Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 블로그

구독

Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice

Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice

Tenable CIO Patricia Grant and CSO Robert Huber share insights and best practices to help IT and cybersecurity leaders and their teams weather the next cyber crisis of Log4j proportions.

A year ago, the discovery of the Log4Shell vulnerability sent IT and cybersecurity teams scrambling to assess and address their organizations’ exposure to this flaw in the ubiquitous Log4j open source component. 

Shifting quickly into “all hands on deck” mode, IT, engineering and cybersecurity teams put in long days and nights, racing to prevent breaches stemming from this easy-to-exploit and extremely severe zero-day vulnerability. 

Now, the one-year anniversary of the earth-shaking Log4j event offers an opportunity to take stock and ponder key questions, such as: “What did we learn?” and “Are we ready for the next Log4j-like vulnerability?”

They’re important questions to ponder, especially with the findings about the current state of Log4j remediation that Tenable recently disclosed. After analyzing a representative sampling of telemetry data from its 40,000 customers globally, Tenable found that, as of October 1, 2022:

  • 72% of organizations remain vulnerable to Log4Shell.
  • 29% of vulnerable assets saw the reintroduction of Log4Shell after full remediation was achieved.
  • Nearly one third of North American organizations have fully remediated Log4j (28%), followed by Europe, Middle East and Africa (27%), Asia-Pacific (25%) and Latin America (21%).

In this blog, Tenable CIO Patricia Grant and CSO Robert Huber share their insights, recommendations and expertise for dealing with high-impact vulnerabilities like Log4Shell, including the importance of a detailed playbook, cross-team collaboration and asset visibility. 

Communicate and collaborate — constantly and enthusiastically

At the foundation of an effective response to a Log4j-type event is a basic, yet sometimes elusive, principle: A pre-existing good and constant communication among the CIO, the CSO and all other stakeholders involved in protecting the company from cyberthreats.

For example, a key partnership between the CIO and the CSO involves the establishment of protective policies and procedures regarding the secure and compliant use of technology, which helps set a solid security hygiene foundation for managing and reducing cyber risk. The enforcement and detection of policy violations, vulnerabilities, misconfigurations and other flaws should be continuous and automated.

“Having visibility into your assets, with dashboards for reporting progress, is the best way to respond quickly and manage communications between the CIO and CSO on status at all times,” Grant says.

Tenable CIO Patricia Grant offers advice on dealing with Log4Shell-type vulnerabilities.
Tenable CIO Patricia Grant

Not only is communication between the CIO and CSO important, but it’s essential for the employees as well. All employees need to understand the importance of security in their company and ensure that they understand and follow all policies, which are there for a reason. Failure to do so could have negative consequences for the whole company.

“It’s important to not only communicate ‘the what’, but also ‘the why’ and the impact of not complying.” Grant says.

Boosting the staff’s security awareness increases end user compliance and cooperation, and reduces the incidence of risky behavior, such as the use of unapproved IT products. When dealing with a high-risk, zero-day vulnerability like Log4j, these “shadow IT” tools represent an extremely dangerous attack vector for an organization.

Get full asset visibility

Another foundational piece that must be in place for successfully dealing with high-impact vulnerabilities is comprehensive asset visibility. Once you’ve understood the nature of the vulnerability and its severity, as well as the implications of getting breached, you must quickly determine where and to what extent you’re impacted.

To do that, it’s critical for IT and cybersecurity to have an actively managed and constantly updated inventory of IT assets in a configuration management database (CMDB) or similar repository, such as an asset data lake fueled by your IT service management (ITSM), vulnerability management (VM) and endpoint detection and response (EDR) solutions.

“Otherwise, it’ll be difficult to swiftly and precisely answer the question of where this vulnerability is in your IT environment,” Huber says. This continuously updated IT asset inventory should contain all hardware and software assets on-premises, in the cloud and in remote locations, with granular details of all their components.

Tenable CSO Robert Huber offers advice on dealing with Log4Shell-type vulnerabilities.
Tenable CSO Robert Huber

Draft a response playbook

Organizations felt an intense urgency to address Log4Shell as quickly as possible — including detecting where it was in their environment and promptly patching the impacted assets. Based on how that went, you should have gotten a good idea of whether your vulnerability management program can handle a future Log4j-like crisis, Huber says.

Here are five key questions to ask yourself: 

  1. Do you have enough scanners and infrastructure in place to respond? 
  2. Can you scan quickly enough? 
  3. Can you patch immediately and automatically? 
  4. Can your business weather the operational disruptions of a massive and urgent vulnerability assessment and remediation campaign? 
  5. Can you coordinate all of these things quickly?

At Tenable, Huber and Grant deploy a rapid-response (RR) playbook for dealing internally with high-impact vulnerabilities. It outlines concrete steps to take and details the tasks and responsibilities of different teams, including research, security, IT, operations, legal, marketing, product management and the C-level suite. 

“This is very similar to an incident response plan, but very specific for high profile vulnerabilities. The IR process could be co-opted for such events as it is usually well understood and agreed upon by all stakeholders,” Huber says.

With this RR playbook in place, Tenable’s goals are to:

  • Quickly address and respond to the vulnerability
  • Ensure teams involved collaborate and communicate effectively
  • Ensure everyone is clear about their responsibilities and expectations
  • Ensure that internal and external communications are clear and consistent

Once the RR plan is activated, Tenable goes through the following stages:

  • Convene the RR executive team that’ll manage strategic decisions.
  • Assemble the RR team with representatives from each team involved.
  • Establish the key goals and objectives that must be attained.
  • Execute playbook action items.
  • Track and document progress and modify strategy as needed.
  • With the incident contained, wrap up and shift back to normal operations.

Be ready to respond to queries from customers and partners — quickly!

As you’re scrambling to address the vulnerability, you’ll get bombarded with queries from customers and partners wanting to know whether your organization has been impacted and if your software will need to be patched. It’s a consequence of the greater awareness we all now have about software supply chain risks.

Having answers ready is a must, and a challenge, so Grant and Huber recommend the following:

  • If you haven’t already done so, create detailed software bills of materials (SBOMs) for all your software, so that you know all the “ingredients” present in these products.
  • Embed security checks and tests early in your software development lifecycle, using tools for dynamic and static application security testing; third-party dependency or software composition analysis; vulnerability management; and container security. This will improve the trust and assurance of the software you release to customers.

Keep close tabs on the security posture of your suppliers

On the flip side, you should have a stringent process for evaluating the cybersecurity preparedness and practices of all your IT providers, and manage that third-party vendor risk so that, for example, your software vendors and managed service providers don’t put you in undue danger of breaches through carelessness on their part. 

“You’re only as safe as the weakest link in your vendor supply chain,” Grant says.

Not “if” but “when”

Bottom line: it’s not a question of “if” but rather of “when” IT and cybersecurity leaders will again face a crisis of Log4j proportions. Taking steps such as the ones outlined in this blog will go a long way towards putting your organization in a much better position to successfully respond to the next “all hands on deck” vulnerability. 

“Run tabletop exercises for this specific scenario and create some muscle memory and identify opportunities for improvement,” Huber says.

For more information about Log4j, check out the Tenable Log4j resources page, which includes links to FAQs, white papers, blogs, plugins, how-to videos, on-demand webinars and more.
 

관련 기사

최신 익스플로잇에 대해 취약합니까?

이메일을 입력하여 최신 사이버 노출 알림을 받으십시오.

tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Nessus Professional 무료로 사용해 보기

7일간 무료

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

Nessus Professional 구매

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

Tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Tenable.io Web Application Scanning 사용해 보기

Tenable.io 플랫폼의 일부로 최신 애플리케이션을 위해 설계된 최신 웹 애플리케이션 스캐닝 서비스에 대한 전체 액세스 권한을 누리십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Web Application Scanning 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io Web Application Scanning 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable.io Container Security 사용해 보기

취약성 관리 플랫폼에 통합된 유일한 컨테이너 보안 서비스에 대한 전체 액세스 권한을 누리십시오. 컨테이너 이미지에서 취약성, 맬웨어 및 정책 위반을 모니터링합니다. 지속적 통합 및 지속적 배포(CI/CD) 시스템과 통합하여 DevOps 실무를 지원하고 보안을 강화하고 기업 정책 컴플라이언스를 지원합니다.

Tenable.io Container Security 구매

Tenable.io Container Security는 빌드 프로세스와의 통합을 통해 취약성, 맬웨어, 정책 위반 등 컨테이너 이미지의 보안에 대한 가시성을 제공하여 DevOps 프로세스를 원활하고 안전하게 지원합니다.

Tenable Lumin 사용해 보기

Tenable Lumin을 사용하여 Cyber Exposure를 시각화 및 탐색하고 시간 경과에 따른 위험 감소를 추적하고 유사한 조직을 벤치마크하십시오.

Tenable Lumin 평가판에는 Tenable.io Vulnerability Management, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable Lumin 구매

조직 전체에서 인사이트를 얻고 사이버 위험을 관리하는 데 Lumin이 어떻게 도움이 되는지 알아보려면 영업 담당자에게 문의하십시오.

Tenable.cs 사용해 보기

클라우드 인프라 구성 오류를 감지 및 수정하고 런타임 취약성을 볼 수 있는 전체 액세스 권한을 누리십시오. 지금 무료 평가판에 등록하십시오.

Tenable.cs Cloud Security 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.io Web Application Scanning도 포함되어 있습니다.

영업 담당자에게 연락하여 Tenable.cs 구매

영업 담당자에게 연락하여 Tenable.cs 클라우드 보안에 대해 자세히 알아보고, 클라우드 계정을 온보딩하는 것이 얼마나 쉬운지 확인하고, 몇 분 내에 클라우드 구성 오류와 취약성에 대한 가시성을 얻으십시오.

Nessus Expert 무료로 사용해 보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

Nessus Professional이 이미 있습니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Nessus Expert 구매

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

프로모션 가격이 2월 28일까지 연장되었습니다.
여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가