skip to Main Content


In late November 2021, Alibaba’s Cloud Security Team reported the vulnerability to Apache. On December 9th, 2021, a publicly-available POC (proof-of-concept) was released on GitHub. Log4j2 versions between 2.0 and 2.14.1 are impacted by CVE-2021-44228, also known as Log4Shell.

Valtix customers with virtual patching enabled mitigate exploitation by auto-updating to Log4j2 version 2.15.0. Valtix customers with automatic updates for IDS/IPS rules and who have IDS/IPS in prevent mode, mitigate exploitation of CVE-2021-44228. Valtix’s built-in visibility allows for customers to quickly review all logs for related Log4Shell exploitation.


Whether you are a Valtix customer or not, we are here to assist you with any cloud security questions or solutions, including:

  • 90 Days of Valtix Enterprise (Without Limits) For Mitigation of Any Log4J Exploit Attempts
  • 2 Hours Security and Cloud Architecture Consultation from Our Solutions Team Specialists

        Get Started And Sign Up For Our Free Tier Program >>    
 Have Questions? Contact Us For More information LOG4J >> 

Steps to Virtual Patch LOG4J on AWS, AZURE, GCP, OCI


Virtual patching is a proactive security process that incrementally reduces exposure through the application of an Intrusion Prevention (IPS) and WAF policy.

Valtix published updates from Talos and Trustwave rulesets to the Valtix Controller that contain the ability to detect and protect against the vulnerability.  The ruleset update for each is listed as follows:

Talos (IDS/IPS):  2.9.11-[December 12, 2021] / 2.9.11-12122021
Trustwave (WAF):  3.0.2-[December 12, 2021] / 3.0.2-12122021

These updates apply to IDS/IPS Profiles (Talos) and WAF Profiles (Trustwave).  Each have benefits for protecting against the vulnerability for various use-cases (Ingress, Egress and East/West).



Profiles that are configured to update Automatically will see the updates applied based on the delay configured in the Profile (immediate or delayed by N days).  The Profiles that are configured to update Manually will need to be updated by a user with appropriate permissions to do so.  It is strongly recommended to configure your Profiles for Automatic updates and to receive these updates immediately after publish date.

Valtix provides a full web application firewall with full auto updating ruleset. This will also identity the GEO IPs of any source traffic and correlate them with known malicious IPs.

A) Step-by-step IPS Instructions

B) Apply an Auto-updating ruleset WAF Profile

Step 2: Apply Egress Filtering (FQDN / URL Filtering)

Welcome to Valtix

Our product tour will show how quickly you can deploy robust cloud security.

Back To Top