14 Dec Update: Remediation is complete but monitoring remains ongoing. The assessed risk is low, but a patch is ready. We began rolling out our update on Dec. 14.
IronNet product/engineering efforts in response to log4j vulnerability: IronNet is aware of unpatched/vulnerable instances of log4j in our code and that of third-party vendors used within our code. We’ve determined our use of the library is likely unexploitable under current circumstances; however, we considered it prudent to proactively address it. Always keeping our customers’ best interests in mind and erring on the side of caution, we will be holding our planned forthcoming product updates until specific actions are identified to fix any vulnerabilities as needed. As we are working as quickly as possible to investigate the impact, we will continue to provide specific guidance to our customers as needed.
IronNet’s enterprise environment and operational monitoring (IronNet Corp): In the last 48 hours since the announcement of the log4j vulnerability, all IronNet corporate infrastructure servers, firewalls, and user endpoints were successfully scanned with the latest plugins and are clear from unpatched instances of log4j. We have reviewed all recent traffic and logs covering our enterprise environment and have zero incidents of compromise. We have also increased our active alerting and implemented via IronDefense using both TIRs and Suricata rules. Palo Alto released an emergency content update on Friday night that all corporate firewalls have incorporated, thereby allowing us to scan real-time traffic on external facing systems (FWs) for the vulnerability and block if needed. We've also implemented custom alerting via Splunk that is set hourly for any notices of compromise. This is all a part of our automated alert workflow managed by our 24x7 SOC. We did receive alerts from two of our vendors so far, but are seeing no vulnerabilities with those third-party products. We continue to monitor third-party vendor security notifications and will take any necessary action accordingly, in turn updating customers as needed.
For additional insights from the IronNet Threat Research team, here is a more detailed brief on the scale and severity of this vulnerability. This "Log4j: new software supply chain vulnerability unfolding as this holiday’s cyber nightmare" post, with lead contributions by Peter Rydzynski and Brent Eskridge, provides an overview of the vulnerability, its impacts, potential attack vectors, and possible mitigation efforts as details of the extent of this incident unfold. We will continue to update this post with new, relevant information.