Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
This hub is intended to provide quick and convenient access to resources that will help you understand and address Apache Log4j2.
It’s our mission to provide help in any way we can during this impactful event. If you need further assistance or have any questions, please contact us at firstname.lastname@example.org.
Optiv is aware of a recently disclosed zero-day Apache Log4j2 vulnerability (CVE-2021-44228). Immediately upon learning of this vulnerability, Optiv reviewed our environment for impacted systems. We then followed our vulnerability management procedures to deploy recommended countermeasures, including the necessary patches, where available, to affected systems. We also conducted threat hunting analysis to look for suspicious, malicious activity.
Based on the current evidence, we do not believe that any Optiv information or client information, related to services provided by Optiv, was impacted by this event. We will continue to monitor the situation and deploy additional countermeasures, controls and patches when they become available. If Optiv becomes aware of any incidents related to CVE-2021-44228 which affect our clients or their data, we will notify impacted customers without delay.
Optiv delivers strategic and technical expertise to more than 7,000 organizations across every major industry. We take into account the diverse range of security strategy, planning, risk management, threat modeling, monitoring, operations, governance and controls to ensure that our environment remains secured and protected appropriately. Specifically, we receive regular threat feeds from multiple credible sources and a dedicated team performs due diligence to review, analyze and monitor relevant indicators of compromise (IOCs) on an ongoing basis. Additionally, we perform internal and external security assessments regularly to ensure that gaps, if any, are remediated in a timely manner. Lastly, we work with an independent third party annually to obtain a comprehensive due diligence packet that includes a SOC2 Type II attestation as well as assessments such as the SIG questionnaire and a PCI-DSS SAQ-D, amongst others.
Optiv is committed to securing our environment and protecting our clients. For more information about this vulnerability, please see Optiv’s Global Threat Intelligence Center (GTIC) Advisory and list of Log4j vulnerable vendors.
We will continue to monitor the situation and provide further resources and updates.
– Brian Wrozek, Optiv CISO
GTIC Briefing on Log4j Update
List of Log4j Vulnerable Vendors
Apache Log4j2 Response Checklist
Apache Log4j flowchart
GTIC Briefing on Log4j