply Egress Filtering (FQDN / URL Filtering)
Additional Resources
- How to Virtual Patch LOG4J in AWS, AZURE, GCP, and OCI >>
- Log4Shell Observations: Why Protecting Workloads with Native, Layered Defense Is Essential >>
- Log4Shell: Security Vendors Must Move Faster to Provide Updates >>
- Log4Shell Observations: Threat Actors Weaponize Log4j, New CVEs, Relentless Scanning, Make an Already Bad Situation Worse >>
- How to Detect and Respond to Log4Shell Exploits in AWS, Azure, GCP and OCI >>
Welcome to Valtix
Our product tour will show how quickly you can deploy robust cloud security.