Quenching the Fire: Evaluating Log4Shell Mitigation Strategies

The Log4Shell vulnerability was THE IT security story of 2021. What have we learned from it? How can DevOps better prepare us for next time? This session examines mitigation strategies and demonstrates relevant tech, including a DevOps-friendly approach to WAF with ModSecurity rules.

Headlines screamed “The Internet’s on fire!” when the Log4Shell zero-day vulnerability emerged in December 2021. What have we collectively learned from this inferno and its aftermath? How can we improve our posture for the next one?

This session will include an examination of popular mitigation strategies, including: * Updating individual application dependencies; * Network-focused lockdowns at the container platform and service mesh levels, including Kubernetes and Istio; and * Edge mitigation strategies including Web Application Firewall.

This session will include both slides and a brief demonstration of relevant technologies, including a DevOps-friendly approach to WAF with ModSecurity rules.



Jim Barton

Jim Barton is a Field Engineer for solo.io. Jim’s career in enterprise software spans 30 years. He has held roles as a project engineer, sales and consulting engineer, product development manager, and ...