RISK MANAGEMENT LOG4J | December 16th, 2021
For the past few days, our security team has been working to ensure that the log4j vulnerability is contained as much as possible. We can assure you that we have proceeded with diligence and orchestrated a rigorous plan to analyze our entire infrastructure. Our vigilance as well as our speed in making the right decisions allowed us to act in a diligent and responsible manner.
Reactivity: All services were shut down while we analyzed the situation.
Internal protection: We forced the update of our security monitoring and control tools for all our servers and services to counter threats that could come from within. We have put in place controls for all of our services that could have been exploited by this vulnerability.
External protection: Our firewalls have been updated with a security patch to counter attacks coming from the outside (CVE-2021-44228).
Due diligence: We have reviewed our infrastructure and our IT assets to look for vulnerable software that could contain certain attack vectors. We deployed a crisis team, requested assistance from our partners and used industry-recommended technology tools to contain this threat.
Here are the results of our analysis:
Project management tools (Celoxis)
Impact: No customer impact
We use Celoxis for our project management and internal planning. This software was affected by this vulnerability. We immediately took this service offline. We updated the software with the patch provided by the manufacturer. This service remained offline, because version 1.2.15 of log4j is still under observation and some experts claim that there is still some vulnerability.
UNIFI Controller
Impact : No direct impact
The Unifi controller is hosted on the SIR Solutions infrastructure and it allows us to modify the configurations of our customers’ access points. This controller is not critical to our customers’ operations and no existing configuration in your daily operations will be affected.
Source Code Manager
Impact: No customer impact
Our source code managers have been taken offline while a patch provided by the manufacturer is applied. Our employees can continue to work and no impact on our operations is expected.
VCenter (VMware)
Impact: No customer impact
Our vCenter servers are used to manage our virtual machines that we host in our data centers. They are not externally accessible and have been updated with a security patch provided by the manufacturer.
Rest assured that SIR Solutions will continue to monitor the evolution of this vulnerability that affects almost all Canadian and international companies. We will continue to act responsibly and transparently towards our customers. We will keep you informed of any other manipulation or position that could affect our clients or their operations.
Security / IT Team