Security Expert re: CISA Warns About Log4j And Long-term Risks For U.S. Critical Infrastructure

By   ISBuzz Team
Writer , Information Security Buzz | Jan 11, 2022 02:30 am PST

The director of the Cybersecurity and Infrastructure Security Agency today warned that the Log4j flaw could aid the nefarious activity of criminals and foreign governments for months or years to come, and voiced concern about long-term risks to networks that control U.S. critical infrastructure. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Pravin Madhani
Pravin Madhani , Co-founder and CEO
InfoSec Expert
January 11, 2022 10:31 am

<p>Log4j is a good reminder of how vulnerable today\’s organizations are to attacks on the software supply chain. Third party software purchased through the supply chain should have just as much security review as internal applications, and how seriously a vendor implements security in their product should become a standard part of the buying process.</p>
<p>The challenge with the Log4j flaw is that new variants of the original Log4j vulnerability are being discovered and each one of them requires a new patch. Also, organizations may not be able to take down all the servers at once for patching. Ideally, organizations should consider an application runtime security solution which eliminates the urgent need for patching against new vulnerabilities like Log4j, and gives organizations time to methodically schedule patches.</p>

Last edited 1 year ago by Pravin Madhani

Recent Posts

Would love your thoughts, please comment.x