In a recent blog, the Federal Trade Commission (FTC) sent a shot across the bow of financial services firms. In it, they warned firms that they will be cracking down on companies which fail to move quickly to identify and remediate Log4j, the popular Java-based logging service.
Stressing the seriousness of the issue, the FTC clearly stated it “intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” To back it up, the FTC cites their recent $700M judgement against Equifax, which resulted in the exposure of the personal information of 147 million customers, as evidence of what companies that fail to adopt a more proactive approach to vulnerability management can expect.
- Update your Log4j software package to the most current version
- Consult CISA guidance for instructions on mitigation
- Ensure remedial steps are taken to ensure that your company’s practices do not violate the FTC Act.
- Distribute this information to relevant third-party subsidiaries that sell products or services to consumers who may be vulnerable.
- Continuous discovery of internet-facing assets.
- Ongoing discovery of vulnerabilities and other risks.
- Standardized system for prioritizing and remediating risks.
- Proof and validation of action.
- Evidence of improvement.
How Randori Can Help:
Randori’s industry-leading attack surface management solution can help you stay one step ahead of attackers and FTC by providing a proactive and ongoing solution for identifying and prioritizing emerging threats, such as Log4j.
With Randori Recon, organizations can gain:
- Instant Visibility into Emerging Risks – Randori Recon automatically discovers and inventories all of your external-facing assets, analyzing them for the latest emerging threats using black box discovery and our patent-pending Target Temptation technology.
- Hard Evidence You Got Everything – By continuously monitoring your attack surface to discover all internet-facing assets that may be vulnerable, you can see the impact of your team’s progress in real-time. If anything slips through the cracks, we’ll find it.
- Proof You Take FTC Seriously – Ongoing visibility provides FTC proof you’re taking requirements seriously by ensuring you’re continuously watching and analyzing every target for new and emerging risks, be it Log4j or the next big vulnerability.
- Turn-Key Integrations with VM Solutions – Randori integrates with your existing asset and vulnerability management solutions for a closed loop solution your team can manage day to day.
Discover the power of Randori Recon for yourself. Sign up to get a free Log4j assessment of your organization today.