Log4Shell

From CDW

Many of our customers have been affected by the critical zero-day Apache Log4j (versions 2.0.1 to 2.14.1) vulnerability announced earlier this month.

The Log4j vulnerability is both a security issue and an application issue. Understanding the impacts that this exploit could have on your organization can be quite challenging for many, especially since the Log4j open-source library is used by countless applications, packages, frameworks, open-source projects and software products – whether off-the-shelf, SaaS delivered or home-grown.

CDW and Focal Point (a CDW company) are closely monitoring developments and have created an online resource hub for our customers – updated in real-time as we learn more. I have also attached a whitepaper with some near-term remediation strategies for consideration.

If you need additional guidance to support your remediation efforts, CDW can help quickly. We are already leveraging analytics to help our customers rapidly scale efforts to identify affected systems. Our Incident Response team is on standby to assist in responding to known or suspected compromises and our Digital Velocity team can help with both short-term and long-term application remediation strategies. 

CDW Security Consulting Services are available on the MEEC “IT Security Services and Solutions” Contract, PGCC-20-10. Including Application Vulnerability Assessment, Incident Forensics, Security Assessments, IT Security Planning, Vulnerability Assessments and many others.

We will continue to provide guidance in the coming days and weeks. If you have any questions or if CDW and Focal Point can support your current remediation efforts, please don’t hesitate to reach out to me or any member of your CDW team. 

 Log4 Shell Explained