SEE DEMO

December 16, 2021

Log4Shell – Do you know what you don’t know?

by Chiara Regale

Is it just me or is the announcement of a significant CVE becoming a holiday tradition? Discovered on December 9, 2021 by Minecraft players, the Apache Log4Shell vulnerability is uniquely insidious because it infects servers which are traditionally well insulated from attacks, perceived as unreachable by intruders, and not at risk for CVEs. Log4Shell is an entirely different can of worms that proves this assumption wrong.


Using simple text-based chats, Log4Shell essentially gives bad actors the keys to your kingdom by enabling them to download anything web accessible and gain ACE (arbitrary code execution) privileges. At that point, Java reads the log entry as a command and executes it, empowering bad actors to download anything that is network accessible from the infected host.


You’ve probably updated your software and even investigated the vendors you think may have been vulnerable. That means that your network is safe today, but how do you know what was previously at risk? Without historical snapshots and diffing capabilities, you don’t. And that means you may actually still be exposed.

Identify Log4Shell Exposure In Seconds 

READ THE FORWARD USE CASE


Forward Networks customers are not guessing – they are using Forward Enterprise to verify if all hosts, including the ones potentially breached, can communicate with the Internet. Consequently, those hosts that are Internet accessible are the ones that need to be immediately looked at and remediated. Using the blast radius feature, Forward customers can determine in seconds where in the infrastructure compromised end-hosts can and could have reached. Additionally, the network snapshots collected over time provide the necessary data to identify all devices that may have been previously infected or communicated with an infected host.


Forward Networks does not use Log4j in our shipping software (including past versions). If you are a Forward Networks customer and have additional questions, please contact your Customer Support Architect or email support@forwardnetworks.com.

Subscribe to our blog!

RELATED FORWARD CONTENT 
September 20, 2022
When is a Digital Twin Entertaining?

When it’s ensuring that tens of thousands of visitors have the best experience possible every single day. Keeping people entertained is a 24/7 endeavor, even the smallest hiccup results in a social media firestorm. Keeping things running requires thousands of dedicated employees and a staggeringly complex network that sprawls the area of a major city […]

Read More
September 8, 2022
Bring a Healthy Dose of Skepticism ….. Please

We are asked to purchase something 4,000 times every day; that’s roughly once every 13 seconds during our waking hours. These “requests to purchase'' often come in the form of marketing messages that test the bounds of credibility. In the software industry, most of us have trained ourselves to question vendor promises vociferously. And vendors […]

Read More
August 8, 2022
Fortune and Great Place to Work® Name Forward Networks One of the 2022 Best Small Workplaces™, Ranking #20 Nationally

SANTA CLARA, Calif., Aug. 8, 2022 /PRNewswire/ -- Great Place to Work® and Fortune magazine have honored Forward Networks as one of the 2022 Best Small Workplaces. This is Forward Networks' first time being named to this prestigious list, this year coming in at 20th place nationally. Earning a spot means that Forward Networks is […]

Read More

Sign up for our newsletter

crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram