Call me old school, but you can already defeat the majority of modern malware by just putting your infrastructure behind a whitelist proxy and a firewall that filters **all** traffic.

This doesn't mean you shouldn't do more, but if you currently have unfiltered egress in your "zero trust infrastructure", you got something fundamentally wrong.


Expanding on this, by a large part, this also mitigates the whole log4j attack. The attack isn't proxy aware and would just end up in your firewall.

Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.