Immediate Action Against Log4j with Palo Alto Networks

Rowell Dionicio

Who's on your team for defense against zero-day vulnerabilities? Can your network move quickly to mitigate a risk once it is identified?

Security is a layered approach. Various defenses must be put in place to slow and stop a threat.

A vulnerability in Apache log4j is actively being exploited in the wild with a high criticality and it requires immediate attention.

Log4j is widely used in software such as:

Stop threats at the perimeter

Threat Prevention subscription with Palo Alto Networks NGFW

First step is to identify and stop any flow of traffic trying to exploit Log4j. With Palo Alto Networks firewalls, a Threat Prevention subscription would automatically block sessions related to the Log4j vulnerability.

Under Applications and Threat content updates there would be an update with signatures protecting against these attacks.

The signatures are Threat ID 91991, 91994, and 91995.

Threat Prevention?

Do you need a Threat Prevention subscription from Palo Alto Networks? Contact us today. We can help.

Monitor for active exploits

Identify whether you're part of an active exploit by monitoring the Threat logs within Palo Alto Networks firewalls.

Apply a filter to find out where the threat is coming from and take your next course of action or confirm the threat is being blocked:

name-of-threatid eq 'Apache Log4j Remote Code Execution Vulnerability'

Patch your vulnerable systems

Now that the perimeter is working to protect your network, it's time to act quick and mitigate. Take inventory of all your systems and use a vulnerability scanner such as Qualys.

Patch and Monitor.

Leave a Reply

Your email address will not be published. Required fields are marked *