Mitigate Log4j vulnerabilities now

Get RedShield's Log4j web application shields deployed to protect your applications in 24 hours.

RedShield can shield you from Log4j exploits in 24 hours*

A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.

The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.

CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.

Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.

RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.

As attack signatures continue to evolve, we are analyzing and simulating attacks we have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of our managed service provides ongoing assurance that customers’ shielded applications are measurably secure.

If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.

_{*Subject to availability of standard and emergency deployment options and costs.}

RedShield's defensive strategy against Log4j exploits

Proprietary Log4j Web Application Shields that escape user input for vulnerable applications
Proprietary Log4j WAF bypass signatures
Threat containment measures such as RedShield dynamic attacker banning

Get urgently shielded from Log4j exploits in four steps

Perimeter assessment

RedShield's free perimeter assessment will discover all web applications running Java.
Confirm applications

RedShield will then provide a list of applications which may require shielding. Confirm the list of applications within scope.
Lock down traffic to RedShield

Implement DNS changes as instructed by RedShield to migrate traffic flows onto the platform and mitigate Log4j vulnerabilities.
Your applications shielded from Log4j exploits

Get all of the benefits of our managed application security service. We will develop, test, and deploy new defenses as attack methods using this vulnerability evolve – ensuring your applications are measurably secure.

With your applications protected, you can get on with business.

Vulnerabilities are a problem

Security vulnerabilities in your applications are a significant risk to your organization. They can be exploited by third parties to steal sensitive information, damaging your reputation and potentially resulting in large fines.
The problem isn't going away

Fixing vulnerabilities is time-consuming and expensive, and as a result, often gets delayed, deprioritized, or even ignored - leaving you unnecessarily exposed and unable to get on with business.
RedShield solves the problem

Shields remediate your applications' vulnerabilities at speed and scale, meaning your security and development teams can focus on revenue-generating work.