Thomas Printworks was notified early about the Log4j vulnerability, including the available measures to protect ourselves with the latest software patch versions. We have reviewed our production environments to ensure our systems are safe and we are continuing to monitor the threat closely. However, we wanted to share the security parameters we took to protect against potential cyberattacks.
The Problem:
The Apache Log4j is very broadly used in a variety of consumer and enterprise Services, websites, and applications—as well as in operational technology products—to log security and performance information. The threat is that an unauthenticated remote actor could exploit this vulnerability to take control of an affected system.
How we are responding:
1. The best level of protection at this point is at the perimeter. Our IT team’s immediate focus is and has been on edge devices (Firewalls) being properly protected. We have updated all our Firewall and edge devices to ensure they are protected with vendor released patches associated to this vulnerability.
2. While the majority of our systems were not at risk; we have identified some areas of concern and have applied the appropriate patches to these systems to protect against this vulnerability. We continue to methodically review all potential risk points and work with our vendors and software partners to develop patches to address this exploit in their applications.
