3rd Party Risk Management , Application Security , Business Continuity Management / Disaster Recovery

From the Trenches: Remediating Widespread Apache Log4j Flaw

Kroll's Jeff Macko Details Steps Needed to Safeguard Organizations Now and in the Future
Jeff Macko, associate managing director of cyber risk, Kroll

Exploitable vulnerabilities in the widely used Apache Log4j logging software have left security teams scrambling to identify where the software is used in their environment as well as how to guard against it being exploited.

See Also: Gartner Guide for Digital Forensics and Incident Response

"What we've seen with Log4j through a lot of investigations that we're doing here at Kroll is that companies are impacted by this," says Jeff Macko, an associate managing director in the cyber risk practice at corporate investigations and risk consultancy Kroll, based in New York. "Some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years."

In this video interview with Information Security Media Group, Macko discusses:

  • Mitigation: Best practices for identifying and remediating Log4j in the enterprise;
  • Vetting: Strategies for reviewing open- source and other software components;
  • Frameworks: How regulatory proposals such as having a software bill of materials might eventually help, and what IT teams can do in the interim.

Macko is an associate managing director in the cyber risk practice of Kroll. With over 25 years of experience and several certifications in information technology and security, he leads a team of offensive security experts in North America.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.