The Cyber Safety Review Board has called log4j “endemic.” Synack continues to find Log4j vulnerabilities across our pentesting engagements. To date, we’ve checked over 1 million IPs and found over 100 vulnerable instances of Log4j.
For many, Log4j will be a slow burn. Organizations that had detailed knowledge of where Log4j was utilized in their networks have been able to remedy their instances of the vulnerability. But many organizations simply don’t have as detailed knowledge of their software and networks and will still need support for years to come.
When Log4j emerged as a zero day vulnerability in December of 2021, Synack responded with our Zero Day Response capability. Within a few hours of Log4j emerging, the CVE was available for on-demand testing within the Synack Platform.
Synack’s Zero Day Response capability surfaces vulnerabilities and CVEs within the Synack Platform, allowing users to activate Synack Red Team researchers immediately for targeted testing of the vulnerability. Customers will receive detailed proof-of-work reports for a given vulnerability, and exploitable instances will be surfaced in the Synack Platform’s vulnerability workflow. Through the platform’s vulnerability workflow, users can message researchers directly, find detailed information about the exploitable vulnerability and request patch verification on-demand.
In the face of the cyber talent gap, meeting the surge capacity required for a zero day like Log4j can be challenging. Security teams can be stretched thin on a regular basis, and they can be particularly stressed in the face of a zero day that requires specialized skills to detect and remediate in a timely manner.
The Synack Red Team bridges the cyber talent gap by providing on-demand access to researchers with a diverse set of skills from around the world.
In the face of a new zero day, the community can augment your team’s capacity and expertise. The innumerable combination of recon skills, offensive security skills, certifications and vulnerability expertise offered by the Red Team researchers is unmatched.
Learn more about the skills and diversity of the Synack Red Team here, with interviews from select researchers.