Use deception to mitigate zero-day and remote code execution risk while you patch

On Dec 09, 2021, Apache Software Foundation disclosed a zero-day vulnerability in the popular Log4j logging library that would allow adversaries to remotely execute code on affected systems. The ease of exploitation and the ubiquity of Log4j use in web applications and services make this one of the most impactful zero days of all time.

Deception-based defenses provide security teams with an early warning system and extra resilience against these types of vulnerabilities. As security teams sprang into action over the weekend to patch the vulnerability, Zscaler started tracking our global mesh of decoys that intercepted adversaries exploiting the vulnerability against our deceptive assets.

In this report, you will learn: