Discovered on December 9, 2021 by Minecraft players, the Apache Log4Shell vulnerability enables bad actors using text-based chats to gain ACE access to your system, plant malware, and download anything internet accessible from the compromised host. Security experts predict that this vulnerability will “haunt the internet for years” because it’s incredibly difficult to ensure that all infected devices are remediated.
To truly protect your organization from Log4Shell, you need to know with mathematical certainty every device that could have communicated with an infected host. Which is to say, you need
to know how your exposure has changed over time. For most agencies, it’s an arduous and time-consuming task to determine which devices are currently within the blast radius, and it would be impossible to construct an inventory of potential exposure over time.