RedShield has developed shields to mitigate the Log4j vulnerability (CVE-2021-44228). Get Log4j shields now.

Mitigate Log4j vulnerabilities now

Get RedShield's Log4j web application shields deployed to protect your applications in 24 hours.

Get Log4j Shields
Free Log4j Perimeter Assessment

RedShield can shield you from Log4j exploits in 24 hours*

A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.

The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.

CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.

Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.

RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.

As attack signatures continue to evolve, we are analyzing and simulating attacks we have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of our managed service provides ongoing assurance that customers’ shielded applications are measurably secure.

If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.

*Subject to availability of standard and emergency deployment options and costs.

Talk to us

RedShield's defensive strategy against Log4j exploits

  • Proprietary Log4j Web Application Shields that escape user input for vulnerable applications
  • Proprietary Log4j WAF bypass signatures
  • Threat containment measures such as RedShield dynamic attacker banning

Get urgently shielded from Log4j exploits in four steps

  • Perimeter assessment

    RedShield's free perimeter assessment will discover all web applications running Java.

  • Confirm applications

    RedShield will then provide a list of applications which may require shielding. Confirm the list of applications within scope.

  • Lock down traffic to RedShield

    Implement DNS changes as instructed by RedShield to migrate traffic flows onto the platform and mitigate Log4j vulnerabilities.

  • Your applications shielded from Log4j exploits

    Get all of the benefits of our managed application security service. We will develop, test, and deploy new defenses as attack methods using this vulnerability evolve – ensuring your applications are measurably secure.

With your applications protected, you can get on with business.

test
test
test
  • Vulnerabilities are a problem

    Security vulnerabilities in your applications are a significant risk to your organization. They can be exploited by third parties to steal sensitive information, damaging your reputation and potentially resulting in large fines.
  • The problem isn't going away

    Fixing vulnerabilities is time-consuming and expensive, and as a result, often gets delayed, deprioritized, or even ignored - leaving you unnecessarily exposed and unable to get on with business.
  • RedShield solves the problem

    Shields remediate your applications' vulnerabilities at speed and scale, meaning your security and development teams can focus on revenue-generating work.

Average monthly attacks mitigated by shields

0

Standard shields

0

Advanced shields

RedShield provides multiple benefits for security leaders, developers and analysts alike

For CISOs

From the ‘head of red tape’ to company rockstar — learn how RedShield transforms the role of the CISO.

For developers

Ship secure software faster with our web application and API security solution that supports application developers.

Our global partners

“The journey with RedShield has been excellent. Everyone we’ve engaged with is very knowledgeable, and they are extremely responsive. It’s what we needed to help navigate the ever-changing digital landscape”

Patrick Wake, Head of Information Security at FDM Group

"Don't put anything important on the internet, unless it is behind RedShield."

Daniel Bowden, CISO, Sentara Healthcare

“Thanks to RedShield, we’ve significantly improved the overall security, attack prevention, traffic management and remediation capabilities of our cloud-based workforce management solutions – without hiring a single security operations person.”

Ian Hogg, CEO, ShopWorks

See how we can shield your web applications and APIs

Get your free trial or talk to one of our experts.

Free trial
or
Talk to us