Exhibitor Demo Session: Apache log4j 2
- Room: Engagement Theater, Olmstead Exhibit Hall
Monday, May 09, 2022: 11:45 AM - 12:05 PM
Speaker(s)
Description
On December 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild. Public proof of concept code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, an attacker is able to instruct that system to download and execute a malicious payload.
Since the discovery of this exploit is so recent, there are still many servers that have yet to be patched. Like many high-severity RCE exploits, massive scanning activity for this issue has begun on the internet with the intent of seeking out and exploiting unpatched systems. We highly recommend that organizations upgrade to the latest version of Apache log4j 2 (2.16.0) for all systems.
Palo Alto Networks offers a broad yet focused approach to eradicating the vulnerability from your environment quickly and completely through the combination of Palo Alto Networks Security Orchestration Automation and Response platform, Cortex XSOAR, and the Palo Alto Networks attack surface management technology, Cortex Xpanse. Leveraging Xpanse’s ability to determine what vulnerabilities are attackable from threat actors will allow operations to quickly determine where the specific vulnerable Apache versions exist in an environment.
From there, XSOAR provides a comprehensive and consistent application of desired remediation steps in a predefined yet customizable playbook, with as much or as little analyst involvement as required. The playbook is part of a downloadable content pack that is designed to make certain that vulnerable critical systems are found and patched quickly and easily. This demo will highlight how Xpanse finds the vulnerabilities and how XSOAR runs the appropriate playbook to progress through the defined process that is required to automatically eradicate the vulnerability in the environment.
Find out more here: https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
Track(s)
Handout(s)