Among the many security threats companies currently face, at least one has caused widespread alarm in recent weeks.

New, critical security flaws in Apache Log4j 2 — a logging library widely used in millions of Java-based applications — is putting organizations at risk when using trusted, open-source software. With the latest vulnerabilities, sometimes referred to as Log4Shell, reaching as high as 10.0 on the Common Vulnerability Scoring System (CVSS), this flaw opens the door for attackers to break into systems, steal personal data, and infect networks with malware and ransomware.

So what does this mean for your organization, and how can IT teams quickly and effectively track down and resolve all instances of Log4j vulnerability? Here’s what you need to know.
 

Why Is Log4j a Big Deal?

Despite being a known problem, many organizations still have Log4j vulnerabilities lurking within their infrastructures. That's because many tools fall short in identifying more than just the active instances across the IT estate, leaving behind other ticking time bombs that could result in a major breach.

If ignored, organizations not only risk having a major data breach but also getting pulled into a lawsuit. The U.S. Federal Trade Commision recently announced it will continue to pursue legal action against companies that fail to address Log4j security issues, along with other known vulnerabilities. In the case of Equifax, for example, failure to correct a known security vulnerability that exposed the personal information of 147 customers resulted in a nearly $700 million global settlement in 2019 with the FTC, the Consumer Financial Protection Bureau, and all 50 states.