The log4j Vulnerability: How a Defense-in-Depth Cybersecurity Strategy Can Help Protect Your Firm

Dec 23, 2021

By Paul Ponzeka, CTO at Abacus Group

Unfortunately, another major cybersecurity event has rocked our industry. By this point you have likely seen the many articles about the recent Apache software vulnerability which affects a Java logging package known as “log4j.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has called the log4j vulnerability a “severe risk.”

Here at Abacus, our highest priority is always the security and integrity of our systems, data, and customer data. We do not currently have any evidence to suggest our systems were or are being compromised by the log4j vulnerability, but we none the less stepped into action. Based on real-time monitoring, we implemented appropriate remediation on a priority basis. We patched critical applications and blocked known malicious traffic and newly identified attacks at the firewalls of our data centers. We continuously monitor (24/7) to detect and remediate any potential attacks and are implementing long-term mitigation of the vulnerability using industry-recommended remediation.

Amid the flurry of vendors and providers that are rushing to remediate and mitigate the log4j vulnerability, this is an example of where you and your firm need to look at your security model and understand and design security overlaps. There is rarely a single strategy that will work to prevent a vulnerability of this magnitude.

Patch Management

What is your patch management strategy? This is a crucial example of where patch management plays an integral part. But wasn’t an updated version of log4j vulnerable? Yes, it was, but if you are up to date on the patches to your firewall platform, your proxies, your EDR/antivirus solutions, and other critical areas, you have built-in mitigations that will limit your exposure, allowing time to investigate and fully mitigate the vulnerability in log4j. This is something that we provide and manage for our clients.

Local Admin Rights

The vulnerability does not need local admin rights to be exploited, but this is a strong preventative measure. Removing users from local admin rights prevents them from being able to install non-managed software in the first place. Meaning Joe from Accounting doesn’t have a random software installed that you are not aware of, that is prone to this or other vulnerabilities.

Network Visibility

Gone are the days of just needing visibility into your users’ internet usage for compliance purposes. Modern firms need to be able to get visibility into not only their users’ traffic patterns, but what web applications they are using. With the proliferation of the public cloud, and continued evolution of the SaaS-based model, the need for visibility has increased dramatically. On top of this, the ability to gain insight into malicious traffic that would normally go undetected, and possibly take zero-day action on some of those, make this a basic need at this point. This is one of the many types of reporting we provide to our clients via our abacusPortal.

Users

Unfortunately, users continue to be one of the weak points in the cybersecurity chain. So, taking care to arm them is vitally important. Regular security awareness training and phishing training should be part of their normal work training schedule, something we provide to clients in conjunction with our training partner KnowBe4. Strict enforcement of acceptable use computing policies should come from the top down in an organization. Strong security practices and usage of multi-factor authentication (MFA) tools, coupled with strong password requirements, should be non-negotiable in this day and age. We enforce these policies for our clients, with security at scale.

SIEM Platform

The amount of data that modern security platform and services are staggering. Not to mention the amount of data that your basic systems like Azure and Office 365 generate are equally as large. Your firm needs to be leveraging a full-service next generation SIEM platform to aggregate these events and provide you with intelligence on what’s happening from a security perspective inside your firm.

How do you know what systems are vulnerable to the latest risk? How do you know if you have been compromised or if your firm is under advanced sophisticated attack? You need the visibility that these SIEM platforms provide. The SIEM we use to monitor our and our clients’ systems is a key layer in our defense in depth model.

Partners

One of the items that is so unique about the industry we specialize in – the alternative investment industry – is that it has such huge enterprise needs, but most firms don’t have near the enterprise human capital to run those needs. This is why investment firms need to look to their partners to help them with their cybersecurity needs. Pick and work with an industry-specific MSP that can meet and exceed not just the regulatory requirements of your business, but that has also built the tools and security layers that your firm needs. Leverage them to provide you with a defense in depth model, security at scale, coupled with the specific security knowledge that you wouldn’t be able to do internally at your firm.

You May Also Like

These Stories on Blog

Background image with financial charts and graphs on media backdrop

Learn more about how your investment firm can benefit from our flexible, scalable & secure IT services.

Contact Us