Hello valued Weston Clients!
You may have heard news in recent weeks about what has been referred to as the Log4J or the Log4Shell vulnerability. While we won’t go into technical details about the vulnerability (there is plenty to read here, here, here and here), it is a very serious vulnerability in a software library that is used by a bunch of software out there for logging features and cannot be ignored. While 100% breach protection is impossible, we’re working to make sure you and your network are protected as much as possible.
When news of the vulnerability was first announced, we immediately started researching the impact on our clients and figuring out how our internal tools might be affected. We also leveraged the security vendors that we deal with (and whose software is running on your computers) as well as got in contact with other service providers through peer networks, chat rooms and forums to make sure we were as knowledgeable as possible on the ramifications of this security hole. Through our partnership with security vendors and communications with all these companies (along with our many years of experience), we are working a multi-pronged defense strategy:
- While this vulnerability could affect workstations, our first priority is public-facing servers that are easier to exploit. So we are running vulnerability scans for all our monitored servers. If something resembling a vulnerable software library is found, a ticket is created in our system to address and remediate the vulnerability. Remediating the vulnerability isn’t a “one-size-fits-all” process, since every software vendor that uses the library implements it differently. But we are working on each one as they come in. If we find one that applies to multiple servers, we are scripting the process out to apply to multiple machines at one. Once we do further reviews on the impact to workstations, we will proceed with a similar remediation process.
- We employ the Huntress threat-detection agents on all our monitored systems (workstations and servers). They’ve been at the forefront of the Log4J remediation and exploit prevention research. Their software is built to find the vulnerability being exploited, immediately notify us, and if need be isolate the machine from the network so it can be fixed. This would also trigger our Security Incident Response protocol
- In addition, the McAfee Enterprise anti-virus software that is installed on our monitored systems is constantly pushing new updates to help stop exploitation of this vulnerability and prevent it from becoming a mess on your network.
- We also have monitoring scripts checking to make sure both of those agents (McAfee and Huntress) are installed in our monitored systems and auto-reinstalling the agents if necessary.
- We are also working with our software vendors to make sure our internal tools are not vulnerable to this exploit and patching where necessary to keep your data with us safe.
As a managed service provider with access into our client’s networks, we take our own internal security very seriously – which is why we are going through a third-party audit, and we’re auditing our internal software packages to make sure things are as safe as they can be. We appreciate your trust in this and in us.
For further thoughts on why it is important to use a managed service provider like us that takes your security seriously, see our blog post from this summer.
As with any technical issue or need for information, please feel free to reach out to us via chat, email or phone if you have any questions related to this vulnerability or our processes to remediate it.
–The Weston Support Team
Leave a Reply