Investigating Log4j
December 14, 2021As you are aware, companies around the world were recently informed by the CVE organization of a security vulnerability relating to the open-source Apache “Log4j2″ utility (a logging tool used in many Java-based applications). As we investigate, rigorously reviewing potential exposure and risks, we are committed to helping our customers detect and mitigate future threats.
Clario’s Log4j security service teams have implemented detection and intrusion measures. Our Security Operations Center is actively monitoring Clario applications and infrastructure deployed in Clario’s clinical data centers and AWS cloud environments, inspecting server, device endpoints and networks.
Security, IT and R&D teams have also been assessing Clario applications, infrastructure and platform services to identify which services have installed Log4j libraries. In addition, Clario’s Log4j security service team is assessing our third-party vendor’s security advisories and impact on Clario applications and infrastructure.
While investigations are still ongoing, we will provide updates to any specific remediations to the Log4j vulnerabilities that may require updates to Clario’s applications and infrastructure.
If you have additional questions about our Log4j security services, please email Clario’s Security Operations Center via email [email protected].