CIO Influence
CIO Influence News Security

Syxsense Releases Steps for Businesses to Protect Themselves Against the Log4j Vulnerability

Syxsense Releases Steps for Businesses to Protect Themselves Against the Log4j Vulnerability
A vulnerability in Log4j, a very popular Java-based logging tool, has been weaponized. The threat is impacting millions.

Syxsense, a global leader in IT and endpoint security management, announced the ability to scan for Log4j using Syxsense Secure, identifying endpoints that are exposed to this new vulnerability.

“Although a number of popular IT management and security tools are vulnerable, Syxsense is pleased to confirm that it does NOT use Log4j,” commented Ashley Leonard, CEO of Syxsense. “It imperative that IT departments respond quickly to this new threat by scanning their environment and identifying exposed endpoints.”

A vulnerability in Log4j which is a very popular Java-based logging tool has been weaponized. All versions of Log4j prior to 2.14.1 are vulnerable, this does not just impact the stand-alone installer. Any application which uses Log4j for log file management or LDAP queries could also be vulnerable, unfortunately where this is the case, the vendor must provide updates for those 3rd party updates.Prediction Series Banner

Top iTechnology IT and DevOps News: Teleport Announces Latest Version of Teleport Access Plane

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

What makes this extra serious, is that the Scope (also known as a Jump Point) is Changed – meaning that exploitation of this vulnerability could allow the attacked to affect resources beyond the security scope managed by the security authority of the vulnerable component.

CVE-2021-44228 – CVSS Score: 10
Syxsense Risk Alert

  • Attack Vector: Any Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Yes

As always, we recommend full testing be performed prior to live deployment to your device. These are now available within Syxsense.

If a business is uncertain of the prevalence of Log4j in their environment, or worried about the presence of Log4j in their scanning tools, be assured that Syxsense Secure does not use the logging tool with the vulnerability in it. Businesses can download the Syxsense scanning tool and use it to run free scans of all the hard drives in their environment for 14 days at n******. Syxsense is also waiving the 100-device limit of our f********* for a l*********** to ensure businesses can run a complete diagnostic scan in their environment.

Top iTechnology Networking News: Cloud4C Expands Its Managed Cloud Services with Highly Secure SD-WAN Solution

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Sectigo Releases Accessible and Cost-Effective Secure Key Storage Solution for IoT Devices to Support Strong

Fastweb Completes Modernization Project with Amdocs to Deliver Enhanced 5G and Cloud Services for its Customers

NTT DATA Empowers Insurance Clients with Duck Creek Partnership

Leave a Comment