Why Log4j Does Not Scare Me

  • Tuesday, 25 Jan 2022 3:30PM EDT (25 Jan 2022 20:30 UTC)
  • Speaker: Kevin Fiscus

December 5th, 2021, a date which will live in cyber security infamy. On this date, our industry was struck with a new disaster; CVE-2-21-44228, also known as Log4Shell. A newly discovered vulnerability in the Apache Log4j 2 Java library allows attackers to execute remote code on affected systems and those affected systems are everywhere from web sites and applications to the web interfaces of IoT devices. This vulnerability is serious, with a CVSS threat rating of 10 out of 10 and I don't really care, because I’m prepared and not just scrambling to patch.

How would you like to never have to worry about the newest vulnerability or the latest attack vector? How would you like an IT environment that would be easier to attack physically than "over the wire" for the attacker? How would you like to not care about Log4Shell, or whatever comes next? This webinar will provide active defense strategies not just for addressing Log4Shell but, also for addressing the next big vulnerability, and the one after that. Using cyber deception and active engagement techniques, an attacker compromising your network has just entered a field of land mines where any misstep results in the detection and immediate response. The topics discussed in this webinar will seem too good to be true. I promise you, they are not. Learn to change the paradigm. Create a situation where the attacker needs to be right 100% of the time while defenders only need to be right once. Learn how we take back the advantage.