Responding to new cyber security threats quickly and effectively

For someone who works in IT or is responsible for an organisation’s information security, hearing about the disclosure of a new software security vulnerability is never good news.

Some vulnerabilities are considered low severity as they are low risk, apply to niche products, are difficult to exploit, or have no proof of concept and no sign of active exploitation in the wild. These can typically be dealt with in monthly security patches. However, every so often comes along a vulnerability disclosure at the opposite end of the scale, and these have everyone racing to get their systems patched and protected as quickly as possible.

Unfortunately, this week the industry has been dealing with the latter; security researchers disclosed a vulnerability, dubbed ‘Log4shell’, which is a vulnerability in the widely used tool, Log4j, used by millions of computers worldwide, including Ingenuity, the Mars Helicopter*, to save messages from applications.

This vulnerability was about as bad as it gets; it’s an incredibly common tool used in many applications, in many industries, on systems exposed to the Internet, has a proof-of-concept exploit, has evidence of bad actors scanning for vulnerable systems, and if successfully exploited could allow attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

At Grapevine, our engineers have been working tirelessly to make sure that our clients’ systems are protected, and vulnerable applications are patched. Fortunately, we’ve got several tools available at our disposal and I wanted to share with you today about one of our newest tools which protected our clients’ systems from being compromised.

 

How our Managed Firewall Service can protect your business

Earlier this year, Grapevine launched our Managed Firewall Service, to a great response from our clients. Backed by equipment from Watchguard, who are considered one of the leaders in cyber security, our clients benefit from a stateful firewall with an incredible Intrusion Prevention System, application control, a website blocker, spam blocker, gateway antivirus and threat detection and response, all from a cost-effective Grapevine managed service.

WatchGuard firewalls sit at the edge of clients’ networks, as a barrier between threats on the Internet and your computers on your internal network. All traffic flowing between the two is meticulously scanned and allowed or denied based on rules defined by Grapevine’s Watchguard-certified engineers, in addition to threat signals from Watchguard’s security team.

After successfully protecting our clients’ and our own infrastructure, Grapevine’s engineers reviewed a client’s Watchguard firewall and noticed that in just 3 working days since the disclosure, 17 Log4shell/Log4j attacks had been attempted and blocked, and in the last week since the disclosure, a staggering 53 Log4shell/Log4j attacks have been attempted and thwarted. WatchGuard’s security team had pushed out new threat signatures for this latest vulnerability, the firewall had then automatically downloaded these updates and proceeded to thwart the impending attack. Demonstrating how successful and good value-for-money the client’s investment has been. We’ve included screenshots below of the Intrusion Prevention System overview:

WatchGuard Intrusion Prevention Overview for 3 working days after vulnerability disclosure

 

WatchGuard Intrusion Prevention Overview 1 week after vulnerability disclosure

 

In addition to the low-management overhead, our solution includes monthly activity reporting, so our clients have full visibility of what’s going on at their network edge.

If you have on-premises or cloud-based infrastructure, please contact us or speak to your Grapevine Account Manager to learn more about our Managed Firewall Service.

 

*https://www.theregister.com/2021/12/16/ingenuity_mars_helicopter_log4j_network


 

📨 Subscribe to the monthly Grapevine newsletter – We help make sense of the latest in technology and communications. Click here to receive helpful information for your business from our team, delivered to your inbox once a month.