Arctic Wolf has been recognized as a November 2021 Gartner Peer Insights Strong Performer for Vulnerability Assessment. Gartner categorizes the Vulnerability Assessment market as “vendors that provide capabilities to identify, categorize and manage vulnerabilities. These include unsecure system configurations or missing patches, as well as other security-related updates in the systems connected to the enterprise network directly, remotely or in the cloud.”

2021 was a busy year for the cybersecurity industry. It began in January, as we were just beginning to understand the impact and massive scope of the SolarWinds attack. Then Kaseya happened. Then the Colonial Pipeline was breached. And now, as 2021 comes to a close, we’re in the early days of the Log4j crisis that will take all of next year—if not longer—to fully unpack, understand and mitigate.

A security operations center (SOC), which includes the people, processes, and technology needed to monitor, detect, analyze, and respond to cyber threats, is the foundation of many businesses’ cybersecurity. A SOC, however, is difficult to manage and maintain, requires significant budget and resources, and comes with many other challenges.

After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

Vulnerability management remains a struggle for many companies and is still only an aspiration for many others. But with digital and cloud transformation rewriting the way many firms do business, the attack surface keeps expanding and becomes more difficult for organizations to protect their environments from growing threats.

On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. Also known as Log4Shell, the situation is significant and continues to evolve, and the Cybersecurity and Infrastructure Security Agency is recommending immediate action.

Financial institutions are a rich target for cybercriminals, who scoop up sensitive personal information that allows them to open fake accounts and fraudulent lines of credit. According to research from services firm Accenture and the Ponemon Institute, the average annualized cost of cybercrime to financial institutions exceeds $18 million.

One thing about the world of cybersecurity—it's seldom dull. The variety and creativity of cyberthieves keeps the industry constantly worth watching. November's roster of data breaches is an excellent illustration on that point: a mix of surprising methods, unusual motivations, and one old-fashioned data heist on one of the internet's most tempting targets.

November and December can be particularly stressful for retail organizations—and not just because of the holiday madness. As the volume of transactions ramps up during the holiday season, IT teams must be on high alert for threats buried in a sea of routine activity. But given the exponential growth of ecommerce, they also need to stave off cyber threats.

One of my favorite books is “Endurance: Shackleton's Incredible Voyage” by Alfred Lansing. I encourage you to read it if you haven’t. Here is a brief synopsis of the true-to-life story: In August 1914, polar explorer Ernest Shackleton boarded his ship, the Endurance, and set sail for Antarctica, where he planned to cross the last uncharted continent on foot.