The Log4j vulnerability (CVE-2021-44228) is a great example of the valuable protection Threater provides to proactively protect against cyber threats.
The first step attackers take to exploit a vulnerability is to actively scan for potential targets. Furthermore, much of that scanning infrastructure tends to be used by malicious actors for post-scan exploits immediately after a successful scan.
How Threater is Combating the Log4j Vulnerability
We’ve already identified activity from more than 7,500 IPs associated with Log4j scanning activity from over 15 of our threat intelligence data sources – and we’re actively blocking this traffic for our customers, providing them immediate protection from the currently circulating zero-day attack vectors. We’re seeing this activity from over 100 different countries and nearly 1,000 ASNs.
This demonstrates the critical need to use threat intelligence from multiple sources to proactively block threats – before they hit your network. No single threat intelligence source knows the entire landscape. It is the collection of best-in-class sources that together provide the protection our customers need, enforced through our Threater architecture.
Want to see if these malicious IPs are getting through your firewall? Send us your firewall logs and we’ll show you in a matter of minutes.
On a related note, here is our official response to our own platform. Threater software is not impacted by the critical Log4j zero-day attack vector. The security stack upon which Threater is built has been carefully designed to minimize the potential for security risk. On that note, absolutely no Threater infrastructure makes use of any Java library, to include Log4j.
Block. Every. Threat.