Log4Shell: Securing the Web of Interconnectedness (video)
on 26 September 2022 for ProfessionalsHow to defend against Log4Shell-type supply chain attacks? At the end of last year, the Log4Shell vulnerability detected in the Apache Log4j library made thousands of companies and security officers around the world grind their teeth in anxiousness. It was a huge problem, and it needed to be addressed immediately.
The Log4Shell vulnerability
Log4Shell was a Remote Code Execution type of vulnerability, meaning that it allowed hackers to trick any server into running malicious code. And because the Log4j dependency was so widely used across thousands of components directly, and indirectly across tens of thousands more, it was almost impossible to get an overview of all the places Log4j was used.
Furthermore, the criticality of the Log4Shell vulnerability was rated a 10 out of 10, meaning it was a very high risk and needed to be patched immediately – within 24 hours. But to make matters worse, the patch released by Apache didn’t actually cover the vulnerability itself, meaning it could still be exploited and companies needed to do a lot of rework.
The cyber kill chain
During his talk, Matthias Vermeulen, Technology Security Officer at Baloise Insurance talks about the Cyber Kill Chain and how to defend against this Log4Shell vulnerability. (You’re thinking firewall? Think again!) He also talks about the web of interconnectedness and supply chain attacks in the larger sense. Matthias makes a case for a shift in mindset from DevOps to DevSecOps, meaning that security needs to be an integral part of the DevOps lifecycle – from threat awareness during the planning, modelling and architecting phases to dynamic and penetration testing and threat intelligence towards the completion of the project.
Curious about this interesting cybersecurity topic? Check out Matthias’ full presentation about Log4Shell in the Baloise Insurance setting right here.
About Exellys
Exellys is a Tech Talent Incubator. We match ambitious companies with the finest tech talent. Are you ready to drive the innovations of tomorrow? Ready to make an impact and become a future-fit digital leader?
Whether you are a graduate or (young) professional, Exellys will unlock your full potential by guiding you to a challenging work environment that perfectly matches your personality, expectations and ambitions.
On top of that, you are enrolled in one of our very own training and coaching programs (based on your personal and professional ambition and experience). This means that, while working as an Exellys consultant, we are helping you to bridge your ambition to excellence.
Through intensive training and coaching, you’ll gain the essential skills, competencies and knowledge necessary to become the highly effective professional you aim to be. Become an Exellyst and get in touch with us today!
Tags: cyber security , exellyst story , video