Pure Storage gives tips for current and future security vulnerabilities
The Log4j vulnerability, described by experts as the “biggest security vulnerability of all time”, has shaken the cloud community – what we can learn from it
In December, a critical zero-day vulnerability was reported in the popular Log4j framework. Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), described this as “the most serious security vulnerability I have seen in my decades-long career” due to the ubiquitous use of Log4j.
This is not an exaggeration. Log4j runs on an estimated three billion devices. Public cloud providers, major software vendors, and private and public sector companies are all affected on a large scale. What can companies learn from this event? Pure Storage says: With consistent system hygiene and a ready-to-use patch program, companies can certainly prepare for an event of this magnitude.
The race for updates and patches (and the risks of not updating)
The convenience and availability of this open source code (which developers can use instead of creating a new logging module every time) also means that the vulnerability is widespread. Experts say that the number of services and sites to which it is connected makes it the biggest vulnerability of all time.
Cybersecurity experts in large and small companies had to work over the holidays to fix the code in all instances connected to the Internet. The developers worked day and night to find vulnerabilities, backdoors or malicious code and will probably take further steps to fix the problems in the coming weeks.
An update with a patch has been released in the meantime, but the lesson is that too many companies have been surprised without a plan. Those who are not able to patch quickly will have to face serious consequences, and the private sector will have to face consequences if it does not update its systems. In the US, the CISA has set a deadline for civil federal authorities to update. This is an unprecedented level of surveillance, and everyone needs to be prepared for it in case this becomes the norm.
Maintain better security and data hygiene with a patching program
In the event that something similar is repeated, in the opinion of Pure Storage, some measures are important to be prepared:
Practicing hardening of the safety position
Regardless of whether there is a specific problem that the environment needs to be protected from, companies should apply the best practices to improve the security situation.
- Limiting the management interfaces to a set of trusted networks.
- An additional hardening of the security situation can be achieved by restricting all access to the control level via a jump box (Bastion Host) and outgoing Internet access to trusted destinations. Pure Storage strongly recommends the generally accepted best practice of severely restricting, if not completely blocking, Internet access to administrative login interfaces, including connections via SSH, TLS, remote consoles and remote desktop mechanisms.
- Closely monitor the array for abnormal or unexpected workload/IO spikes or workloads as a leading indicator.
- Enabling edge detection/protection mechanisms in the firewall/IDS/IPS systems to detect anomalous access or traffic patterns.
- Implement consistent system hygiene: This is the most important aspect of any safety program. Data and system hygiene are part of the collective processes that ensure that data is clean, deduplicated, organized and correct.
- Have a communication plan ready: The article A 6-Point Plan for the ‘During’ of a Data Breach describes in detail how socj can prepare external communications to customers, the media and supervisory authorities.
Ensure that all systems can be patched in a timely manner
Some general guidelines for schedules might be as follows:
- 24 Hours for critical vulnerabilities
- One to three days for high susceptibility
- One to two weeks at moderate risk
- Two to four weeks for low-risk vulnerabilities
Quick-to-deploy patch team
It is imperative to have a team ready to quickly detect the vulnerability, create and test the patch before it is made available. It makes sense to set up an operations team that focuses specifically on the provision of critical patches. If the company creates a lot of code, it should involve developers who can create software patches.
Keep up to date with the open source code used
If companies use the code of others, those responsible should set up a program to monitor the open source code so that they know as precisely as possible which versions they are using and where.
Overview of whether and which open source code and which systems the suppliers use and where and how they are used by the products
Open source code is widely used, but disruptions that cannot be controlled or fixed can lead to interruptions in the code supply chain. It is also important to have a backup and recovery plan for critical systems that depend on third-party systems. For example, if a public cloud instance goes down, IT professionals should be prepared to bring critical systems back up and running via a co-location or private cloud environment if they can.
Updating the systems of all users to the latest versions
The updating of systems and the continuous training and further education of employees, customers and partners is always important. During a security breach, it is important to be particularly vigilant against phishing attacks. This is one of the most common methods that hackers use to gain access to the system if there is a known vulnerability.