loader-logo

Immediate Action Against Log4j with Palo Alto Networks

Who’s on your team for defense against zero-day vulnerabilities? Can your network move quickly to mitigate a risk once it is identified?

Security is a layered approach. Various defenses must be put in place to slow and stop a threat.

A vulnerability in Apache log4j is actively being exploited in the wild with a high criticality and it requires immediate attention.

Log4j is widely used in software such as:

Stop threats at the perimeter

Threat Prevention subscription with Palo Alto Networks NGFW

First step is to identify and stop any flow of traffic trying to exploit Log4j. With Palo Alto Networks firewalls, a Threat Prevention subscription would automatically block sessions related to the Log4j vulnerability.

Under Applications and Threat content updates there would be an update with signatures protecting against these attacks.

The signatures are Threat ID 91991, 91994, and 91995.

Threat Prevention?

Do you need a Threat Prevention subscription from Palo Alto Networks? Contact us today. We can help.

Monitor for active exploits

Identify whether you’re part of an active exploit by monitoring the Threat logs within Palo Alto Networks firewalls.

Apply a filter to find out where the threat is coming from and take your next course of action or confirm the threat is being blocked:

name-of-threatid eq 'Apache Log4j Remote Code Execution Vulnerability'

Patch your vulnerable systems

Now that the perimeter is working to protect your network, it’s time to act quick and mitigate. Take inventory of all your systems and use a vulnerability scanner such as Qualys.

Patch and Monitor.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


[gravityforms id=16 title=false description=false]
<script type="text/javascript">var gform;gform||(document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){"function"!=typeof(t=o.callable)&&(t=window[t]),"action"==n?t.apply(null,r):r[0]=t.apply(null,r)})),"filter"==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}});</script> <div class='gf_browser_unknown gform_wrapper gravity-theme' id='gform_wrapper_16' ><form method='post' enctype='multipart/form-data' id='gform_16' action='/protect-against-log4j-palo-alto-networks/' > <div class='gform_body gform-body'><div id='gform_fields_16' class='gform_fields top_label form_sublabel_below description_below'><fieldset id="field_16_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_16_1"><legend class='gfield_label gfield_label_before_complex' >Name<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_complex ginput_container no_prefix has_first_name no_middle_name no_last_name no_suffix gf_name_has_1 ginput_container_name' id='input_16_1'> <span id='input_16_1_3_container' class='name_first' > <input type='text' name='input_1.3' id='input_16_1_3' value='' aria-required='true' placeholder='First Name' /> <label for='input_16_1_3' >First</label> </span> </div></fieldset><div id="field_16_2" class="gfield gfield--width-full gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_16_2"><label class='gfield_label' for='input_16_2' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_2' id='input_16_2' type='text' value='' class='large' placeholder='Business email address' aria-required="true" aria-invalid="false" /> </div></div><fieldset id="field_16_3" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_16_3"><legend class='gfield_label gfield_label_before_complex' >Consent<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_16_3'><div class='gchoice gchoice_16_3_1'> <input class='gfield-choice-input' name='input_3.1' type='checkbox' value='I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the &lt;a href=&quot;https://packet6.com/privacy-policy&quot; target=&quot;_new&quot;&gt;Privacy Policy&lt;/a&gt;' id='choice_16_3_1' /> <label for='choice_16_3_1' id='label_16_3_1'>I consent to the processing and sharing with partners of the personal data that I provide Packet 6 for this activity in accordance with and as described in the <a href="https://packet6.com/privacy-policy" target="_new">Privacy Policy</a></label> </div></div></div></fieldset><div id="field_16_4" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" data-js-reload="field_16_4"><label class='gfield_label' for='input_16_4' >Phone</label><div class='ginput_container'><input name='input_4' id='input_16_4' type='text' value='' /></div><div class='gfield_description' id='gfield_description_16_4'>This field is for validation purposes and should be left unchanged.</div></div></div></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_16' class='gform_button button' value='Get the report' onclick='if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_16"]){return false;} window["gf_submitting_16"]=true; jQuery("#gform_16").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_16' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='16' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_16' value='WyJbXSIsImY4MGVlNTA5MGVjMWYzYzU5NzUyOGFhOWE3ZGFiMzRlIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_16' id='gform_target_page_number_16' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_16' id='gform_source_page_number_16' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> <p style="display: none !important;"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_2" name="ak_js" value="193"/><script>document.getElementById( "ak_js_2" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div>