Threat Watch

Log4Shell: A Retrospective

Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and take stock of how things played out. What strategies worked in the face of one of the most notable vulnerabilities of the last decade? This article includes reflections that could help organizations learn from the experience of the Log4j vulnerability.

ANALYST NOTES

There is good coverage of the lessons learned from Log4j in this article and it would be best to read it in full. These lessons include implementing good asset management, understanding the software supply chain, having centralized logging and threat intelligence capabilities, having good capacity for searching and alerting, implementing egress network filtering, and forcing restrictive DNS policies.

Log4Shell: A retrospective