Learn how Emite is helping a very large multinational corporation remove data silos from contact center reporting, enhance the performance of the contact center, and improve agent performance.

Learn how Emite is helping a large banking group leverage customer sentiment data to improve customer retention and revenue.

Learn how emite leveraged custom attributes to detect business trends that helped this pharmaceutical leader to create actionable insights.


Recently, a critical vulnerability has been reported on Log4j, which is used by Java based applications. This vulnerability can be exploited for RCE (Remote Command Execution) depending on the configuration of the system. There is active exploitation in the wild and systems are having various Trojans, ransomware, and crypto miners loaded.

You can refer to the following for more details on the vulnerability:

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA

Statement from CISA Director Easterly on “Log4j” Vulnerability | CISA

Log4j – Apache Log4j Security Vulnerabilities

Apache Log4j2 Remote Code Execution (RCE) Vulnerability – CVE-2021-44228 – ESA-2021-31

SANS Internet Storm Center

The emite application and adapters are not vulnerable to the Log4j vulnerability. As these do not use any Java or Apache-based components and have minimal third-party-based libraries (they are based on C# or .Net code base), this reduces the attack surface. However, emite does use Elasticsearch for data storage.

From the Elasticsearch Advisory


Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager.

Elasticsearch on JDK8 or below is susceptible to an information leak via DNS which is fixed by a simple JVM property change. The information leak does not permit access to data within the Elasticsearch cluster.

Mitigation for emite or Customer-Hosted Amazon Connect Environments

emite environments for Amazon Connect customers use AWS-managed Elasticsearch/Opensearch service-hosted on customer’s AWS.

AWS advised that it is rolling out a service software update to address the log4j vulnerability:

  • https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
  • “Amazon OpenSearch Service is deploying a service software update, version R20211203-P2, which contains an updated version of Log4j2. We will notify customers as the update becomes available in their regions, and update this bulletin once it is available worldwide.”

Once you have received a notification/bulleting from AWS, apply the service software update.

  • The service software updated is considered critical, and AWS will actually automatically apply the update a few hours after the notification.
  • The service software update does not require any downtime, but it is recommend to apply during off-peak hours.

Mitigation for emite-hosted Genesys Cloud Environments

Most emite-hosted environments use a locally installed Elasticsearch on the customer’s emite server. Access to this Elasticsearch is limited only to the emite application within the server.

emite will rollout the following changes to mitigate the vulnerability:

  • For environments using Elasticsearch 6.x (emite v7.0.9):
    • Removal of the JndiLookup.class from the log4j-core jar file
  • For environments using Elasticsearch 7.x (emite v7.1.0+):
    • Config change on jvm.options by adding -Dlog4j2.formatMsgNoLookups=true

For some customer environments where emite uses AWS Elasticsearch/Opensearch service, emite has applied the service software update (version R20211203-P2) which contains an updated version of Log4j2 as advised by AWS.

Mitigation for Customer-Hosted/On-Premise Environments

The following mitigation steps will require some downtime – as Elasticsearch will need to be reinstalled, and emite services will be temporarily stopped during the activity.

As such, it is recommend to do the steps below during off-peak/downtime period.

For environments using Elasticsearch 5.4 / 6.3 (e.g. emite v7.0.9)

1. Stop the emite services.

  • World Wide Web Service
  • emite Scheduler Service
  • emite Metric Service

2. Stop/Uninstall Elasticsearch windows service.

  • sample powershell/command prompt: C:\elasticsearch-6.3.1\bin\elasticsearch-service.bat remove

3. Go to Elasticsearch lib directory.

4. Copy out the log4j-core-*.jar to another directory as backup.

5. Open the log4j-core-*.jar file using a zip file extractor software, such as 7zip. The jar file is basically similar to a zip archive.

6. Inside the jar file, delete the file org/apache/logging/log4j/core/lookup/JndiLookup.class.

The jar file is now updated to have that class removed.

7. Re-install the Elasticsearch windows service.

  • sample powershell/command prompt: C:\elasticsearch-6.3.1\bin\elasticsearch-service.bat install

8. Start the Elasticsearch windows service, and set its Startup Type to “Automatic”.

9. Start the emite services.

  • World Wide Web Service
  • emite Scheduler Service
  • emite Metric Service

For environments using Elasticsearch 7.9 (e.g. emite v7.1.0+)

1. Stop the emite services.

  • World Wide Web Service
  • emite Scheduler Service
  • emite Metric Service

2. Stop/Uninstall Elasticsearch windows service.

  • sample powershell/command prompt: C:\elasticsearch-7.9.2\bin\elasticsearch-service.bat remove

3. Add -Dlog4j2.formatMsgNoLookups=true to the end of Elasticsearch config\jvm.options file.

4. Re-install the Elasticsearch windows service.

  • sample powershell/command prompt: C:\elasticsearch-7.9.2\bin\elasticsearch-service.bat install

5. Start the Elasticsearch windows service, and set its Startup Type to “Automatic”.

6. Start the emite services.

  • World Wide Web Service
  • emite Scheduler Service
  • emite Metric Service

ISO 27001 Certification

Prophecy International is continuously investing time and resources to meet customers’ strict requirements for internal controls over financial reporting and data protection across a variety of high regulated industries. We are pleased to announce that Prophecy International has successfully completed ISO 27001 certification for its applications Snare and emite, covering the development delivery of the environments within the organisational units of Intersect Alliance International Pty Ltd (Snare) and emite Pty Ltd (emite).

The certification was completed by SAI Global in Australia, covering ISO/IEC 27001:2013 for the scope of “Development and delivery of the emite and Snare solutions as defined in the Statement of Applicability version 2.0”. Certified 20 October 2023. Certificate number ITGOV40332.

The issuance of this certificate reaffirms our commitment to internal control and data protection. Customers may use this third party audit to assess how Prophecy International software and services can meet their compliance and data-processing needs.

Information is the lifeblood of most contemporary organisations. It provides intelligence, commercial advantage, and future plans that drive success. Most organisations store these highly prized information assets electronically. Therefore, protection of these assets from either deliberate or accidental loss, compromise or destruction is increasingly important.

ISO 27001 is a risk-based compliance framework designed to help organisations effectively manage information security.

Having an international standard for information security allows a common framework for managing security across business and across borders. With an evermore connected world, the security of information is increasing in importance.

Data and information needs to be safe, secure, and accessible. The security of information is important for personal privacy, confidentiality of financial and health information and the smooth functioning of systems and supply chains that we rely on in today’s interconnected world.

ISO 27001 provides the framework for organisatons and security teams to effectively manage risk, select security controls, and most importantly, a process to achieve, maintain and prove compliance with the standard. Adoption of ISO 27001 provides real credibility that we understand security and take security seriously.

ISO 27001 is made up of a number of short clauses, and a much longer Annex listing 14 security domains and 114 controls. The most important of the short clauses relate to:

  • The organisational context and stakeholders
  • Information security leadership and high-level support
  • Planning of an Information Security Management System (ISMS), including risk assessment; risk treatment
  • Supporting an ISMS
  • Making an ISMS operational
  • Reviewing the system’s performance
  • Adopting an approach for corrective actions

Based on the risk profile of the organisation, controls may be selected to manage identified risks. Within the Annex, the 114 listed controls are broken down into 14 key domains which are listed below:

  1. Information security policies
  2. Organisation of information security
  3. Human resource security
  4. Asset management
  5. Access control
  6. Cryptography
  7. Physical and environmental security
  8. Operations security
  9. Communications security
  10. System acquisition, development and maintenance
  11. Supplier relationships
  12. Information security incident management
  13. Information security aspects of business continuity management
  14. Compliance

How emite & Snare Can Help

There is an increasing global need to enhance security, no matter the size of an organisation or the industry. One step towards securing your organisation is choosing suppliers who have not only demonstrated a commitment to security, but have the certifications to back it up. Our priority is your security – let us know how we can help!

Contact your regional Snare or emite team.

We‘ve seen the rise of omnichannel, sentiment and artificial intelligence (AI) everywhere; vendors have thrown their weight behind these concepts — pushing them front and centre in their product offerings. However, many contact centres still measure performance with traditional quantitive metrics. This way of thinking overlooks that we have moved to new and more agile ways to work. You need an “in the moment” understanding of customers’ perceptions of their experiences throughout the entire engagement.

Volatility, Uncertainty, Complexity and Ambiguity (VUCA) is used in many different industries and can also be used to describe how customers and their interactions have evolved — and continue to do so. Deploying innovative ways to engage customers is important for offering the bespoke and personalised experiences customers expect.

By combining the ever-increasing number of data sources relevant to the customers journey and ensuring it provides an appropriate level of insight, organisations can make accurate decisions on how to improve the experience as perceived by their customer. An approach overly focused on traditional operational measures could run the risk of reducing the ability to identify and anticipate the need to radically alter course “in the moment.”

Continual feedback loops, such as Net Promoter Score (NPS) and customer satisfaction (CSAT) are very important for the purpose of hearing the voice of the customer. However, these metrics are based on the overall perception at the end of the current engagement. Today, many contact centers continue to focus primarily on choices made within the IVR system — directing a call through a predefined process that’s only measured for efficiency. This creates a gap between the start of the engagement and the end.

As perception changes with each new individual experience, a customer’s perception on what is good or bad, will most certainly change. Therefore, customer engagement must become more dynamic. Generating more data throughout the engagement process will provide additional insights that can validate improvement initiatives.

Our current traditional operational focus misses this dynamic element, as the process is no longer linear and predefined. It becomes dynamic and, therefore, is continually changing. Efficiency and effectiveness are no longer enough; relevance needs to be added into the equation. This will allow you to visualize the entire journey — operationally, organizationally and from the customers perception.

Fine-Tune with Predictive Routing

Machine learning automates consistent parts of the process — and that enables the routing to become predictive. This ensures decisions are continually fine-tuned to improve the customer experience.

Integrating disparate systems lets you mix emerging technologies to gain insights quickly. As such, today’s leaders want continual innovation that meets today’s rapidly shifting business demands and increases business agility.

Developing such capability within your organisation ensures business agility while developing an ongoing future-proof platform. Using data analytics tools to provide actionable insights for both real-

time and historical data lets the user analyse the customer journey — and measure the experience in greater detail. This creates successful outcomes within digitally mature organizations.

Increase Agility and Visualise the End-to-End Value Stream

Using emerging technologies like sentiment analysis and predictive routing throughout the customer journey gives you a deeper understanding of the customer with a more bespoke and personalised journey. You do not have to wait for NPS or CSAT scores that are usually provided after the fact. In the end, these steps will empower you to better serve customers and gain complete visibility for intelligent decision-making.