The Log4j vulnerability (CVE-2021-44228) is a great example of the valuable protection ThreatBlockr provides to proactively protect against cyber threats.
The first step attackers take to exploit a vulnerability is to actively scan for potential targets. Furthermore, much of that scanning infrastructure tends to be used by malicious actors for post-scan exploits immediately after a successful scan.
We’ve already identified activity from more than 7,500 IPs associated with Log4j scanning activity from over 15 of our threat intelligence data sources – and we’re actively blocking this traffic for our customers, providing them immediate protection from the currently circulating zero-day attack vectors. We’re seeing this activity from over 100 different countries and nearly 1,000 ASNs.
This demonstrates the critical need to use threat intelligence from multiple sources to proactively block threats – before they hit your network. No single threat intelligence source knows the entire landscape. It is the collection of best-in-class sources that together provide the protection our customers need, enforced through our ThreatBlockr architecture.
Want to see if these malicious IPs are getting through your firewall? Send us your firewall logs and we’ll show you in a matter of minutes.
On a related note, here is our official response to our own platform. ThreatBlockr software is not impacted by the critical Log4j zero-day attack vector. The security stack upon which ThreatBlockr is built has been carefully designed to minimize the potential for security risk. On that note, absolutely no ThreatBlockr infrastructure makes use of any Java library, to include Log4j.
Block. Every. Threat.