The Journal.The Wall Street Journal & Spotify Studios
The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security | Part 1 Of 2 | An Imperva Brand Story With Gabi Stapel
- Af
- Episode
- 139
- Published
- 16. feb. 2023
- Forlag
- 0 Anmeldelser
- 0
- Episode
- 139 of 568
- Længde
- 23M
- Sprog
- Engelsk
- Format
- Kategori
- Økonomi & Business
The December 2021 log4j vulnerability was a major event in the cybersecurity world. When it was released and exposed to the internet, it caused an explosion in attacks with five and a half million attacks per day and up to 25,000 sites attacked per hour. The vulnerability affects any system running that version of Java lookup and could be at risk, even if it is only exposed internally to insiders. The attackers initially used scanning and checking to see which sites were vulnerable, and then it was automated. Attack tools were created to make it easier for attackers to reach as many targets as possible. Public awareness campaigns have been effective, but vulnerabilities can reappear due to the prevalence of the software. 72% of organizations still had some level of vulnerability to log4j as of October 2022.
As captured in this episode, remediation is not a one-and-done solution, as seen with Log4j, where organizations would fix the problem, and then it would come right back due to the prevalence of the software and how deep it went. The importance of API security is emphasized since 15% of the numbers were coming from APIs. The need to check and document new things added to the system is crucial to maintain proper documentation and be up on remediation. In short, software supply chain security is critical.
Note: This story contains promotional content. Learn more.
Guest: Gabi Stapel, Content Manager @ Imperva Threat Research [@Imperva]
On LinkedIn | https://www.linkedin.com/in/gabriella-stapel/
On Twitter | https://twitter.com/GabiStapel
Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988
Blog: Log4j: One Year Later
Solution page: Stopping software supply chain attacks
Learning center: Supply Chain Attack
Learning center: Zero-day (0day) exploit
National Telecommunications and Information Administration: Software Bill of Materials
National Telecommunications and Information Administration: Vulnerability-Exploitability eXchange
Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story
Lyt når som helst, hvor som helst
Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis
- Lyt og læs så meget du har lyst til
- Opdag et kæmpe bibliotek fyldt med fortællinger
- Eksklusive titler + Mofibo Originals
- Opsig når som helst
Other podcasts you might like ...
- 1,5 graderAndreas Bäckäng
- Maxwell Leadership Executive PodcastJohn Maxwell
- Ruby RoguesCharles M Wood
- EGO NetCastMartin Lindeskog
- Pitchfork Economics with Nick HanauerCivic Ventures
- The Pathless Path with Paul MillerdPaul Millerd
- SvD LedarredaktionenSvenska Dagbladet
- WorkLife with Adam GrantTED
- Goldman Sachs ExchangesGoldman Sachs
- The Journal.The Wall Street Journal & Spotify Studios
- 1,5 graderAndreas Bäckäng
- Maxwell Leadership Executive PodcastJohn Maxwell
- Ruby RoguesCharles M Wood
- EGO NetCastMartin Lindeskog
- Pitchfork Economics with Nick HanauerCivic Ventures
- The Pathless Path with Paul MillerdPaul Millerd
- SvD LedarredaktionenSvenska Dagbladet
- WorkLife with Adam GrantTED
- Goldman Sachs ExchangesGoldman Sachs
Sprog og region
Dansk
Danmark
