Apache Log4Shell Mayhem: How to see and secure your assets from this critical RCE threat
Read More
How Armis is Responding to the Log4j Vulnerability Internally?
As a security solution provider, Armis has been assessing the Log4j disclosure from moment one from two key perspectives:
- How can we help our customers effectively manage this event?
- What steps do we need to take to ensure that our product remains safe to consume?
In terms of the latter, we want to assure our customers that Armis has fully assessed all areas of our environment and all elements of our product to confirm our level of exposure. We also took immediate steps to implement CDN/WAF rules that would protect against potential exploitation while we conducted a full sweep of our environment.
First, Armis does not use Log4j in our code base. The only presence of Log4j in our landscape is due to its use by third-party solutions. Log4j is also not in use in any capacity on Armis appliances (collectors).
As a result of this thorough assessment and continuous monitoring effort, we can confidently confirm that Armis is not exposed. Though we did identify that one of the search services commonly used in cloud environments, including our own, has yet to receive a patch to address the vulnerability, multiple layers of protection against exploitation are in place.
This specific service is not externally exposed and is contained and consumed through a highly isolated VPC. While awaiting patch availability, Armis is also taking additional steps to apply a workaround to the search service specifically that will apply additional levels of protection against exploitation attempts. The workaround was fully applied by 12/19/2021.
Though we have no externally facing vulnerabilities, edge protections such as the CDN/WAF rules that were implemented on December 10, 2021, have also remained effective at preventing any external vulnerability validation or exploitation attempts.
All in all, the limited presence of Log4j in our environment, combined with our mesh of protection and monitoring capabilities, ensure that Armis can continue to be safely consumed by our customers.
