Origina’s On-Call Expertise Helps Global Telco Sidestep Major Security Vulnerability

Three days later, Origina’s cybersecurity team published a comprehensive Log4j risk management methodology. This data was shared with the broader internet audience, not just our customer base, in the name of keeping all impacted companies and their customers secure.  

Internally, the same teams also worked around the clock to develop and publish more specific customer-facing security guidance for affected IBM® software, including versions of WebSphere that our third-party software maintenance (TPSM) model covers. These fixes tapped into the collective knowledge of our 600+ independent global IBM® product experts (GIEs) and utilized a combination of smart overarching practice and a proactive methodology.  

The difference in approach matters. Relatively small in terms of impact or the labor needed to implement, the configuration and sanitization changes we suggested to our customers over this intense period effectively negated the risk of Log4j in vulnerable products such as WebSphere without the delay of OEM patches or the potential mess of in-house repair. Instead of pointing fingers or explaining why we couldn’t help, we set to work.  

As a current Origina customer and frequent user of their progressively large support contract, the carrier knew it had a source of active security support that could help it head off disaster without the delays, blame games, and unanticipated troubles of OEM patching. The telecom immediately set off to put the methodology we prescribed in motion, applying our fixes in the nonproduction environment without issue before encountering an unanticipated technical glitch involving a nodeagent on the production side.  

With pressure rising – nearly 100% of the enterprise was exposed, and attackers were ready to jump on the vulnerability – the national telecom contacted Origina for on-the-spot guidance. The customer’s GIE, already closely familiar with the telecom’s unique security context, analyzed the situation and decided a high-priority call would be the fastest path to resolution.  

Instead of forcing the telco’s harried technical staff to sit through a lengthy and multitiered support process during a once-in-a-career security event, the customer was on the phone with a dedicated WebSphere expert shortly after initiating contact – speaking to the same person who made the decision to escalate to a call, not the next faceless agent in a predetermined chain.  

The GIE asked the telco’s technical team to reiterate the process they’d undergone leading up to the specific node issue that prevented the full implementation of the correction in production. The telecom’s tech team then physically repeated the steps, with the GIE remaining on the line to monitor progress and offer spot advice.  

This time around, the production fix worked. In a remarkably short period of time, this global telecom went from active, severe risk exposure to proactive protection – with no intervention from IBM needed to get there.