The U.S. Department of Homeland Security (DHS) has released the first report by the Cyber Safety Review Board (CSRB), which includes 19 actionable recommendations for government and industry to address the continued risk posed by the Log4j zero day vulnerability.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
“Security teams are still racing to patch and protect their enterprise apps and services from Log4j, underscoring the security risks associated with open source software, and the challenges of protecting web applications against zero day attacks. Vulnerabilities in web applications are the leading cause of high-profile breaches and defending against them should be a key part of every enterprise’s security strategy.
As the Cyber Safety Review Board articulated, there are a number of basic steps that should be taken to protect against vulnerabilities, including security testing for vulnerabilities earlier in the development cycle, making sure that software and operating systems are kept up to date and patched, and utilizing a multi-layered, defense-in-depth approach.
The most significant protection against zero day and other attacks comes from using security technologies that sit closer to, and understand best, how your application works. Security solutions like runtime application protection provide the context, visibility and control to identify and block new zero day attacks launched against your applications. The ability to block zero-day attacks is particularly important as it offers protection while the software is being patched, which can be quite a lengthy and involved process.”