As organizations continue to discover and patch the severe Apache Log4j vulnerability on their networks, Palo Alto Networks is recommending their customers leverage their next generation firewalls with Threat Prevention service, along with Cortex XDR and Prisma Cloud to help mitigate the threat.
“There are many reasons why customers may not be able to upgrade for days or weeks, including the big effort required to upgrade Java before applying this patch, the full test cycle needed before upgrading Log4j, so it doesn’t break applications or year-end production freezes,” Bryan Olsen of Palo Alto Networks wrote in a blog post.
To bide time until all systems are patched, Palo Alto Networks products can help protect organizations against Log4j (aka “Log4Shell”) remote code execution (RCE) vulnerability exploits by enabling Threat Prevention security subscription as part of Palo Alto Network’s next generation firewalls or Prisma Access:
“To prevent intrusions, malware and command-and-control at each stage of its lifecycle and shut down advanced threats, Threat Prevention accelerates the security capabilities of our next-generation firewalls, protecting the network from advanced threats by identifying and scanning all traffic – applications, users, and content – across all ports and protocols.”
Threat Prevention includes a built-in intrusion prevention system (IPS) service that continuously monitors the network for malicious activity and proactively takes action to prevent threats, to include reporting, blocking, or dropping it when they occur.
Palo Alto Networks also provided additional guidance for blocking Log4j exploits, incident scoping, incident response and lessons learned in the post.
Readers can also register for Palo Alto Network’s threat intelligence briefings, Unit 42 Briefing: Apache Log4j Threat Update to learn more about Log4j details, recommendation mitigations, and how their products can help prevent the vulnerability from being exploited.