Randori and IBM Plan to Join Forces to Tackle Growing Attack Surface Risks

January 25, 2022

FTC Cracks Down on Log4j

By: Ian Lee

Share on facebook
Share on twitter
Share on linkedin

In a recent blog, the Federal Trade Commission (FTC) sent a shot across the bow of financial services firms. In it, they warned firms that they will be cracking down on companies which fail to move quickly to identify and remediate Log4j, the popular Java-based logging service. 

Stressing the seriousness of the issue, the FTC clearly stated it “intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” To back it up, the FTC cites their recent $700M judgement against Equifax, which resulted in the exposure of the personal information of 147 million customers, as evidence of what companies that fail to adopt a more proactive approach to vulnerability management can expect. 

What’s Expected: 

  • Update your Log4j software package to the most current version
  • Consult CISA guidance for instructions on mitigation 
  • Ensure remedial steps are taken to ensure that your company’s practices do not violate the FTC Act. 
  • Distribute this information to relevant third-party subsidiaries that sell products or services to consumers who may be vulnerable.

 

What’s Required: 

  • Continuous discovery of internet-facing assets. 
  • Ongoing discovery of vulnerabilities and other risks. 
  • Standardized system for prioritizing and remediating risks. 
  • Proof and validation of action. 
  • Evidence of improvement. 

 

How Randori Can Help: 

Randori’s industry-leading attack surface management solution can help you stay one step ahead of attackers and FTC by providing a proactive and ongoing solution for identifying and prioritizing emerging threats, such as Log4j. 

With Randori Recon, organizations can gain: 

  • Instant Visibility into Emerging Risks – Randori Recon automatically discovers and inventories all of your external-facing assets, analyzing them for the latest emerging threats using black box discovery and our patent-pending Target Temptation technology.
  • Hard Evidence You Got Everything – By continuously monitoring your attack surface to discover all internet-facing assets that may be vulnerable, you can see the impact of your team’s progress in real-time. If anything slips through the cracks, we’ll find it. 
  • Proof You Take FTC Seriously – Ongoing visibility provides FTC proof you’re taking requirements seriously by ensuring you’re continuously watching and analyzing every target for new and emerging risks, be it Log4j or the next big vulnerability. 
  • Turn-Key Integrations with VM Solutions – Randori integrates with your existing asset and vulnerability management solutions for a closed loop solution your team can manage day to day. 

 

Discover the power of Randori Recon for yourself. Sign up to get a free Log4j assessment of your organization today.

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.