Determining Log4J's Impact and Monitoring for Active Exploits

Presented by

Sanjay Raja, VP Product Marketing and Solutions

About this talk

In early January the US FTC indicated they would significantly fine organizations that do not take steps to remediate the Log4J vulnerability. The problem is Log4J is included broadly in several products, applications, and systems, but the way it is embedded into software makes it difficult to detect whether it is present, can be exploited or is actively being exploited. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The vulnerability takes advantage of Log4j's capability to allow requests to arbitrary LDAP and JNDI servers, allowing attackers to execute arbitrary code on a compromised machine. Our research team has broken down how Log4j works, but more importantly what you can do today to detect the vulnerabilities embedded in various systems, and whether they are actually being exploited in order to immediately begin remediation efforts. In the webinar we will cover: - A brief explanation of the Log4j vulnerability (how does it work, who/what is affected) - How to determine whether it is in your environment? - What actions you can take to protect your organization?
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (85)
Subscribers (6747)
Gurucul is transforming enterprise security with user behavior based machine learning and predictive analytics. Using identity to monitor for threats, Gurucul provides Actionable Risk Intelligence™ to protect against targeted and under-the-radar attacks. Gurucul is able to proactively detect, prevent, and deter advanced insider threats, fraud and external threats to system accounts and devices using self-learning, behavioral anomaly detection algorithms. Gurucul is backed by an advisory board comprised of Fortune 500 CISOs, and world renowned-experts in government intelligence and cyber security. The company was founded by seasoned entrepreneurs with a proven track record of introducing industry changing enterprise security solutions. Our mission is to help organizations protect their intellectual property, regulated information, and brand reputation from insider threats and sophisticated external intrusions.