Like thousands of other organizations, Owl Cyber Defense began reviewing the potential impact of the Log4j remote code execution vulnerability as soon as the vulnerability was announced. Our assessment produced positive news on two fronts:
- None of the products in Owl’s commercial product line use the Apache Log4j software library, and they do not exhibit the CVE-2021-44228 vulnerability.
- Owl’s hardware-enforced security solutions provide protection against external attacks on operational technology devices and other systems that might use Log4j.
As Owl’s official advisory on the CVE-2021-44228 vulnerability states, no action is needed with respect to any Owl product.
But as organizations conduct their own assessments of Log4j’s impact, it’s a good time to review what makes remote code execution vulnerabilities like Log4j such a severe threat, and how hardware-enforced security technology can mitigate the risks.
Threat actors are constantly seeking new ways to run their own code on other people’s computers. Most of the time, the goal is financial gain—attackers might be looking to run cryptocurrency miners on compromised computers, or run malware that exfiltrates data and credentials for sale on the black market.
But when attackers gain the ability to execute code on programmable logic controllers, SCADA devices, or other operational technology, they have the potential to change the behavior of real-world devices in power plants, oil and gas pipelines, water treatment plants, and other critical facilities.
Hardware-enforced security solutions can prevent these types of attacks by blocking external access to critical systems, even when the systems themselves have inherent vulnerabilities.
For example, if an organization uses an Owl data diode to protect its operational technology network, systems within the protected network can send log files (or other data) out to external destinations. But as data leaves the secure network, it is stripped of routing information that could identify the network, and it passes across a hardware-based one-way transfer mechanism that does not allow data to travel back into the network. This prevents threat actors from using the Log4j callback feature to gain control of computers inside the network, even if they have the CVE-2021-44228 vulnerability or other (known or unknown) vulnerabilities.
To learn more about how Owl protects critical networks and devices from remote code execution and other cyber threats, schedule a consultation with one of our experts today.
