Things tend to slow down for many businesses at the end of the year. As the holidays roll in and employees take time off with their families, December is generally a time to take stock of what transpired over the year and start looking ahead to the next one. Unfortunately, that’s not how cybercriminals operate.

For many organizations, cybersecurity is an overwhelming challenge. New threats emerge seemingly in the blink of an eye, and IT and security teams are constantly reacting to the moves of bad actors who always remain one or two steps ahead and get to dictate where and when their attacks are carried out. As you might expect, a reactionary approach to cybersecurity is not ideal. It’s typically borne of necessity due to undermanned teams or inadequate resources. Ultimately, it is destined to fail.

The pride of Arctic Wolf is our Pack. Now more than 1,200 Wolves strong, our team’s dedication, drive, and commitment to ending cyber risk has enabled unprecedented growth and innovation for Arctic Wolf. As we close out 2021 and look to the year ahead, we wanted to take a moment and reflect on a few of the highlights from the past year.

Arctic Wolf has been recognized as a November 2021 Gartner Peer Insights Strong Performer for Vulnerability Assessment. Gartner categorizes the Vulnerability Assessment market as “vendors that provide capabilities to identify, categorize and manage vulnerabilities. These include unsecure system configurations or missing patches, as well as other security-related updates in the systems connected to the enterprise network directly, remotely or in the cloud.”

2021 was a busy year for the cybersecurity industry. It began in January, as we were just beginning to understand the impact and massive scope of the SolarWinds attack. Then Kaseya happened. Then the Colonial Pipeline was breached. And now, as 2021 comes to a close, we’re in the early days of the Log4j crisis that will take all of next year—if not longer—to fully unpack, understand and mitigate.

A security operations center (SOC), which includes the people, processes, and technology needed to monitor, detect, analyze, and respond to cyber threats, is the foundation of many businesses’ cybersecurity. A SOC, however, is difficult to manage and maintain, requires significant budget and resources, and comes with many other challenges.

After successful deployment to Arctic Wolf’s customer community of more than 2,300 organizations worldwide, today we are making “Log4Shell Deep Scan” publicly available on GitHub. Log4Shell Deep Scan enables detection of both CVE-2021-45046 and CVE-2021-44228 within nested JAR files, as well as WAR and EAR files.

Vulnerability management remains a struggle for many companies and is still only an aspiration for many others. But with digital and cloud transformation rewriting the way many firms do business, the attack surface keeps expanding and becomes more difficult for organizations to protect their environments from growing threats.

On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. Also known as Log4Shell, the situation is significant and continues to evolve, and the Cybersecurity and Infrastructure Security Agency is recommending immediate action.

Financial institutions are a rich target for cybercriminals, who scoop up sensitive personal information that allows them to open fake accounts and fraudulent lines of credit. According to research from services firm Accenture and the Ponemon Institute, the average annualized cost of cybercrime to financial institutions exceeds $18 million.