Log4Shell: A retrospective

Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and …

How would zero trust prevent a Log4Shell attack?

There is a seemingly trivial solution to any remote code execution attack, namely: do not to let the inbound traffic match the pattern that triggers the vulnerability of the …

4 practical strategies for Log4j discovery

For security teams scrambling to secure their organizations against Log4j exploitation, one of the first and most challenging tasks is understanding where Log4j exists within …