Log4j Flaw: 4 Precautions for OT Cybersecurity Pros
December 16, 2021
Beyond Grayscale: Busting Myths About High Performance HMI
January 14, 2022

LOG4j Vulnerability Guide

Proactive Guidance for Industrial Environments -
Using deceptionGUARD by GrayMatter

"With one line of code, this vulnerability can allow someone to remotely introduce malware into your network environment."

The Log4j flaw ranks among the most widespread and high-profile cybersecurity vulnerabilities. It’s likely to remain a challenge for months, if not years.

Many vulnerabilities go unnoticed by the general public, but this one is making headlines on CNN, so it’s something that company executives and directors will be asking about.

Industrial organizations should address this new threat now to protect their plant-floor assets from malware that could expose sensitive data, interrupt operations and sap system resources.

Early reports indicate that malicious actors are using the vulnerability, in some cases, to force targeted systems to serve as cryptocurrency mining machines.

Why It’s So Widespread

Log4j is a simple, open-source Java library tool maintained by The Apache Software Foundation. It’s designed to log error messages.

Java is ubiquitous. It has been around since 1995 and remains among the most popular programming languages in the world.

The flaw allows a malicious actor to turn the error-logging tool into an open door to a target’s network, where the actor would be able to remotely execute code and take over control of a vulnerable system.

Applications that use LOG4j (2.14.1 or older) can be vulnerable to simple attacks, which can enable remote code execution.

GrayMatter’s deceptionGUARD does not use Java.

This guide will help you strengthen your industrial network’s defenses and improve your ability to detect and combat current and future LOG4j attacks.


Get the LOG4j Vulnerability Guide

Using deceptionGUARD by GrayMatter, this guide will help you strengthen your industrial network's defenses and improve your ability to detect and combat current and future LOG4j attacks.


Table of Contents

About deceptionGUARD /// 4

Step 1: LOG4j Network Ports /// 5

Where to Use Network Port Context Groups /// 6

Create Your Own Network Port Context Group /// 8

Step 2: Known LOG4j Countries List /// 9

Custom Rule Example /// 10

Creating LOG4j Country Groups /// 11

Step 3: LOG4j IP/deceptionGUARD Threat Intelligence /// 13

Step 4: Known LOG4j Businesses - Creating or Importing GNL Context Groups /// 14

Current LOG4j Businesses List /// 15 - 16

Creating LOG4j Business Context Groups /// 17

Step 5: Creating Sensors to Detect LOG4j Activity /// 18 - 19

Step 6: Creating Dashboards to Monitor LOG4j Activity /// 20

About GrayMatter /// 21