When we first found out about the vulnerability on December 9, we immediately validated our environment was not running Log4j across all our core services and that none of our perimeter appliances were impacted by this.
Next, we started looking into all our vendors and internal solutions that may be vulnerable to this and prioritize their patching. We recognized that certain services would take additional time to be patched, so we rolled out additional controls on our networks to drop LDAP and RMI traffic on our host and network firewalls in case specific clients have vulnerable products or dependencies within our environment.
At the same time, we started the process of curating threat intelligence high-confidence indicators of compromise and incorporated those into our SIEM platform for extended monitoring for any signs of compromise that might have gone undetected.
Our security posturing is further reinforced by consistent security scans on our perimeters that validate our services are secure from both this vulnerability and many others.
We are continuously keeping an eye on the situation as it unravels and are responding proactively to provide in-depth security for our clients, business partners, and employees.