Log4Shell Vulnerability Solutions Forum 2022

9:00 AM

Welcome & Opening Remarks

Jake Williams, SANS Senior Instructor & Subject Matter Expert
Casey Ellis, Founder & CTO, Bugcrowd

9:15 AM

Solving Cloud Security Challenges

A well-crafted container or kubernetes avoids using excessive privileges, shipping unused packages, leaking credentials, and will expose a minimal attack surface. By removing known risks in advance, you’ll reduce security management and operational overhead; however, not everything can be known and prevented in advance. You cannot forget about security since the container is running.

Join this session to gain clear direction on how to:

• Image build and apply Dockerfile best practices
• Reduce the attack surface and optimize size for distribution using multistage builds
• Manage threats and vulnerabilities, like log4j

Eric Magnus, Engineering Manager, Sysdig

9:50 AM

Block Like a Boss: Detect Behaviors

Don't Depend on Deny Lists & Learn How to Detect Evasion Techniques that Legacy WAFs Can't

The recent Log4J 0Day generated unprecedented levels of risk. Morphing attack patterns that continue to emerge only compound the problem and will demand our attention into the foreseeable future. ThreatX’s combination of attacker-centric behavioral analytics, 24/7 SOC, managed services and threat research were—and will continue to be—a potent combination to combat the threat as it evolves. In this session, Neil Weitzel, ThreatX’s SOC manager, will share his front-line insights into how ThreatX’s managed SOC delivered same-day protection against Log4J and developed heuristics to detect and block attempted explicit exploits outlined in CVE-2021-44228. He will demonstrate ThreatX’s capabilities, including its multi-level serialized decoding that allowed its customers to detect evasion techniques that legacy WAF providers would struggle to defend against. As we heard from one customer in the throes of Log4J: “I have to say it’s wonderful having your platform in place right now.”

Neil Weitzel, SOC Manager, ThreatX

10:25 AM

Log4Shell Lessons Learned and Mitigation Tactics

This talk will share common challenges faced by organizations during and in the response to the Log4Shell related vulnerability disclosure. The talk highlights lessons learned collected from the front lines during investigations on how organizations approached the problem and how certain mitigations prevented further escalation of attacks.

Yinan Yang, Director - Professional Services, CrowdStrike

11:00 AM

Break

11:15 AM

Log4j: Separating the Exploits From the Noise

Attackers have already found thousands of potential ways to obfuscate their log4j attacks, which are sweeping the Internet at breakneck speed. SOCs protecting still-vulnerable assets have a duty to chase down every alert for it that pops up - which are coming in at a rate of tens or hundreds of thousands of times a day for larger enterprises. This talk will discuss how a data-driven strategy can automate that insurmountable task into a process that quickly reveals systems that actually responded to the attack - letting teams focus on the alerts that matter the most.

Alex Kirk, Global Principal Engineer, Corelight

11:50 AM

Speed and Scale: The Technical Security Manager’s Log4shell Manifesto

For many organizations, the experience of Log4Shell during and after the holidays felt like trying to find many needles in many haystacks within a burning barn. To be prepared for the unexpected, security teams need to be able to act quickly and answer questions about their endpoint and cloud workloads such as: What assets are affected? Has the exploit been attempted? and How will updating our software affect our production workloads? There is no silver bullet. However, the proper tooling can make software asset management easier and improve your reaction time to emerging threats such as Log4j/Log4Shell.

Join this session to learn more about:

• Using osquery to simplify software asset management
• Scanning a million hosts in under 30 minutes for all vulnerable .jar files with Uptycs’ osquery-based solution
• Leveraging YARA rules and historical data to scan for exploit attempts
• How to brief executive leadership on security incidents and build expectations around resource requirements

12:25 PM

API Security Strategies: Preparing for the Next Log4Shell

The attack surface for APIs is massive amongst all of the different endpoints and Log4Shell is just one vulnerability that has been exposed. How do you prepare for the next one? Join this session and learn:

• What are the unusual things you need to know about Log4Shell? You probably have your WAF up and running to mitigate exploits but you should understand why it’s easy to bypass it.
• How to protect REST, graphQL, gRPC, and WebSockets endpoints against the Log4Shell of tomorrow?
• Attacks surface management in the world of APIs: what tools do you need for proper API discovery? And should you have been thinking about protecting internal microservices and East-West communication? (spoiler: oh yeah!)

1:00 PM

How to Get Answers for Your CEO's Top Log4Shell Questions​

According to a 2021 KPMG survey of hundreds of CEOs, cyber security risk is the number one risk threatening business operations. Just a few years earlier, CEOs dismissed cyber risk as a technology problem to be handled by the IT security team. Log4Shell didn’t calm CEO concerns about cyber risk, leading to many cyber security professionals having to answer non-stop questions about the new Log4j vulnerability.

We could not have anticipated Log4Shell, but we could have been more prepared as an industry to assess, prioritize and mitigate the potential risk of CVE-2021-44228...not to mention the thousands of other new vulns that threaten our businesses every year. Are you ready to answer questions from the boardroom?

Join us to learn how your peers took a risk-based approach to Log4Shell assessment, prioritization and mitigation. Get ahead of the hard questions from executives, and be prepared with intelligent, proactive answers for this latest P1 vulnerability.

Mike Parkin, Engineer, Vulcan Cyber
Igor Gvero, Principal Solutions Architect, Vulcan Cyber

1:35 PM

Break

1:50 PM

Cyber Attacks and Your Third-Parties: Why Filling Out Additional Assessments Does More Harm Than Good

When it comes to reacting to a security threat, no one has time for another assessment. Join CyberGRX experts Gary Phipps, VP of Solutions Engineering, to learn how you and your third parties can defend yourself differently in the face of a cyber attack. We'll talk about a new way to respond that includes:

• What proactive steps a third party can take to notify customers of their risk without overwhelming their security teams
• What tools can be used to focus on the coverage of controls being exploited in the specific attack
• How being a member of a true Third-Party Cyber Risk Exchange can be an game-changing advantage.

Gary Phipps, VP of Solutions Engineering, CyberGRX

Security Observability - Are you ready for the next Log4J?

When Log4j emerged, many organizations were caught “flying blind”, hoping that they could protect their applications with their traditional perimeter defense. Modern applications are extremely hard to secure because, in the cloud, the apps are no longer behind a firewall, but rather connected to services potentially everywhere. As a result, security at the gate is simply not enough, now we need visibility of what we have, how it is behaving, and how it is being used or abused. We need visibility with the context of the application in order to protect the business from emerging threats like Log4J and others.

In this session you’ll learn:

• How applications have changed and why we need to rethink application security
• How APIs are the key to security in the future
• How application security requires close collaboration across dev, sec, and ops
• How to quickly start securing your APIs, today!

Sudeep Padiyar, Product Manager, Traceable AI

Log4j - Forensics of a Supply Chain Attack

On December 9th, 2021 a major Log4j vulnerability was posted in GitHub. This immediately began a race to patch or block the attacks that had the potential of taking over the machines running vulnerable versions of Log4j. This supply chain attack showed us how a relatively unknown logging utility could present a high level of risk to companies ranging from SMB to Fortune 100. In this presentation, we will discuss the details of this vulnerability, analyze two of the most common attack vectors we observed, and the different ways that Imperva helps customers protect themselves from this vulnerability – blocking over 200 million attacks to date.

Erick Sanz, Sr. Engineer, Imperva

3:35 PM

Wrap-Up

Jake Williams, SANS Senior Instructor & Subject Matter Expert