Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

One in 10 Assets Assessed Are Vulnerable to Log4Shell

Amit Yoran
Amit Yoran  | News and Views
December 22, 2021 | 2 Min Read

If not addressed now, it will define computing in 2022.

Tenable assembles vast amounts of data around every single vulnerability, including the recent high profile Log4Shell. What we’ve determined so far is startling, but not surprising, 10% of all assessed assets are vulnerable to Log4Shell. Meanwhile a disturbing 30% of organizations haven’t even begun looking for this bug, a startlingly negligent delay given the aggressiveness of threat actors hunting for it.

Of the assets that have been assessed, Log4Shell has been found in approximately 10% of them, including a wide range of servers, web applications, containers and IoT devices. Log4Shell is pervasive across all industries and geographies. One in 10 corporate servers being exposed. One in 10 web applications and so on. One in 10 of nearly every aspect of our digital infrastructure has the potential for malicious exploitation via Log4Shell.

Then there’s the sheer number of impacted organizations. Our telemetry shows that as of December 21st, 2021, only 70% of organizations have even scanned for the vulnerability! Log4Shell has been identified as one of the biggest cybersecurity risks we’ve ever encountered, yet many organizations still aren’t taking action: 30% of organizations haven’t begun assessing their environments for Log4Shell, let alone started patching.

Security professionals are stretched thin, and it's all the harder given the holiday timing, but this risk is unique. Broad exploitation has already begun and in one month’s time we expect to see several waves of iteration on this exploit, resulting in more aggressive damage that may be impossible to stop by then. 

While EternalBlue, for example, wrought significant attacks, such as WannaCry, the potential here is much greater because of the pervasiveness of Log4j across both infrastructure and applications. No single vulnerability in history has so blatantly called out for remediation. Log4Shell will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent.

Learn more:

Amit Yoran

Amit Yoran

Amit Yoran is Chairman and Chief Executive Officer of Tenable, overseeing the company’s strategic vision and direction. As the threat landscape expands, Amit is leading Tenable into a new era of security solutions, empowering organizations to meet the challenges of evolving threats with innovative technologies and a vision of transformative vulnerability management.

Prior to joining Tenable, Amit was President of RSA, one of the most successful security companies in the world, where he led their growth and strategy since 2014. Amit came to RSA through the acquisition of his high-growth company, NetWitness, where he was founder and CEO for the market-leading network forensic product provider. Previously, he served as Founding Director of the United States Computer Emergency Readiness Team (US-CERT) program in the U.S. Department of Homeland Security. Amit also founded Riptech in Virginia, one of the first managed security service providers (MSSP) and which was acquired by Symantec in 2002. Amit currently serves as a board member and adviser to several security startups.

Amit is an esteemed influencer and leader in the security industry. He is often sought out as a keynote speaker or media spokesperson. His unique blend of public service and private enterprise experience informs his insights, thought leadership, and engaging presentations.

Related Articles

Cybersecurity Snapshot: IoT Vendors Fail at Vulnerability Disclosures, While Cyber Threats Again Top Business Risks 

January 27, 2023

Learn all about how most IoT product makers lack vulnerability disclosure policies. Plus, businesses again rank cyber risk as their top concern. Also, check out a new toolbox for cybersecurity awareness programs. Then scan the latest list of top malware. And much more!

Juan Perez

Juan Perez

Tenable.sc 6.0: A Major Update that Boosts Visibility and Productivity

January 25, 2023

Tenable.sc powers the risk-based vulnerability management programs (RBVM) of all types of organizations, anchoring the world’s most demanding cybersecurity environments. With the introduction of Tenable.sc 6.0, customers can now take advantage of significant new capabilities and enhancements, like a global CVE search to help them focus their RBVM efforts on what’s most important.

Nicholas Weeks

Nicholas Weeks

Cybersecurity Snapshot: Key 2022 Data for Cloud Security, Vulnerability Management, EASM, Web App Security and More

December 30, 2022

As 2022 ends, we highlight important data points that shine a light on the trends, challenges and best practices that matter to cybersecurity leaders eager to boost their exposure management and reduce their organizations’ cyber risk. 

Juan Perez

Juan Perez

3CX Desktop App for Windows and macOS Reportedly Compromised in Supply Chain Attack

March 30, 2023

A softphone desktop application from 3CX, makers of a popular VoIP PBX solution used by over 600,000 organizations, has reportedly been trojanized as part of a supply chain attack

Satnam Narang

Satnam Narang

Five Core Principles for Hybrid Cloud Security 

March 29, 2023

How to build a hybrid-cloud security strategy that is effective, scalable and affordable. 

Tom Croll

Tom Croll

Exposure Management: 7 Benefits of a Platform Approach

March 28, 2023

When it comes to preventive cybersecurity, there have been longstanding debates over whether it's more effective to operate an array of best-of-breed point solutions or to take a more consolidated platform approach. Here are seven reasons an exposure management platform can help reduce cyber risk.

Kevin Flynn

Kevin Flynn

  • Vulnerability Scanning

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today.

NEW - Nessus Expert Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Professional Trial.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller | Request a Quote
Try for Free Buy Now
Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try for Free Contact Sales

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now. To learn more about the trial process click here.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try for Free Buy Now

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller | Request a quote