Asigra Cyber-Secure Backup Platform Defending Data Against Persistent Log4j Vulnerability | TORONTO – March 8, 2022 – Asigra Inc., a leader in cyber-secure backup and recovery, today emphasized the requirement for protected backup environments to maintain business operations after an exploit of the Log4j vulnerability. Using a highly effective obfuscation tactic, the vulnerability allows malicious actors to conduct remote code attacks to expose/access sensitive data across IT domains. The effect of these exploits can be addressed in part with an effective data recovery strategy and solution, as illustrated by the Asigra cyber-secure backup platform.
Discovered in Apache’s Log4J, a logging system in widespread use by web and server application developers, the vulnerability makes it possible to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use. With the highest possible severity rating of 10 out of 10, security professionals are investing significant time and resources into countering this threat.”[1]
Organizations globally have been tasked with developing an effective Log4j mitigation strategy, which often includes infrastructure-wide scanning to get a thorough inventory of every service, server, workstation and client system using Log4J. This is followed by device patching and blocking outgoing requests to firewalls to minimize the ability of hackers to compromise the computing environment.
Even with thorough scanning and patching of affected software and systems, organizations will still be at high risk of a ransomware attack. Since the vulnerability was likely known to hackers for weeks before reaching public awareness in November last year, cybercriminals have had ample time to implant ransomware malware and backdoor viruses while the proverbial “front door” was unlocked. These tools can allow hackers access to vital systems, even if Log4J vulnerabilities are updated.
An additional item on security professionals' remediation checklists is backup software. One of the lesser-known targets of Log4j exploits includes the agents of many popular backup and recovery products, which often provide access to a central data repository for all sensitive information in the organization.
Because of threats like Log4j, modern backup/recovery solutions should not rely on agents or the Java Naming and Directory Interface™ (JNDI) to avoid the exploits of Log4J and other threats such as ransomware, which in many cases are even more dangerous. Because many backup solutions are vulnerable, agent-based backup systems are now a necessity. If a backup environment is compromised, IT/backup administrators are advised to scan all existing data sets, quarantine suspected backups, scan live data sets for malware, and restart the backup of any compromised from known clean systems.
With the latest malware variants, data protection strategies and solutions utilizing air-gapped or immutable backups now provide a false sense of security and fall short in their defense against cyber threats. As a result, cyber-secure backup platforms are set to fill the voids inherent in these approaches. Asigra steps up to the challenge in three important ways:
“The art of data protection has evolved significantly over the past several years, making once standard features obsolete or even high-risk,” said Eric Simmons, CEO for Asigra. “This has exposed legacy platforms that require agents, leverage air gapping or rely on immutable backups. Asigra has advanced the state of data protection to provide a 100% agentless solution and the most comprehensive suite of cyber defenses that make infiltration extremely difficult for even the most aggressive threat actors.”
For a demonstration of this enhanced data protection suite, please contact info@asigra.com or visit https://www.asigra.com/contact-us to schedule.
Tweet This: @Asigra Cyber-Secure Backup Platform Defending Data Against Persistent Log4j Vulnerability – https://bit.ly/3w55Yqf
Trusted since 1986, Asigra advanced AI-enabled data protection platform is proudly developed in and supported from North America, providing organizations around the world the ability to quickly recover their data from anywhere through a global network of IT service providers. As the industry’s most secure backup and recovery solution for servers, virtual machines, endpoint devices, databases, applications, SaaS and IaaS based applications, Asigra protects sensitive data with anti-ransomware defense and 100% recovery assurance. The company has been recognized as a three-time Product of the Year Gold winner by Techtarget for Enterprise Backup and Recovery Software and positioned well in leading market research. More information on Asigra can be found at www.asigra.com.
Asigra and the Asigra logo are trademarks of Asigra Inc.
Call 877-736-9901 or email info@asigra.com
[1]"Hackers launch more than 1.2m attacks through Log4J flaw". Financial Times. December 17, 2021.