What Log4Shell has taught us. [CyberWire-X]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 20 February 2022

⏱️ 32 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

If 2021 taught us anything, it’s that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. The year came to a close with the announcement of the Log4j zero day. Talk about saving the best for last. On this episode of CyberWire-X, the CyberWire's Rick Howard speaks with Tom Quinn CISO at T. Rowe Price, about the topic. Show Sponsor ExtraHop’s Head of Product, Ted Driggs, joins the CyberWire's Dave Bittner to examine what Log4Shell tells us about the state of cyber defense going into 2022, and what enterprises can do to prepare. Through these conversations, we explore the challenges that enterprises had in patching the vulnerability, take a closer look at the advanced post-compromise threat activity spotted in the wild, and glean lessons that can be learned to build resilience against the next Log4j-style zero day.

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire X a series of specials where we highlight important security topics affecting
0:26.0	security professionals worldwide.
0:28.3	I'm Rick Howard, the chief security officer, chief analyst, and senior fellow at
0:32.2	the CyberWire.
0:33.5	And today's episode is titled,
0:35.3	What Log4 Shell has taught us.
0:37.7	Over the holiday break in 2021,
0:40.2	the entire Infosec community reacted
0:42.4	to an international incident response
0:44.4	around the newly announced Log 4J Zero Day exploit.
0:47.8	And if 2021 taught us anything, it's that our supply chain, especially our technical supply chain, hangs in the balance on a very fragile system.
0:57.0	In this episode, my colleague David Bittner and I invited two guests to the CyberWire Hashtable, Tom Quinn, the CSO at T- Row Price, and Ted Driggs,
1:07.0	the Director of Product Management at Extra Hop, to discuss what the Log 4J Vulnerability tells us about the state of cyber defense going into
1:15.0	2022 and what enterprises can do to prepare.
1:19.1	A program note, each CyberWire X special features two segments.
1:23.0	In the first part of the show, we will hear from industry experts on the topic at hand.
1:27.0	And in the second part, we will hear from our show's sponsor for their point of view.
1:31.0	And since I brought it up, here's a word from today's sponsor, Extra Hop.
1:37.0	With millions of dollars to earn, today's cyber attackers have grown, shall we say, advanced.
1:49.0	Whether they're hiding malicious activity in encrypted channels, laying low under the guise of a trusted third party,
1:55.2	or taking advantage of the latest CBE.
1:58.0	They know they have the upper hand.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.