It seems as if the Log4j software flaw is going to haunt many applications for some time to come.
Application Security is the Next Frontier, with Rampart AI™
There are many different reasons why, even in 2022, private corporations and government departments and agencies still are being breached, phished, hacked and generally abused. But as we harden the traditional weaknesses, the new frontier that will get more and more attention is the application. Whether it’s in a traditional data center or in the cloud, core or edge compute, this is where the cyber battles of tomorrow will happen. Lee Krause, CEO of Rampart AI™ says, "Change is hard and organizations build applications with a focus on cost, not security." Krause added, "There are a lot of legacy apps out there that fall into this category.”
We all know that lack of security concern is a gateway for bad actors generally, but this is even more true in the world of code.
“What you are seeing is an escalation of bad actors as they increase in number and focus on the areas with the most opportunities,” Krause said. A fresh example of this is Log4Shell, a software vulnerability found in an extremely popular Java library, Apache Log4j, that shook the world with its simplicity, power and ubiquity. As Krause said, “This is potentially the tip of the iceberg. How many more of these are laying in wait.”
Krause goes on to emphasize, “People can use a very simple flaw to gain full access and control of your systems and infrastructure. A method in an obscure, open-source library is just wreaking havoc on security professionals.” Krause added that the design of Rampart™ would never allow software exploiting vulnerabilities to execute.
Ultimately, the next frontier of security is about creating more resilient applications to stop bad actors from taking corporations' integrity, business and products away from the people who depend on them.