Mitigate Log4j vulnerabilities now

Get RedShield's Log4j web application shields deployed to protect your applications in under 24 hours.
Talk to us

RedShield can shield you from Log4j exploits in 24 hours*

A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.

The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.

CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.

Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.

RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.

As attack signatures continue to evolve, we are analyzing and simulating attacks we have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of our managed service provides ongoing assurance that customers’ shielded applications are measurably secure.

If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.

*Subject to availability of standard and emergency deployment options and costs.

Talk to us

RedShield's defensive strategy against Log4j exploits

  • Proprietary Log4j Web Application Shields that escape user input for vulnerable applications
  • Proprietary Log4j WAF bypass signatures
  • Threat containment measures such as RedShield dynamic attacker banning

Get urgently shielded from Log4j exploits in four steps

  • Perimeter assessment

    RedShield's free perimeter assessment will discover all web applications running Java.

  • Confirm applications

    RedShield will then provide a list of applications which may require shielding. Confirm the list of applications within scope.
  • Lock down traffic to RedShield

    Implement DNS changes as instructed by RedShield to migrate traffic flows onto the platform and mitigate Log4j vulnerabilities.
  • Your applications shielded from Log4j exploits

    Get all of the benefits of our managed application security service. We will develop, test, and deploy new defenses as attack methods using this vulnerability evolve – ensuring your applications are measurably secure.

RedShield can shield you in 24 hours

If you have other applications using Java, we can build and apply Log4j shields for new customers within 24 hours. New customers can opt to have solely these shields for Log4j and emergency deployment slots will be filled on a “first in first served” basis.

Contact support@redshield.co to discuss emergency deployment. Solutions Architects will be available for consultation around your specific environment.

Mitigate Log4j vulnerabilities in under 24 hours

RedShield's web application security experts will defend your apps from Log4j exploits.

Learn more
or
Talk to us