Security Expert re: CISA Warns About Log4j And Long-term Risks For U.S. Critical Infrastructure

The director of the Cybersecurity and Infrastructure Security Agency today warned that the Log4j flaw could aid the nefarious activity of criminals and foreign governments for months or years to come, and voiced concern about long-term risks to networks that control U.S. critical infrastructure. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Pravin Madhani
Pravin Madhani , Co-founder and CEO
InfoSec Expert
January 11, 2022 10:31 am

<p>Log4j is a good reminder of how vulnerable today\’s organizations are to attacks on the software supply chain. Third party software purchased through the supply chain should have just as much security review as internal applications, and how seriously a vendor implements security in their product should become a standard part of the buying process.</p>
<p>The challenge with the Log4j flaw is that new variants of the original Log4j vulnerability are being discovered and each one of them requires a new patch. Also, organizations may not be able to take down all the servers at once for patching. Ideally, organizations should consider an application runtime security solution which eliminates the urgent need for patching against new vulnerabilities like Log4j, and gives organizations time to methodically schedule patches.</p>

Last edited 10 months ago by Pravin Madhani
Would love your thoughts, please comment.x