Security strategy for the next Log4Shell
Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Threat Detection
A Review of Log4Shell Detection Methods
Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?
CrowdStrike Adds New Strategic Partners to Groundbreaking CrowdXDR Alliance
Security telemetry from across technology partners Cloudflare, Armis and ThreatWarrior will fuel the fastest and most effective threat detection and response capabilities at scale.
Detecting Log4j exploits via Zeek when Java downloads Java
We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.
CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner
As today's adversaries become more sophisticated, only CrowdStrike provides full, automated protection across endpoints, cloud workloads, identity and data without impacting performance and end-user productivity.
Arctic Wolf Cloud Detection and Response
Cloud Detection and Response protects you from key cloud threats like account and business email compromise, ransomware, suspicious resource usage, and phished credentials. Arctic Wolf's Concierge Security® Team continually reviews your cloud posture and works to harden your environment over time. The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure with Arctic Wolf Cloud Detection and Response.
Detecting Log4j via Zeek & LDAP traffic
We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP. Zeek does not currently have a native LDAP protocol analyzer (though one is available if you are running Spicy). This will not stop you from detecting this exploit downloading Java over LDAP, though. To see how, read on.
CrowdStrike Wins Tenth Consecutive AV-Comparatives Award, Highlighting Falcon's Proven Efficacy and Market-Leading Technology
CrowdStrike Falcon achieves highest protection rate, demonstrating its powerful technology.
CrowdStrike Falcon Detects 100% of Attacks in New SE Labs EDR Test, Winning Highest Rating of All Vendors
The world's most tested next-gen endpoint protection platform receives AAA award from the prestigious SE Labs.
Simplifying detection of Log4Shell
Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.