A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Apache Log4j2 Resource Hub Overview Advisory Statement Contact Us This hub is intended to provide quick and convenient access to resources that will help you understand and address Apache Log4j2. Resources include: An advisory statement from Brian Wrozek (Optiv CISO) A detailed recommendations and findings document from our Global Threat Intelligence Center (GTIC) A list of Log4j vulnerable vendors Optiv’s Flash Panel featuring four of our thought leaders discussing the Apache Log4j2 issue, providing context, deep insights and guidance An easy-to-use infographic checklist of what steps to take It’s our mission to provide help in any way we can during this impactful event. If you need further assistance or have any questions, please contact us at info@optiv.com. Advisory Statement from Brian Wrozek (Optiv CISO) Optiv is aware of a recently disclosed zero-day Apache Log4j2 vulnerability (CVE-2021-44228). Immediately upon learning of this vulnerability, Optiv reviewed our environment for impacted systems. We then followed our vulnerability management procedures to deploy recommended countermeasures, including the necessary patches, where available, to affected systems. We also conducted threat hunting analysis to look for suspicious, malicious activity. Based on the current evidence, we do not believe that any Optiv information or client information, related to services provided by Optiv, was impacted by this event. We will continue to monitor the situation and deploy additional countermeasures, controls and patches when they become available. If Optiv becomes aware of any incidents related to CVE-2021-44228 which affect our clients or their data, we will notify impacted customers without delay. Optiv delivers strategic and technical expertise to more than 7,000 organizations across every major industry. We take into account the diverse range of security strategy, planning, risk management, threat modeling, monitoring, operations, governance and controls to ensure that our environment remains secured and protected appropriately. Specifically, we receive regular threat feeds from multiple credible sources and a dedicated team performs due diligence to review, analyze and monitor relevant indicators of compromise (IOCs) on an ongoing basis. Additionally, we perform internal and external security assessments regularly to ensure that gaps, if any, are remediated in a timely manner. Lastly, we work with an independent third party annually to obtain a comprehensive due diligence packet that includes a SOC2 Type II attestation as well as assessments such as the SIG questionnaire and a PCI-DSS SAQ-D, amongst others. Optiv is committed to securing our environment and protecting our clients. For more information about this vulnerability, please see Optiv’s Global Threat Intelligence Center (GTIC) Advisory and list of Log4j vulnerable vendors. We will continue to monitor the situation and provide further resources and updates. – Brian Wrozek, Optiv CISO GTIC Briefing on Log4j Update Image List of Log4j Vulnerable Vendors Image Apache Log4j2 Response Checklist Image Apache Log4j flowchart Legacy Version: GTIC Briefing on Log4j Speak to an Expert