Log4Shell Remediation

The client had an unknown level of exposure to the Log4Shell zero-day vulnerability representing an unacceptable level of risk to the organization.

Log4Shell Remediation

Project Information

Client
National Healthcare System (>150,000 Employees)
Date
December 1, 2021
Category
Cybersecurity Assessment

How this Project works

Hale Consulting Solutions LLC was engaged on this effort to assist to:

Identify Vulnerable Assets

A variety of vulnerable and attack surface evaluation tools were utilized to identify applications and assets with the vulnerable versions of Log4J installed on them.  These tools included Nexpose, Qualys, Tenable, Xpanse & custom client developed applications.

We incorporated the scan results along with vendor reported vulnerabilities to compile an inventory of vulnerable assets and applications prioritized based exposure (external vs internal), criticality and volume.

Remediate Identified Vulnerabilities

Using this prioritized inventory of vulnerable applications and assets we were able to work with the application and system owners and support teams to remediate the vulnerabilities using a variety of approaches:

  • System (OS) patching where applicable
  • Application patching where available
  • Disabling and/or removal of Log4J components
  • Other vendor recommended mitigations where available

Keeping Executives Informed

Throughout the effort we maintained an intranet site (GoogleSite) providing daily reporting on the number of vulnerabilities discovered, the number of vulnerabilities remediated and any issues or requests for escalation needed.

Case Studies

Project Result & Benefits of Project

  • 100% Remediation of externally exposed vulnerabilities.
  • 100% Remediation of vulnerabilities on critical (Tier 0 & Tier 1) assets and applications
  • 98% Remediation of vulnerabilities on non-critical assets and applications
Log4Shell Remediation
Cybersecurity company Tenable called the Log4Shell exploit "the single biggest, most critical vulnerability ever", Ars Technica called it "arguably the most severe vulnerability ever" and The Washington Post said that descriptions by security professionals "border on the apocalyptic".