WebSphere & Liberty CAB

 View Only

How WebSphere Automation helps teams deals with security vulnerabilities like Log4J

By Claudia Beisiegel posted Thu January 13, 2022 01:16 PM

In December enterprises faced the nightmare of dealing with a critical security vulnerability. This time it was the Log4j/Log4Shell exposure that surfaced just in time for the holidays. Given how pervasive Log4j is used by both enterprise apps and cloud services,  the inevitable “all hands on deck” prioritization call occurred, refocussing enterprise operations and application development teams to assess whether their applications were impacted, and if so, dealing with the immediate remediation required. That, of course, is often easier said than done.  Evaluation was necessary across enterprise stacks to know if the capability was being used directly or indirectly in a bundled capability, and if so, was it an impacted version, and what steps were required to remediate.  With the additional scrutiny on subsequent CVEs, this became an iterative cycle of assessment and remediation.  For some applications teams, this had a temporary stifling impact on forward development while dealing with the immediate crisis at hand.
Now many teams have had a chance to breathe, reflect, and are actively conducting root cause analysis to see how they can have a greater degree of certainty on assessing if their applications have an exposure in the future, dealing with the exposure in an expedited fashion, and having the audit traceability that brings peace of mind and surety.  
For our WebSphere clients, that surety comes in the form of WebSphere Automation, which was specifically developed with the goal to enable your teams to optimize their operations, respond to incidents efficiently, and promote stronger security of their IT estate. WebSphere Automation consolidates critical WebSphere information across environments and deployment types into a single dashboard. It then automatically recognizes relevant CVEs.  This will greatly reduce the manual effort required, and remove monotonous tasks of understanding your WebSphere security posture, allowing you to respond to security vulnerabilities faster.
WebSphere Automation in action
Watch this quick demo of how WebSphere Automation detects security vulnerabilities such as Log4J and helps in the remediation response and traceability: 
Also available here

Try for yourself
•In-browser trial for WebSphere Automation, hosted in IBM Cloud, no setup required.
•Provided instructions guide the user through the capabilities of WebSphere Automation. Technical skills are not required.
•Try WebSphere Automation free for 60 days in your own environment.
•WebSphere Automation includes entitlement for Red Hat OpenShift and all necessary dependencies.