IT organizations worldwide are still reeling from the discovery of a major security vulnerability in Apache Log4j, an open-source logging utility embedded in countless internal and commercial applications.\n\nBy submitting a carefully constructed variable string to log4j, attackers can take control of any application that includes log4j. Suddenly, cybercriminals around the world have a blueprint for launching attacks on everything from retail store kiosks to mission-critical applications in hospitals.\n\nIf security teams overlook even one instance of log4j in their software, they give attackers an opportunity to issue system commands at will. Attackers can use those commands to install ransomware, exfiltrate data, shut down operations \u2014 the list goes on.\n\nHow should enterprises respond to this pervasive threat?\n\nFirst, organizations need better visibility into both software supply chains and endpoints. They also need a way of delivering patches and updates quickly and comprehensively. Finally, they need hair-trigger segmentation controls over endpoints, so that if attackers do penetrate their network through log4j or any other exploit, they can quickly isolate those endpoints through network segmentation (closing network ports) and prevent the attack from spreading.\n\nKnow your code\n\nOrganizations need improved visibility into their software supply chains. That means understanding not just what applications they\u2019re running, but also understanding the various components that go into those software applications.\n\nIf a software application from vendor X includes a software component from vendor Y, and vendor Y\u2019s software includes a component from vendor Z, then any security vulnerability in vendor Z\u2019s software affects the entire supply chain: vendors X, Y, Z, and all three companies\u2019 customers.\n\nTwo recent cyberattacks illustrate the breadth of this kind of vulnerability, which is known as a supply chain compromise.\n\nThe first was the SolarWinds data breach, in which attackers broke into the network at software vendor SolarWinds and implanted malware in the company\u2019s Orion network management product. Although less than 100 networks were successfully hacked, that malware left thousands of networks of SolarWinds customers, including government agencies, potentially vulnerable.\n\nThe second supply chain compromise attack involved software vendor Kaseya. In that case, attackers bypassed authentication controls and plant ransomware in one of Kaseya\u2019s products, which is used by managed service providers (MSPs) to manage remote endpoints. The ransomware eventually affected 1,500 organizations, including Kaseya MSPs and their customers.\n\nWhen software vulnerabilities are discovered, organizations need to be able to scan their software assets and discover any use of compromised components. This can be trickier than it might seem. When hunting for software components rather than full applications, you can\u2019t just list the applications installed on an endpoint.\n\nYou might have to search for filenames or even file hashes, or #include statements within applications themselves. And of course, you need to be able to do this quickly across all your endpoints, including those in remote locations or in the cloud. Time matters. You have just days or even hours before attackers will find the files for you.\n\nKnow your endpoints\n\nTo scan software on endpoints, you first need to find all your endpoints. Easier said than done. A recent survey found that 94% of organizations have overlooked endpoints on their networks.\n\nYou need to know where all your endpoints are and what software components are included in all their applications, so you can take the next step \u2014 installing patches and updates \u2014 before attackers take advantage of a known exploit.\n\nPatch quickly to eliminate vulnerabilities\n\nOnce you\u2019ve identified problematic software on endpoints, you need to patch that software or disable it as quickly as possible.\n\nWith comprehensive visibility into software versions active on every endpoint, though, you can target your patches and updates. With an effective endpoint management system, you can install them promptly. And again, accuracy matters.\n\nSome endpoint management systems report that they\u2019ve successfully installed patches when they haven\u2019t. The best practice is to audit some of your installations to ensure your system is performing as expected.\n\nContain attacks instantly\n\nYou\u2019re not always going to win this race against time with every vulnerability in all your organization\u2019s software. Attacks will happen. When they do, you need to shut them down quickly.\n\nWith a zero-trust solution in place for endpoints, you can detect attack activity instantly and isolate any compromised endpoints from the rest of your network. Zero-trust technology limits endpoint access only to authorized users by segmenting network traffic. It also blocks the ports and protocols that many ransomware and other malware strains rely on for moving across networks.\n\nUnfortunately, software component vulnerabilities like the log4j vulnerability will likely be an ongoing challenge for IT organizations. But by improving visibility into endpoints and applications, patching quickly and accurately, and using zero-trust technology to contain malware attacks, organizations can minimize the damage of these vulnerabilities.\n\nTo learn more, visit us here.