blog.hcltechsw.com
Open in
urlscan Pro
52.204.18.114
Public Scan
URL:
https://blog.hcltechsw.com/bigfix/log4j-putting-effective-it-operations-at-center-stage/
Submission Tags: falconsandbox
Submission: On December 15 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On December 15 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://blog.hcltechsw.com/
<form role="search" method="get" class="et-search-form" action="https://blog.hcltechsw.com/">
<input type="search" class="et-search-field" placeholder="Search …" value="" name="s" title="Search for:">
</form>POST https://blog.hcltechsw.com/wp-comments-post.php
<form action="https://blog.hcltechsw.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> Required fields are marked <span class="required">*</span></p>
<p class="comment-form-author"><label for="author" style="display: none;">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required"><span id="error_name"
class="error"></span></p>
<p class="comment-form-email"><label for="email" style="display: none;">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes"
required="required"><span id="error_email" class="error"></span></p>
<p class="comment-form-comment"><label for="comment" style="display: none;">Comment *</label><textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required"></textarea><span id="error_comment" class="error"></span>
</p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<p class="comment-form-privacy"><input id="publicreview" name="publicreview" type="checkbox">
<label for="publicreview"> I am not a U.S. Federal Government employee or agency, nor am I submitting on behalf of one<font>*</font>
</label>
</p>
<div id="error_nonGov" class="error"></div>
<p class="comment-form-privacy">
<input id="privacy" name="privacy" type="checkbox">
<label for="privacy"> I acknowledge to have read and understood all the contents of hcltech.com/privacy-statement<font>*</font>
</label>
</p>
<div id="error_privacy" class="error"></div>
<p class="instr">
<font>*</font> HCL provides software and services to U.S. Federal Government customers through its partner ImmixGroup, Inc. Please contact ImmixGroup, Inc. at the
<a href="https://www.hcltechsw.com/wps/portal/contact-us/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zi_QO8nQ0MnQ0CDAwtDQwCA00snf0CLYwDjIz1w1EVWDgGuRgEOnq6Wwb7uhsZmJjqRxGj3wAHcDQgTj8eBVH4jQ_Xj0K1AosPCJlRkBsaGmGQ6QgAYwxaRg!!/?1dmy&urile=wcm%3apath%3a/wps/wcm/connect/hcl+software+content/resources/us-government-contact"> U.S. Federal Government contact page.</a>
</p>
<div class="g-recaptcha" data-sitekey="6Lc7X-oUAAAAAFtfgWW06tNZcKq--G8aA08suOdy">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc7X-oUAAAAAFtfgWW06tNZcKq--G8aA08suOdy&co=aHR0cHM6Ly9ibG9nLmhjbHRlY2hzdy5jb206NDQz&hl=de&v=rPvs0Nyx3sANE-ZHUN-0nM85&size=normal&cb=fgdoa77z9yq7" width="304"
height="78" role="presentation" name="a-hrqiyaqj2bny" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe></div>
<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div><br>
<div id="error_captcha" class="error"></div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit et_pb_button" value="Submit Comment"> <input type="hidden" name="comment_post_ID" value="17406" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="1639604276682">
<script>
document.getElementById("ak_js").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>Text Content
HCL TECHNOLOGIES
* Products
* layer-menu
* Products
* Menu item
* Featured
* HCL Cloud Native
* HCL Now
* Sofy
* Menu Item
* All products
* Accelerate
* Actian Vector
* AppScan
* Automation Power Suite
* BigFix
* Clara
* Cloud Native
* Commerce
* Compass
* Connections
* DevOps
* Digital Experience
* Domino
* DRYiCE™ MyCloud
* EXACTO™ Invoice
* Hero
* Launch
* Leap
* Link
* Notes
* OneDB
* OneTest
* OneTest Embedded
* RTist
* SafeLinx
* Sametime
* SoFy
* Unica
* Verse
* VersionVault
* Volt MX
* Workload Automation
* Mainframe Solutions
* Z Asset Optimizer
* Z Data Tools
* Z Abend Investigator
* View All
* View All
* Partners
* Resources
* layer-menu
* Resources
* Menu item
* Featured Resources
* Ecommerce
* Partner Connect
* Submit Idea
* Support
* Menu Item
* All Resources
* Analyst Reports
* Client Advocacy
* Demo Portal
* Ecommerce
* Key Facts
* License Agreements
* Master Agreements
* Open Source
* Partner Connect
* Product Lifecycle
* Submit Idea
* Success Stories
* Video Gallery
* View All
* View All
* Blog
* Events
* Careers
* About Us
* layer-menu
* About Us
* Menu Item
* About US
* About Us
* Acquisition FAQ
* Careers
* Contact Us
* Events & Webinars
* Government – US Federal
* HCL Ambassadors
* News
* Welcome
* Menu Item
* Corporate
* Master Agreements
* License Agreements
* MEnu ITem
* Legal
* Accessibility
* Compliance
* Cookie Statement
* Disclaimer
* Future Products
* Privacy
* Software Disclaimer
* Terms of Use
* CONTACT US
* Blog Home
* Categories
* Menu Item
* Automation
* Actian Vector
* BigFix
* DRYiCE™ MyCloud
* EXACTO™ Invoice
* Workload Automation
* Innovations
* Clara
* HERO
* Mainframes
* Z and I Emulator
* Menu Item
* Cloud Native
* SoFy
* Data Management
* Link
* OneDB
* Marketing & Commerce
* Commerce
* Unica
* Menu Item
* Digital Solutions
* Connections
* Digital Experience
* Domino
* Sametime
* Verse
* Volt MX
* Digital Solutions Academy
* Menu Item
* Secure DevOps
* Accelerate
* AppScan
* Compass
* Launch
* OneTest
* RTist
* VersionVault
* CONTACT US
Select Page
* Blog Home
* Categories
* Menu Item
* Automation
* Actian Vector
* BigFix
* DRYiCE™ MyCloud
* EXACTO™ Invoice
* Workload Automation
* Innovations
* Clara
* HERO
* Mainframes
* Z and I Emulator
* Menu Item
* Cloud Native
* SoFy
* Data Management
* Link
* OneDB
* Marketing & Commerce
* Commerce
* Unica
* Menu Item
* Digital Solutions
* Connections
* Digital Experience
* Domino
* Sametime
* Verse
* Volt MX
* Digital Solutions Academy
* Menu Item
* Secure DevOps
* Accelerate
* AppScan
* Compass
* Launch
* OneTest
* RTist
* VersionVault
* CONTACT US
Uncategorized
| December 14, 2021
LOG4J: PUTTING EFFECTIVE IT OPERATIONS AT CENTER STAGE
Dan Wolff
Director of Solutions and Product Marketing for BigFix
News of the Apache Log4j vulnerability exploit came on December 9th, and is
striking fear into the software world, for both vendors and users. Log4j is the
most popular java logging service with over 400,000 Github downloads; Log4j has
been embedded in hundreds of Internet services and products from companies all
over the world, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and
many more.
Exploiting this vulnerability is simple and allows threat actors to bypass
authentication, control java-based web servers via numerous device types (see
diagram to the right) and launch remote code execution attacks. New variations
of the original exploit are already being introduced – over 60 in less than 24
hours. The attack surface grows by the minute. Good credential management and
advanced authentication won’t help as this exploit is pre-authentication, which
means an attacker doesn’t need to authenticate to your web applications in order
to attack.
IT Operations is on the front lines to protect every enterprise from Log4j
Step one: FIND Log4j wherever it exists
Investigate every internet-facing application, website, and system that you own
or use. This includes self-hosted installs of vendor products and cloud-based
services. Focus on internet-facing systems that contain sensitive data. Once
you’ve completed assessing your hosted apps and vendor systems, move on to
endpoint applications including Java-based apps like WebEx, Minecraft, and
Citrix.
By noon CST on Friday, December 10th, BigFix had provided customers with
specialized tools to help find log4j wherever it existed in their environment,
including file systems, across nearly 100 operating system variants. Full
visibility is step one to provide complete protection against Log4j based
threats.
BigFix’s 24-hour response
Step two: Patch, patch, patch. Patch in the same order in Step one. If no patch
or workaround is yet available, uninstall.
BigFix automates discovery, management, and remediation of all endpoints whether
on-premises, mobile, virtual, or in the cloud – regardless of the operating
system, location, or connectivity.
The pandemic has forced many endpoints into home environments which creates
makes it more difficult to keep your endpoints patched and compliant. Operations
teams cannot rely on employees working from home to patch their own systems,
even with clear instructions. Many of them will also ignore your requests so you
need to adopt systems that enforce continuous compliance, like BigFix.
IT Operations is essential to beating this. BigFix is the essential tool for IT
Operations
We believe this vulnerability is not going to go away any time soon. We’re just
starting to get a glimpse of how this is being exploited. New ransomware attacks
have already been launched using this vulnerability. Buckle up IT Operations
teams, it’s going to be a wild end to 2021 with more to come in 2022.
For more details, use these links:
* Log4j Scan Task
* Log4j Analysis Results
* BigFix Knowledge base article
* Live Forum Post
How can BigFix help?
BigFix automates discovery, management, and remediation of all endpoints whether
on-premises, mobile, virtual, or in the cloud – regardless of the operating
system, location, or connectivity. BigFix Insights for Vulnerability Remediation
integrates with leading vulnerability management solutions like Tenable to
remediate vulnerabilities like Log4j faster than any other solution in the
market.
With BigFix, you can manage every endpoint, now and in the future.
For more information, please visit www.bigfix.com.
Comment wrap
Dan Wolff
Director of Solutions and Product Marketing for BigFix
Dan Wolff is the Director of Solutions and Product Marketing for BigFix,
responsible for all global go-to-market strategy and programs. Previously, he
was Director of Cloud Security Product Management in IBM’s Security Division,
driving new cloud security offerings from concept to launch across... IBM.
Previously, Dan was McAfee’s Director of Products for Endpoint Security,
responsible for enterprise endpoint security products. He is a recognized
security expert with over 18 years of security product management and product
marketing experience.
Read more
TOPICS IN THIS ARTICLE:
BigFixComplianceLifecycleLog4jPatchvulnerabilityvulnerability remediation
NEVER MISS AN UPDATE
Subscribe to the HCL Software Blog weekly digest and stay informed about the
latest content from industry leaders.
SUBSCRIBE
SUBMIT A COMMENT CANCEL REPLY
Your email address will not be published. Required fields are marked *
Name *
Email *
Comment *
Save my name, email, and website in this browser for the next time I comment.
I am not a U.S. Federal Government employee or agency, nor am I submitting on
behalf of one*
I acknowledge to have read and understood all the contents of
hcltech.com/privacy-statement*
* HCL provides software and services to U.S. Federal Government customers
through its partner ImmixGroup, Inc. Please contact ImmixGroup, Inc. at the U.S.
Federal Government contact page.
Δ
Further Reading
* a/icons/social/linkedin_filled
*
*
* a/icons/social/mail_no_shadow
*
Copied to clipboard
bigfix
bigfix
Uncategorized | December 15, 2021
NEW! A Buyers Guide for Selecting the Best Endpoint Management Solution
This buyer’s guide lists capabilities that characterize an effective endpoint
management platform and provides a checklist of features and attributes to help
you evaluate whether or not a particular vendor’s solution effectively addresses
each of these feature and capabilities.
Cyril Englert
Solution Architect
Copied to clipboard
* a/icons/social/linkedin_filled
*
*
* a/icons/social/mail_no_shadow
*
Close
Popular Tags
DevOpsHCL CommerceBigFixDomino
ProductsRESET
Select products
All Products
Accelerate
AppScan
Atlas
BigFix
Clara
Commerce
Compass
Connections
Digital Experience
Domino
hclsoftware
Hero
Launch
Link
Newsletter
OneDB
OneTest
RTist
Sametime
SoFy
Subscribe
Test page
Unica
UrbanCode
Verse
VersionVault
Volt MX
Workload Automation
Z and I Emulator
FOLLOW US
* Youtube
* Facebook
* Linkedin
* Twitter
* Instagram
* Privacy Policy
* Terms of use
Copyright © 2021 HCL Technologies Limited
Designed by Elegant Themes | Powered by WordPress