A vulnerability in Java software is currently making the rounds and keeping companies busy. Customers of United Security Providers can breathe easy, however, because we protect what is important to you without interruption.
log4j vulnerability – The vulnerability
When the first reports of the vulnerability, which later became known as Log4jShell, arrived, it quickly became clear that this was a very serious situation. What is critical about the vulnerability is not only that it is dangerous and relatively easy to exploit, but also the frequent occurrence of the affected Log4j library.
In addition to these facts, however, one thing is also clear: the role of United Security Providers. The immediate question for our team of security experts is: How can we best protect affected customer systems with the USP Secure Entry Server®? We want to give our customers valuable and urgently needed time. Time to patch their own web applications and close this new security gap.
The race begins
Interdisciplinary teams from different departments quickly come together to analyze and define the next steps. We make use of the broad range of skills we have – these are absolutely helpful. However, we always look at new issues from a broader perspective, follow blogs and exchange ideas. The close proximity to our customers is particularly important for this exchange. As our employees often provide operational support and therefore gain insights into various environments, we quickly gain knowledge about any incidents.
Our Managed Security Services also offer the opportunity to gain valuable insights into live logs. Thanks to the close monitoring of the systems, we can understand various forms of attempted attacks and incorporate this experience into our countermeasures.
Our added value
A few analyses and tests later, the picture becomes clearer: first of all, it turns out that our customers are not completely unprotected despite this new log4j vulnerability. Thanks to our diverse WAF and filter functions, which are available as standard, certain types of attacks are already being fended off. However, we also realize that this protection needs to be extended further.
The result of our efforts: additional rules that are simply and efficiently distributed to the customer systems using the virtual patch process. Here too, our close customer relationships are an important building block for success: As each customer has its own technical advisor, this person makes direct contact to accompany the virtual patch.
Even afterwards, we do not leave our customers alone, but accompany them personally and closely in the event of any problems or false positives. If a problem arises with an application, this is quickly communicated to the integrator team so that the know-how gained can be applied directly to other customers who use the same application. The only thing we don’t do is sit back: we continue to monitor the attacks without much breathing space so that we can continuously adapt and refine our rules.
Finally – internal check
With every new vulnerability, we naturally also look for clues internally: To what extent are our own products and services affected and how can we effectively secure them? In parallel and independently of the procedure described above, United Security Providers has a team of experts who deal with precisely these questions. This means that patches can be made available in the shortest possible time to eliminate any vulnerabilities.
Conversely, for you this means that everything stays as it is: we protect what is important to you and you can concentrate on your core business. We remain true to our credo: Protecting what matters.