The Apache Log4j "Log4Shell" vulnerability does not affect Kepion and its dependent services.
Log4j is a vulnerability in Java libraries, which Kepion and its dependent services do not use. In addition, we conducted:
- A manual review of services and applications in our SaaS environments and infrastructure
- A deep packet inspection through our suite of security monitoring software, using search queries provided and recommended by our security providers specifically to find and address this exploit.
You can find the descriptions of our tests here: https://success.trendmicro.com/solution/000289940
Despite the tests determining Kepion is unaffected by the vulnerability, we decided to enable several new Intrusion Detection/Prevention Rules specifically created/updated in response to the Log4j exploit. These changes should provide an additional level of security redundancy. As always, our software, environments, and infrastructure are regularly updated to prevent security vulnerabilities.
If you have any questions or concerns, please reach out through our Support Center: https://help.kepion.com/hc/en-us/requests/new
Please sign in to leave a comment.