An excellent webcast from Eran Livne (Qualys) about Multi-layered Approach to address Log4Shell vulnerabilities. Watch the on-demand webcast if you want.
There is also a great demo on how to use multi-layered approach with Qualys to perform log4shell assessment (remote scan, auth scan, agent, inventory scan, prioritize, externally expose/shodon, container, images, patch management, mitigation action, EDR).
My quick notes:
- See what your attackers see
- Find where you are vulnerable
- Vulnerability scan
- In-depth vulnerability scan
- Inventory scan
- Protect your container/image
- Remediation based on priorities
- Monitor for attack in progress
Links: