The Log4j lessons: so what IS vulnerability management anyway?

In our first Log4j lessons blog, we focused on the necessity of becoming very, very good at patching, and making it a well-documented and automated routine in your IT-environment. This might sound obvious, but many organizations hit serious hurdles in their initial Log4j handling because their patch machine did not start cold. Our main takeaway … Read more

The Log4j lessons: If it ain’t broke, fix it now!

Why did Log4j have such an impact? But, although Log4j and follow-up attack vectors are still a real threat for many organizations, it’s certainly not too early to draw lessons learned from this episode. What made Log4j different from other ‘classic’ 2021 vulnerabilities such as Citrix, Kaseya, and Hafnium (Exchange) is the fact that it … Read more