RedShield can shield you from Log4j exploits in 24 hours*
A zero-day exploit of Apache Log4j 2 ('Log4Shell', CVE-2021-44228) was disclosed on 9 December 2021.
The high severity RCE vulnerability in the Java Log4j logging library allows an attacker to execute arbitrary code by getting a malicious string logged by a vulnerable Java application.
CISA, the NCSC, and other industry bodies have observed mass exploitation of this vulnerability. Attacks started before a Log4j patch was released.
Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, there are widespread reports of WAF Log4j signatures being bypassed.
RedShield developed and tested Web Application Shields – software objects that 'shield' vulnerabilities without touching source code – and rolled out shields to all customers within 24 hours.
As attack signatures continue to evolve, we are analyzing and simulating attacks we have seen in the wild to continually test shielding effectiveness and develop new shields as needed. This crucial part of our managed service provides ongoing assurance that customers’ shielded applications are measurably secure.
If you don't have access to the source code, shield it. If your third-party vendor can't patch, shield it. If patching vulnerable Java applications within your environment will take weeks, shield it. Shielding buys you time to remediate – without the risk.
*Subject to availability of standard and emergency deployment options and costs.
RedShield's defensive strategy against Log4j exploits
- Proprietary Log4j Web Application Shields that escape user input for vulnerable applications
- Proprietary Log4j WAF bypass signatures
- Threat containment measures such as RedShield dynamic attacker banning
Get urgently shielded from Log4j exploits in four steps
RedShield's free perimeter assessment will discover all web applications running Java.
Confirm applicationsRedShield will then provide a list of applications which may require shielding. Confirm the list of applications within scope.
Lock down traffic to RedShieldImplement DNS changes as instructed by RedShield to migrate traffic flows onto the platform and mitigate Log4j vulnerabilities.
Your applications shielded from Log4j exploitsGet all of the benefits of our managed application security service. We will develop, test, and deploy new defenses as attack methods using this vulnerability evolve – ensuring your applications are measurably secure.
RedShield can shield you in 24 hours
If you have other applications using Java, we can build and apply Log4j shields for new customers within 24 hours. New customers can opt to have solely these shields for Log4j and emergency deployment slots will be filled on a “first in first served” basis.
Contact email@example.com to discuss emergency deployment. Solutions Architects will be available for consultation around your specific environment.