You may have read a lot of reliable technical analysis on Log4j vulnerabilities.
But this is not this article.On the contrary, this article aims to provide some perspectives from the decades spent in the CISO role and the many days now in conversations with other CISOs and CIO colleagues—the same type of conversation happens at any time. , Such as Log4j or Solar wind, Or choose a security incident with a major explosion radius, impact, and long-term concern.
This is not to reduce worries; the Log4j vulnerability (also known as Log4Shell) is one of the biggest security issues we discovered this year and two weeks later, and we are just beginning to understand. But it is easy to be overwhelmed by hype, marketing and speculation, forgetting that we now need to do some important things to improve our state, strengthen our team, and put us in a better position in the next Log4j.
Here are some suggestions from CISO:
1. Lead with empathy And contact your security circle.
I said it before, and I will say it again: security professionals, CISOs, or others, tend to support each other. Use it to make progress. Have empathy for each other and your team. It’s a holiday, we are still in a pandemic, and we are all trying to limit the exposure of products consumed and developed by our organization.
Since this problem began to affect my CISO circle, I have spent a lot of time. I am happy but not surprised to find that we are already working together to solve this problem, sharing successes, failures and opportunities. Remember: your simple mitigation measures may be other people’s lifeline ideas, because they may lack solutions to complex security problems.
2. Get as clear as possible of what is happening in your environment.
What Log4j can do, and what we need to do as technology leaders to solve it, fundamentally speaking, it is a network hygiene and visibility and control issue. This technology can be used to reveal to us all the information about the applications we run in the cloud-we don’t always build our security infrastructure in the most effective way to take advantage of it.
As Netskope Threat Lab researcher Gustavo Palazolo pointed out to Dark Reading last week, “One of the main challenges facing organizations is to identify all compromised assets. The Java-based Log4j logging library is very popular and can also be used by many applications. Like IoT devices and legacy systems that are maintained for backward compatibility. Even if an application is found to have vulnerabilities, it can be difficult to update it because the organization may not be able to withstand downtime or lack proper patch management controls. Therefore, in some cases The time between identifying all damaged systems and fixing the problem can take a long time.”
This can be solved with the right infrastructure that can provide you with the finest visibility, context, and tolerance to take action on what you see.
3. Identify your true partners and change the partners with whom you do business.
Day after day, every moment, we often fail to record great ideas, insights, or things that help us make better strategic decisions. This is natural: we are very busy, at times like this, we will seize quiet moments. But this is a suggestion I took a long time ago, and it has been serving me and my team ever since.
Make a note of who your true partners are and where (from which sources, which people, which teams) you have obtained good, useful information, quick and wise responses, and credible guarantees. Your true partners are those who have been by your side over time and have proven to be value-based rather than transactional relationships. They focus on your best interests. Security incidents have a way to surprise true partners based on value.
Record this information and use it to reassess your partnership and which partners are adding value, including what that value is and how you qualify it. Believe me.
There are already many articles on how the pandemic forces all CISOs to become more creative and flexible. If you just go back to using the same combination of vendor partners in the security stack before the pandemic, you will miss a lot of development strategies chance. I suggest you ask yourself these questions:
- Which partners really add value to you and your team?
- How do they provide this value? (How would you explain to people who don’t understand this relationship?)
- Why-write it down-you know that things like Log4j will continue to happen and we need to be as prepared as possible, will you continue or not continue with that partner?
This advice applies to your team as well as recruitment. Be proactive, considerate, and find resources for your team and the roles you need.I said before I do not believe There is a real cyber skills gap-we just haven’t looked for cyber talents wherever we can find them.
4. Share threat intelligence data without considering marketing.
None of us are as smart as all of us. There are many important threat intelligence sources, and all the best threat intelligence provides this intelligence to the community to strengthen all of us.
Contact me LinkedIn
Let me know what you think. We are all together, we can still come together-do it! — Strengthen everyone’s safety.
