Origina’s On-Call Expertise Helps Global Telco Sidestep Major Security Vulnerability
5 min read
5 min read
This leading global telecommunications provider is a household name across much of the world. It builds its innovative reputation and high consumer rankings on a foundation of cutting-edge technology and customer-first business practices.
Telecommunications
Large
Global
Cybersecurity is a world unto itself for any enterprise of this company’s size, let alone a leader in a tech-forward industry like telecommunications. Even on a normal day, factors like user privacy and operational security/capability intertwine at a scale that is mind-boggling without a niche and expansive baseline of knowledge.
However, December 10, 2021, was not a normal day. That was the day the cyberattack known as Log4Shell received its identifier, not to mention a 10/10 threat severity score.
Also known as LogJam, Log4Shell was (and remains to be) a significant source of risk, a rare full-severity attack that enabled properly equipped cyberattackers to achieve full remote code execution. The logging library this vulnerability exposed, Log4j, is present in an extremely high percentage of enterprise applications, with a notably high risk factor that persists through this day in countless implementations.
Fixing the issue within the highly customizable library became an app-by-app, business-by-business affair, and OEM response was predictably varied. In some cases, a patch would be required to reduce the risk. In others, simple configuration changes mitigated the threat.
And in more than a few circumstances, OEMs deferred to Log4j originator Apache and declared themselves incapable of fixing the component they themselves introduced into their own products.
Reacting quickly, the telecommunications carrier scanned its estate and discovered a pair of major related vulnerabilities, one in production and nonproduction. The risk was high, and not being beholden to a standard S&S contract could have been interpreted as a disadvantage in this context.
However, third-party maintenance is precisely what enabled the telco to secure its estate – even as thousands of other businesses sat vulnerable, awaiting OEM support.
Three days later, Origina’s cybersecurity team published a comprehensive Log4j risk management methodology. This data was shared with the broader internet audience, not just our customer base, in the name of keeping all impacted companies and their customers secure.
Internally, the same teams also worked around the clock to develop and publish more specific customer-facing security guidance for affected IBM® software, including versions of WebSphere that our third-party software maintenance (TPSM) model covers. These fixes tapped into the collective knowledge of our 600+ independent global IBM® product experts (GIEs) and utilized a combination of smart overarching practice and a proactive methodology.
The difference in approach matters. Relatively small in terms of impact or the labor needed to implement, the configuration and sanitization changes we suggested to our customers over this intense period effectively negated the risk of Log4j in vulnerable products such as WebSphere without the delay of OEM patches or the potential mess of in-house repair. Instead of pointing fingers or explaining why we couldn’t help, we set to work.
As a current Origina customer and frequent user of their progressively large support contract, the carrier knew it had a source of active security support that could help it head off disaster without the delays, blame games, and unanticipated troubles of OEM patching. The telecom immediately set off to put the methodology we prescribed in motion, applying our fixes in the nonproduction environment without issue before encountering an unanticipated technical glitch involving a nodeagent on the production side.
With pressure rising – nearly 100% of the enterprise was exposed, and attackers were ready to jump on the vulnerability – the national telecom contacted Origina for on-the-spot guidance. The customer’s GIE, already closely familiar with the telecom’s unique security context, analyzed the situation and decided a high-priority call would be the fastest path to resolution.
Instead of forcing the telco’s harried technical staff to sit through a lengthy and multitiered support process during a once-in-a-career security event, the customer was on the phone with a dedicated WebSphere expert shortly after initiating contact – speaking to the same person who made the decision to escalate to a call, not the next faceless agent in a predetermined chain.
The GIE asked the telco’s technical team to reiterate the process they’d undergone leading up to the specific node issue that prevented the full implementation of the correction in production. The telecom’s tech team then physically repeated the steps, with the GIE remaining on the line to monitor progress and offer spot advice.
This time around, the production fix worked. In a remarkably short period of time, this global telecom went from active, severe risk exposure to proactive protection – with no intervention from IBM needed to get there.
Instead of waiting on a patch for a severe software vulnerability, this major telecom got the security help it needed fast.
By tackling Log4Shell with Origina’s stabilizing presence, this communications leader was able to: