The Sisyphean Task of Vulnerability Management and How to Break Free

According to Greek mythology, Zeus punished Sisyphus for cheating death (twice!) by forcing him to roll a boulder up a hill only for it to roll down each time it neared the top, repeating this action for eternity. The thought

By: Sandeep Lahane |Security observabilityVulnerability Management| Posted On: March 24, 2022

How to Detect and Defeat the Log4j2 Vulnerability with Deepfence

Introduction to log4j2 mitigation The log4j2 vulnerability like the OpenSSL Heartbleed and Apache Struts vulnerabilities that came before it are poignant reminders to digital businesses that it’s not just enough to respond to a vulnerability by redeploying applications once a

By: Owen Garrett |Security observabilityVulnerability Management| Posted On: January 10, 2022

Visualize Attack Paths in Production Environments with ThreatMapper

The huge advances in ‘Shift Left’ processes makes it possible to deliver code to production that is secure and largely free from vulnerable dependencies. Among other things, these processes typically involve matching dependencies against public vulnerability lists from Mitre, Red

By: Owen Garrett |Security observabilityVulnerability Management| Posted On: December 17, 2021

CVE-2021-44228: Log4j2 Exploitability & Attack Path Mitigation with ThreatMapper

Quick Overview The gravest cyber threat of modern times is upon us in the form of CVE-2021-44228. Here are some key resources: CVE-2021-44228: Apache Log4j <=2.14.1 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.Severity:

By: Sandeep Lahane |Security observabilityVulnerability Management| Posted On: December 12, 2021