RedShield can shield you from Log4j exploits in 24 hours*
A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.
The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.
CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.
Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.
RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.
As attack signatures continue to evolve, we are analyzing and simulating attacks we have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of our managed service provides ongoing assurance that customers’ shielded applications are measurably secure.
If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.
*Subject to availability of standard and emergency deployment options and costs.
RedShield's defensive strategy against Log4j exploits
- Proprietary Log4j Web Application Shields that escape user input for vulnerable applications
- Proprietary Log4j WAF bypass signatures
- Threat containment measures such as RedShield dynamic attacker banning
Get urgently shielded from Log4j exploits in four steps
RedShield's free perimeter assessment will discover all web applications running Java.
RedShield will then provide a list of applications which may require shielding. Confirm the list of applications within scope.
Lock down traffic to RedShield
Implement DNS changes as instructed by RedShield to migrate traffic flows onto the platform and mitigate Log4j vulnerabilities.
Your applications shielded from Log4j exploits
Get all of the benefits of our managed application security service. We will develop, test, and deploy new defenses as attack methods using this vulnerability evolve – ensuring your applications are measurably secure.
With your applications protected, you can get on with business.
Vulnerabilities are a problemSecurity vulnerabilities in your applications are a significant risk to your organization. They can be exploited by third parties to steal sensitive information, damaging your reputation and potentially resulting in large fines.
The problem isn't going awayFixing vulnerabilities is time-consuming and expensive, and as a result, often gets delayed, deprioritized, or even ignored - leaving you unnecessarily exposed and unable to get on with business.
RedShield solves the problemShields remediate your applications' vulnerabilities at speed and scale, meaning your security and development teams can focus on revenue-generating work.
Average monthly attacks mitigated by shields
RedShield provides multiple benefits for security leaders, developers and analysts alike
Our global partners
“The journey with RedShield has been excellent. Everyone we’ve engaged with is very knowledgeable, and they are extremely responsive. It’s what we needed to help navigate the ever-changing digital landscape”
Patrick Wake, Head of Information Security at FDM Group
"Don't put anything important on the internet, unless it is behind RedShield."
Daniel Bowden, CISO, Sentara Healthcare
“Thanks to RedShield, we’ve significantly improved the overall security, attack prevention, traffic management and remediation capabilities of our cloud-based workforce management solutions – without hiring a single security operations person.”
Ian Hogg, CEO, ShopWorks