What is Log4J1?
On the 9th of December a highly exploitable vulnerability was revealed in Apache Log4J, an often-used system in web applications, web servers and other applications based on Java. There is a remote code exploit in the wild for the vulnerability and any organisation that may be using Log4J should be focused on identifying their assets, threat hunting for exploitation, and hardening their systems as a priority.
How can Kontex help?
In order to cut through the noise, Kontex is offering a 2-step assessment to support organisations to help to identify if they are vulnerable and if so, have they already been compromised.
Our approach starts with an external vulnerability scan of your web facing applications and your IP ranges. We will search for the specific indicators of vulnerabilities leveraged by the CVE-2021-44228 exploit and risk assess / prioritise based on the type of application and if compensating controls such as Web Application Firewalls are utilised.
The second phase of our assessment is to test if you have already been compromised. We will analyse your log repositories (SIEM, Data Lake etc.) to see if there have been recent connections to your systems from known bad actors. Our threat hunting team will leverage industry leading intelligence to search out indicators of compromise and will provide you with the expertise to prevent further compromise.
Kontex has the skilled people, the proven processes, and the market leading technology to protect your organisation.