• Home >
  • Blog >
  • Log4j: How to use threat i...

Log4j: How to use threat intelligence to identify high-risk vulnerability exposures

Skybox threat intelligence, exposure analysis, and customized risk scoring enable customers to zero in on Log4j cybersecurity risk.

December 20, 2021

The threat intelligence research division of Skybox Security, Skybox Research Lab, has been tracking Log4Shell since the exploit was publicly released on December 9, 2021. Our proprietary database, the Skybox dictionary, also tracks Log4j-affected vendors, products, and services, as well as fixes.

Cybercriminals were swift to weaponize this critical remote code execution vulnerability, a design flaw in a popular open-source library for Java, with far-reaching, unintended consequences. A CISA official estimated that hundreds of millions of devices are likely affected.

Due to widespread use of this Java library across market-leading vendors, Log4Shell is highly likely to result in ransomware attacks on organizations that lack mature cybersecurity risk models. Some attacks the world may not see for years to come.
Skybox Security Research Lab

Identify Log4j affected products and services quickly with a continuously updated threat intelligence feed

To immediately identify and reduce Log4j exposure, our customers use the Skybox dictionary and network model to identify Log4j vulnerabilities most likely to impact their unique networks and assets. Skybox threat intelligence researchers are closely monitoring this Log4j vulnerability and proactively updating the dictionary.

Benefits:

  • Reduces the ever-increasing number of vulnerabilities customers need to prioritize.
  • Identifies exploitable vulnerabilities and correlates them with the organization’s unique network configurations and security controls to determine the areas of highest exposure.
  • Shows which exposures pose the highest risk with a customized risk score.

Skybox calculates risk scores by factoring four critical variables, including CVSS severity, vulnerability exploitability, asset importance, and asset exposure based on the security controls and configurations across the network.

Learn more about Skybox vulnerability and threat management

Skybox threat intelligence speeds time to identify Log4j products

Rather than the traditional, time-consuming, manual approach to collecting individual security advisories, Skybox Research Lab accelerates the timeframe in which customers can identify impacted products. Skybox tracks exploits, affected vendors, products, and remediation options based on our customers’ unique environments. The result is relevant, consolidated, human-curated data that Skybox feeds directly into our Vulnerability and Threat Management Solution.

Skybox Research Lab continuously researches exploits in the wild to inform security operations strategy, deliver risk mitigation, and save you time. The Skybox Threat Intelligence subscription service provides customers with critical data based on their unique attack surface, tech stacks, and security toolkits. Skybox Vulnerability Control combines the Skybox threat intelligence feed with our unique passive vulnerability assessments to identify exposures across hybrid environments.

Learn more about Skybox Threat Intelligence

Skybox dictionary includes the latest exploits and malware taking advantage of Log4j vulnerabilities

Skybox Research Lab tracks and analyzes tens of thousands of vulnerabilities on thousands of products and updates its dictionary continuously. Skybox continuously monitors hundreds of security sources, including the National Vulnerability Database (NVD), vendor security advisories, and CISA Alerts, among many others.

Skybox threat intelligence is curated for customers in the Skybox dictionary. The Skybox dictionary also includes the latest exploits and malware campaigns taking advantage of Log4j vulnerabilities. The Skybox dictionary contains threat intelligence on more than 130,000 vulnerabilities in roughly 14,000 products, including:

  • Server and desktop operating systems
  • Business and desktop applications
  • Networking and security technologies
  • Developer tools
  • Internet and mobile applications
  • Industrial Internet of Things (IIoT) devices
  • Industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices
Learn more about the Skybox Research Lab

Cut through the chaos and zero in on what is critical

Within days of the Log4j public advisory, hundreds of individual security advisories published online by hundreds of market-leading vendors – and many more are expected. Within a week of the first public announcement of this Log4j vulnerability, more than 1 million attempted attacks had followed, according to research from our integration partner Check Point1.

For years to come, threat actors will innovate new and creative ways to exploit common tools like Log4j. As a result, preventing breaches requires immediately minimizing your exposure through smart and targeted mitigation.

Footnotes
  1. Check Point, A deep dive into real-life Log4j exploitation, December 17, 2021. https://blog.checkpoint.com/2021/12/14/a-deep-dive-into-a-real-life-log4j-exploitation/
Subscribe to our blog to get monthly cybersecurity news, research, insights, and more from cybersecurity industry experts.

Hello! It looks like you may have some browser-security settings in place that block basic web page functions, like the form that should be right here. Please change your browser settings and refresh this page; you can find our privacy and security policies here.

Thank you for your submission!

You can unsubscribe at any time. View our privacy policy.
Series
Log4j vulnerability news, insights and practical tips
Endemic vulnerabilities: 3 ways to mitigate Log4j exposure
July 15, 2022
Ransomware, Log4j and when – not if – you’re hacked
February 22, 2022
How to assess Log4j exposure quickly and accurately with vulnerability prioritization and attack surface analysis
December 28, 2021
Log4j: How to use threat intelligence to identify high-risk vulnerability exposures
December 20, 2021
Security posture management can help reduce the pain of zero-days
December 16, 2021
See all posts in this series

Related posts

By Type
By Topic

Recent posts

Achieve continuous network and security compliance to alleviate audit pressure
April 10, 2024
Six steps to optimize firewalls to improve cyber hygiene and reduce risk
April 02, 2024
JetBrains TeamCity vulnerability: How to defend against CVE-2024-27198, CVE-2024-27199
March 27, 2024
Continuous Vulnerability Management is a “Must Have” for security leaders
March 20, 2024
What is risk-based vulnerability prioritization?
March 12, 2024

Related posts

Log4j: How to use passive and active scanning to identify vulnerability exposures

Apache Log4j CVE-2021-44228: Close gaps in vulnerability management programs with comprehensive discovery, exposure-based vulnerability prioritization, and vulnerability remediation beyond patching.
Three ways to modernize your OT security programs

Research reveals OT vulnerabilities increased by 46%, necessitating a new approach to OT security.
Vulnerability and Threat Trends Report highlights the importance of cyber exposure analysis that goes beyond CVSS rating

If your network security firewalls are breached and data stolen, it might have been those shady characters hanging out by your office fish tank. Sound fishy?...