Log4j: how AppScore can help you rapidly track down vulnerable systems

Log4j: how AppScore can help you rapidly track down vulnerable systems

Posted by Geoff Davies on Dec 13, 2021 10:10:00 AM

The sudden announcement of a security vulnerability affecting a wide range of systems meant organisations had to rapidly quantify their exposure. Here's how AppScore can help.

At the start of December 2021 a security vulnerability, described as the "single biggest, most critical vulnerability of the last decade" by security vendor, Tenable, sent organisations scrambling to identify the impact to their systems.

A weakness in Apache's Log4j software, one of the most commonly used logging services, allowed an attacker to remotely execute code and compromise those systems. Accordingly, Apache assigned the highest CVSS severity rating to the vulnerability.

With internet infrastructure provider CloudFlare reporting that exploits started on December 1st, vendors worldwide who use Java in their systems such as Amazon Web Services, IBM and Oracle urgently set about putting patches in place.

Of course it wasn't only the major vendors who were affected, Log4j is widely used across in-house and 3rd party developed applications and by many smaller commercial off the shelf (COTS) vendors.

The challenge for organisations was to identify where those types of applications were within their application portfolios. Fortunately, AppScore, through its unique application portfolio data picture, can help you find affected applications.

New call-to-action

Applications can be quickly filtered by type, such as COTS, in-house or 3rd party developed. With the latter types, they can be additionally filtered on primary dev language to find those using the affected language, Java in the case of Log4j.

To then further prioritise the scope and produce a list of apps for urgent attention, use datapoints such as Internal or External access and whether they hold confidential data or are business critical. AppScore's unique application-to-application interface mapping can also help you understand the interconnected nature of your portfolio and how a vulnerable system might be used to compromise others.

Organisations who use AppScore to migrate and modernise their estates build up a rich dataset that proves invaluable at critical moments like the Log4j issue.

With many more zero day vulnerabilities are out there waiting to be discovered, using AppScore helps organisations rapidly identify the impact to their systems.

For a demo on how to use AppScore to transform your apps portfolio and be ready for anything book a session here.