Download the free scanning tool identifying Log4Shell vulnerabilities
Experts have called Log4Shell the largest single and most critical IT vulnerability of the last decade. It affects many systems, but one can download a simple, free tool that scans servers and clients.
Soon after the Log4Shell vulnerability was identified, IT Relation's cyber security team set in motion a comprehensive response. Today, security experts share their experience and tools to help several companies prevent and identify servers and clients vulnerable to Log4Shell.
“Many Danish companies find it difficult to manage a significant security threat like Log4Shell. They are at a loss to know what measures to put in place. We are therefore keen to share our knowledge of the area, in the hope that more companies will protect themselves against the threat before it’s too late”, says Thomas Østergaard, Development Executive at IT Relation.
For many companies, manual investigation of all third-party software to check for Log4Shell vulnerabilities is an unrealistic demand. It is thus an obvious advantage to be able to scan environments for their vulnerabilities and provide an overall view.
Download the free scanning tool here
IT Relation has prepared a guide to scanning for vulnerability to the Log4J component, among other things through a combination of open-source components. The guidance document is available at https://www.itrelation.dk/log4shell
IT Relation, which is part of itm8, also recommends a simple guide showing how to detect Log4Shell vulnerabilities.
“The essential thing is to find any gaps quickly and to speak to one's suppliers about the best way to close them. If the solution is too complex it will cause delays, making it harder to take action. We therefore recommend that the following three steps be taken”, says Thomas Østergaard.
Scan your servers and any clients for Log4j software
Contact your suppliers if the scan finds Log4j in your software
Be sure to follow your software and hardware suppliers’ instructions with respect to Log4Shell
Not all suppliers are aware of the extent to which their products are affected by Log4Shell. IT Relation therefore recommends doing the scan oneself and, if something crops up, contacting suppliers.
We are proactive in protecting customers
Many IT Relation customers already use security services based on Microsoft 365 concepts and the preventive scans that help mitigate vulnerabilities such as Log4Shell.
“We've already assisted many of our customers with the scanning of their servers and clients to discover third party applications that use Log4j. We found a fair few vulnerable applications. As a company, it is important to be proactive in this area and not to imagine, ‘Surely it won't affect us’”, says Thomas Østergaard of IT Relation.
Thomas Østergaard, Development Executive, IT Relation, mobile +45 2368 8109
About IT Relation
IT Relation has 750 specialists in the areas of outsourcing, IT security and cloud services. IT Relation has offices throughout Denmark as well as in the Czech Republic and the Philippines. IT Relation is part of the ITM8 group, a strong ecosystem of leading Danish IT companies and specialists.