R&T is actively following the open-source Apache Log4j vulnerability. We have found third party products that have exposure to it and are doing a full analysis. We have patched all external facing systems that have been identified and are looking at tools to use to make sure there was no breach before that. We are also working with our intrusion detection system provider to confirm that they would detect anyone using this vulnerability.
Our firewall service provider is applying security patches for this vulnerability and working closely with their engineering teams to assess potential impact to their products and services. Additional actions taken by our Firewall provider include:
- Actively scanning the environment to detect any potential issues
- Updated Firewall/UTM/IDPS signatures and policies to block Log4j traffic patterns
- Added detection rules and continues to update our SIEM to detect traffic based on the latest information available
- Implemented IP blocks for known source IP’s associated with Log4j (Threat intel and IOC based)
UPDATE as of 12/24/2021:
R&T has applied all available updates from our vendors. After closely working with our security vendors, R&T have found no evidence any of our systems were compromised by Apache Log4J vulnerability.