In the face of the Log4j vulnerability, Nylas partnered with Lacework to limit exposure.
Nylas is a communications API platform that helps developers quickly and securely build email, scheduling, and work automation features directly into their applications. They have a multi-cloud environment, operating on both Amazon Web Services (AWS) and Google Cloud, and use a mix of containerized and non-containerized services. When Log4j was disclosed, they turned to Lacework.
With Lacework, Nylas quickly determined that the vulnerable library wasn’t present across their hosts and that their customers weren’t affected. Then, while impacted vendors patched their own services, Nylas continued to rely on Lacework to monitor their environment for potential exploit activity.
The case study highlights how Nylas used Lacework to:
- Scan thousands of hosts within one hour after the CVE was disclosed
- Monitor for suspicious activity and anomalies with continuous and complete visibility
- Confirm that their exposure was limited and quickly relay that to their own customers