[Demo] Apache Log4j (Log4Shell) Vulnerability – How to discover, detect and protect

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] first and foremost it is always highly recommended that users apply patches and fixes when they become available now let's explore how trend micro enables discovery detection and protection for log for shell indicators for exploits associated with this vulnerability and now included in the threat intelligence sweeping function of trend micro vision 1. customers who have this enabled will now have the presence of iocs related to these threats added in their daily telemetry scans customers who are using cloud 1 workload protection all deep security may utilize the search app to identify hosts narrow down the time frame of exposure and review in more detail as additional information is learned about these exploits as you can see here easily pivoting into more information as you need it over time when you're investigating this threat the results are populated in the observed attack techniques section of vision 1 allowing you to build a story of an attack with your environment linked back to the mitre attack framework with attackers actively exploiting this vulnerability in the wild and many proof of concept attacks already available it's important to increase your visibility across endpoints server workloads and your network to quickly track down any malicious or suspicious behavior cloud one open source security by sneak is capable of digesting and scanning your organization's source code repositories to identify the log4j dependency in your apps once identified you'll be presented with information on how the vulnerability was introduced to your app and how to fix it this takes care of identifying your attack surface directly from the source while your application team works on fixing the vulnerability at source our intrusion prevention capabilities in cloud 1 workload security allow you to identify vulnerable hosts with a recommendation scan cloud 1 workload security log inspection capabilities enable the decoding of common log files that could contain entries indicating and exploit to your hosts with the recommendation scan complete intrusion prevention rules are applied automatically that detect and prevent currently known exploits to this vulnerability stopping exploits whether your application runs directly on a host or even in a container all built to give you visibility of how your application is being attacked even including the payload data cloud 1 network security allows you to protect your network footprint while also offering attack surface reduction by providing geo-location-based filtering finally cloud one application security's deep instrumentation capabilities enable evaluating the possible execution outcomes of any request to your web application stopping maliciously crafted requests from resulting in remote code execution this technique focuses on the outcome and behavior of payloads on the network and allows for broader detection and protection capabilities as you can see here with the mitre attack information and the remote command execution details that have been blocked it's easy to get started with trend micro vision one and cloud one see it for yourself at trendmicro.com for trials [Music]

Info

Channel: Trend Micro

Views: 5,044

Rating: undefined out of 5

Keywords: Apache, Exploited, Log4Shell, Log4j, Patch, Security alert, Vulnerability

Id: r_IggE3te6s

Channel Id: undefined

Length: 2min 53sec (173 seconds)

Published: Mon Dec 13 2021