-
Products
- Alphabetical List
- Business & Industry Applications
- Cybersecurity
- Data and Analytics
- AI and Intelligent Operations
- Total Experience
- Sovereign Collaboration
- Specialized Software
- HCL Actian
- HCL Actian Data Platform
- HCL Actian Ingres
- HCL Aftermarket Cloud
- HCL AppScan
- HCL Automation Orchestrator
- HCL Automation Orchestrator Suite
- HCL BigFix
- HCL CAMWorks
- HCL Clara
- HCL Commerce Cloud
- HCL Connections
- HCL Customer Data Platform
- HCL DataConnect
- HCL DFMPro
- HCL Discover
- HCL Domino
- HCL DX
- HCL DevOps Code ClearCase
- HCL DevOps Code RealTime
- HCL DevOps Deploy
- HCL DevOps Plan
- HCL DevOps Model RealTime
- HCL DevOps Test
- HCL DevOps Test Embedded
- HCL DevOps Velocity
- HCL Glovius
- HCL Hero
- HCL HIVE
- HCL iAutomate
- HCL iControl
- HCL Informix
- HCL IntelliOps
- HCL IntelliOps Event Management
- HCL iObserve
- HCL Leap
- HCL Link
- HCL Mainframe Solutions
- HCL Marketing Cloud
- HCL Marketplace
- HCL MyCloud
- HCL MyXalytics
- HCL Nippon
- HCL Notes
- HCL Now
- HCL SafeLinx
- HCL Sametime
- HCL Secure DevOps
- HCL SX
- HCL TX Platform
- HCL Unica
- HCL Vector Analytics
- HCL Verse
- HCL Volt MX
- HCL Workload Automation
- HCL Z Asset Optimizer
- HCL Z Abend Investigator
- HCL Z and I Emulator
- HCL Zeenea Data Discover Platform
- HCL Zen Edge Data Management
- HCL Aftermarket Cloud Aftermarket-led growth platform
- HCL Commerce Cloud Enterprise e-commerce for B2C and B2B
- HCL CDP Flexible and customizable customer data platform
- HCL Discover Behavioral insights for customer journeys
- HCL Marketing Cloud Fueling precision marketing at scale with AI
- HCL Unica Enterprise marketing automation platform
- HCL AppScan Scans for application vulnerabilities
- HCL BigFix Secure endpoint management
- HCL BigFix Compliance Ensure security with continuous, real-time compliance monitoring
- HCL BigFix CyberFOCUS Supercharging IT operations to secure the enterprise
- HCL BigFix Remediate Automate, remediate & secure endpoints
- HCL Actian Empowers the data-driven enterprise
- HCL Actian Data Platform Data services suite; flexible deployment
- HCL Actian Ingres Legendary transactional RDBMS
- HCL DataConnect Low-code integration platform
- HCL Zeenea Data Discover Platform Cloud-native data governance solution
- HCL Zen Embeddable edge data management
- HCL Automation Orchestrator Suite Accelerate IT and business automation
- HCL BigFix Secure endpoint management
- HCL BigFix AEX AI-driven employee experience accelerating productivity and innovation
- HCL BigFix Enterprise+ An all-in-one IT infrastructure automation offering enabling you to stay ahead of cyber threats
- HCL BigFix Workspace+ Fueling GenAI within the Digital+ experience
- HCL iControl HCL iControl is a business flow and process observability solution
- HCL MyXalytics Cloud finOps visibility and insights
- HCL SX Service management for everything-as-a-service delivery
- HCL Workload Automation Simplify and automation business workflows
- HCL Connections Collaboration and task management in one workspace
- HCL Domino Rapid application development platform
- HCL Leap No code citizen app dev
- HCL Link Connectivity across your digital ecosystem
- HCL Notes Comprehensive email and collaboration hub
- HCL SafeLinx Secure and flexible remote access to enterprise applications
- HCL Sametime Secure meetings, video, and chat communications
- HCL Verse Smart and secure enterprise email for seamless workflow
- HCL Augmented Network Automation (SON)Intelligent RAN automation platform
- HCL Automation Orchestrator Suite Accelerate IT and business automation
- HCL DFMProCAD integrated Design-for-Manufacturing platform
- HCL CAMWorksCAM for machining productivity
- HCL GloviusModern lightweight CAD Viewer
- HCL Mainframe Optimization Optimize, modernize, and innovate your mainframe investments
- HCL Secure DevOps Automated testing and security scanning
- Industries
- Partners
-
Persona
- HCL Commerce Cloud Enterprise e-commerce for B2C and B2B
- HCL CDP Flexible and customizable customer data platform
- HCL DX The DXP for the moments that matter
- HCL Marketing Cloud Fueling Precision Marketing At Scale with AI
- HCL Unica Enterprise marketing automation platform
- HCL Volt MX Multi-experience low code app dev
- HCL Actian Ingres Legendary transactional RDBMS
- HCL Actian Data Platform Data services suite; flexible deployment
- HCL AppScan Scans for Application Vulnerabilities
- HCL BigFix Secure endpoint management
- HCL BigFix AEX AI-driven employee experience accelerating productivity and innovation
- HCL BigFix Enterprise+ An all-in-one IT infrastructure automation offering enabling you to stay ahead of cyber threats
- HCL BigFix Workspace+ Fueling GenAI within the Digital+ experience
- HCL DataConnect Low-code integration platform
- HCL Foundry Secure Backend Services
- HCL iControl HCL iControl is a business flow and process observability solution
- HCL MyXalytics Cloud FinOps visibility and insights
- HCL SX Service management for everything-as-a-service delivery
- HCL Universal Orchestrator Orchestrate and optimize business automation
- HCL Vector Analytics A high-performance, secure vectorized columnar analytics database
- HCL Workload Automation Simplify and automation business workflows
- HCL Zen Embeddable edge data management
- Learn & Support
HCLSoftware News
HCLSoftware on the Frontlines to Combat the Log4j Vulnerability
As a provider of application software security scanning, vulnerability detection and enterprise-wide remediation, HCLSoftware is helping its customers protect against Log4j-based threats.
PUBLISHED DATE: December 15, 2021
Since the Log4j vulnerability became headline news late last week, the HCLSoftware support team has fielded hundreds of communications from customers concerned about their risk from the latest security breach. As a provider of both application software security scanning, vulnerability detection and enterprise-wide remediation, HCLSoftware has been thrust onto the frontlines to combat Log4j-based threats.
“Log4j is bad. The level of risks here is extreme,” said Kristin Hazelwood, Vice President and General Manager of HCL BigFix. “Don't think this is going to go away any time soon. We're just starting to get a glimpse of what is being tried out there in the wild. Products like HCL AppScan and HCL BigFix are essential tools in dealing with this crisis.”
Together, HCL BigFix and HCL AppScan work to find and fix the Log4j vulnerability in source code or any running products in the customer’s environment on any device, be it desktop, laptop server, virtual machine, or cloud endpoints. HCL AppScan can help developers scan for log4j using the Open-Source analysis (OSA) capability in its cloud-based application security testing solution. AppScan on Cloud (ASoC) offers an unparalleled suite of comprehensive security testing tools available on the cloud, including SAST, DAST, IAST, and OSA. HCL BigFix plays a critical role in enterprise’s ability to automatically find vulnerable systems, harden them from attack and in the event of an attack, remediate systems back into production.
Enterprises and developers that do not have vulnerability management or application security solutions have a lot of work ahead of them. The first step in defending against Log4j is to find Log4j wherever it exists.
“Investigate every internet facing application, website, and system that you own or use. This includes self-hosted installs of vendor products and cloud-based services,” said Hazelwood. “Focus on systems that are internet-facing that contain sensitive data. Once you’ve completed assessing your hosted apps and vendor systems, move on to endpoint applications. Java-based apps like WebEx, Citrix, and hundreds more that have been identified.”
The next step is patching. Patching should be done in the same order to the installs, products and services mentioned by Hazelwood above. If no patch is yet available, look for mitigation techniques. If those don’t exist, vulnerable applications should be uninstalled.
The pandemic has forced many endpoints into working-from-home environments, which creates extra challenges for keeping all endpoints patched and compliant. Operations teams can’t rely on work-from-home employees to patch their own systems, even with clear instructions. This is where IT Operations is essential to beating Log4j-based attacks.
“While there are many vulnerabilities that senior leaders do not need to know about, Log4j is not one of them,” said Hazelwood. Senior leaders need to position their IT Operations teams among their most vital employees and adopt systems that enforce continuous compliance.”
For a free demonstration of HCL AppScan’s Open-Source Analysis tool and suite of security testing tools, including SAST, DAST and IAST, for web and open-source applications, please contact us here. For more information about HCL BigFix, please visit this page.
About HCLSoftware
HCLSoftware, a division of HCL Technologies (HCL) develops, markets, sells and supports over 30 product families in the areas of Customer Experience, Digital Solutions, DevSecOps, and Security and Automation. HCLSoftware is the cloud-native solution factory for enterprise software and powers millions of apps at more than 20,000 organizations, including over half of the Fortune 1000 and Global 2000 companies. HCLSoftware's mission is to drive ultimate customer success with its IT investments through relentless product innovation.
Media Contact
Jeremy McNeive
913-488-9186
