A Structured Response to the Log4j VulnerabilityEricsson Security Director Ian Keller on the Use of Native EDR Tools to Remediate Risks
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.
"I would advise security teams to use scanning tools native to their organization to identify the Log4j kind of vulnerabilities and zero-day gaps," he says.
In this interview with Information Security Media Group, Keller also discusses:
- How his organization detected the widespread vulnerability;
- A structured incidence response approach involving all functions in the vulnerability detection process;
- Applying the security-by-design reliability model to analyze the vulnerabilities.
Keller, director of customer security at Ericsson, is an information security evangelist with over 30 years of experience. He started his career in the South African Defense Force's Combat School, where he served as an instructor in Army intelligence. Keller took this background into the corporate world and was instrumental in creating the global information security function for one of the country's Big Five banks. He subsequently was appointed as a chief information security officer for one of South Africa's leading corporate and merchant banks.