Security Expert re: CISA Warns About Log4j And Long-term Risks For U.S. Critical Infrastructure

The director of the Cybersecurity and Infrastructure Security Agency today warned that the Log4j flaw could aid the nefarious activity of criminals and foreign governments for months or years to come, and voiced concern about long-term risks to networks that control U.S. critical infrastructure. 

Experts Comments

January 11, 2022
Pravin Madhani
Co-founder and CEO
K2 Cyber Security

Log4j is a good reminder of how vulnerable today's organizations are to attacks on the software supply chain. Third party software purchased through the supply chain should have just as much security review as internal applications, and how seriously a vendor implements security in their product should become a standard part of the buying process.

The challenge with the Log4j flaw is that new variants of the original Log4j vulnerability are being discovered and each one of them requires a new

.....Read More

Log4j is a good reminder of how vulnerable today's organizations are to attacks on the software supply chain. Third party software purchased through the supply chain should have just as much security review as internal applications, and how seriously a vendor implements security in their product should become a standard part of the buying process.

The challenge with the Log4j flaw is that new variants of the original Log4j vulnerability are being discovered and each one of them requires a new patch. Also, organizations may not be able to take down all the servers at once for patching. Ideally, organizations should consider an application runtime security solution which eliminates the urgent need for patching against new vulnerabilities like Log4j, and gives organizations time to methodically schedule patches.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.