ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.


ETFOptimize | HOME
Close Window

Syxsense Releases Steps for Businesses to Protect Themselves Against the Log4j Vulnerability

By: PRLog

A vulnerability in Log4j, a very popular Java-based logging tool, has been weaponized. The threat is impacting millions.

ALISO VIEJO, Calif. - Dec. 14, 2021 - PRLog -- Syxsense, a global leader in IT and endpoint security management, announced the ability to scan for Log4j using Syxsense Secure, identifying endpoints that are exposed to this new vulnerability.

"Although a number of popular IT management and security tools are vulnerable, Syxsense is pleased to confirm that it does NOT use Log4j," commented Ashley Leonard, CEO of Syxsense. "It imperative that IT departments respond quickly to this new threat by scanning their environment and identifying exposed endpoints."

A vulnerability in Log4j which is a very popular Java-based logging tool has been weaponized. All versions of Log4j prior to 2.14.1 are vulnerable, this does not just impact the stand-alone installer. Any application which uses Log4j for log file management or LDAP queries could also be vulnerable, unfortunately where this is the case, the vendor must provide updates for those 3rd party updates.

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

What makes this extra serious, is that the Scope (also known as a Jump Point) is Changed – meaning that exploitation of this vulnerability could allow the attacked to affect resources beyond the security scope managed by the security authority of the vulnerable component.

CVE-2021-44228 – CVSS Score: 10
Syxsense Risk Alert

  • Attack Vector: Any Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Yes
As always, we recommend full testing be performed prior to live deployment to your device. These are now available within Syxsense.

If a business is uncertain of the prevalence of Log4j in their environment, or worried about the presence of Log4j in their scanning tools, be assured that Syxsense Secure does not use the logging tool with the vulnerability in it. Businesses can download the Syxsense scanning tool and use it to run free scans of all the hard drives in their environment for 14 days at no cost. Syxsense is also waiving the 100-device limit of our free trial for a limited time to ensure businesses can run a complete diagnostic scan in their environment.

To run a scan, please visit: https://www.syxsense.com/log4j-secure-trial

About Syxsense

Syxsense is the leading provider of innovative, intuitive technology that sees all and knows everything about every endpoint, in every location, everywhere inside and outside the network, as well as in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen. The Syxsense Endpoint Security Cloud always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. www.syxsense.com

Contact
Heidi Smith
Syxsense
***@syxsense.com

Photos: (Click photo to enlarge)

Syxsense Logo Syxsense can protect against Log4j vulnerability

Read Full Story - Syxsense Releases Steps for Businesses to Protect Themselves Against the Log4j Vulnerability | More news from this source

Press release distribution by PRLog

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.


 

IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.