Meltdown and Spectre Side-Channel Advisement

– The Bottom Line
There have been so many articles, advisories, blogs and opinions shared regarding the Meltdown and Spectre Side-Channel vulnerability, it’s difficult to tell fact from FUD. All these data points may still leave you asking: How does all this affect me, my business and my clouds?

Bottom line up front: know what your computer systems are running and quickly apply the recommended patches to each of the vulnerable platforms. Don’t take this lightly, it’s a very serious situation, however exploiting this vulnerability is not easy nor is there a known instance of an exploit in the wild. If you are unsure if you are affected, TIG can help.

Why Look To TIG?
As a leading technology solution provider, TIG has long standing relationships with most of the top tier vendors that manufacturer the equipment that is subject to this published Meltdown and Spectre Side-Channel vulnerability. This relationship provides TIG with an inside track on present and future impact, exposure and recommendations on how to mitigate the risk of this wide-spread vulnerability. TIG is offering a Meltdown/Spectre assessment services which catalogs your organizations assets and assesses the possible points of exposure and makes specific recommendations to minimize risk to your infrastructure.

What is the issue?
Meltdown and Spectre are vulnerabilities leveraging CPU design flaws that allow an attacker to access sensitive information inside protected memory. The design was intended to make computers faster by loading information into the computer memory (including processor cache) as part of its normal operation. This ‘information’ could include sensitive data like usernames and passwords, cryptographic information (i.e. certificates) as well as emails or documents. The data is most likely to appear in plaintext in memory when being processed by the OS and applications. Some of that information stays in memory long enough to allow for the computer to use it, but the problem is the information may be captured and used by bad guys.

Should I Be Concerned?
Most likely, yes.
• If you have systems using Intel, AMD and ARM processors, you are affected.
• Systems running Windows, Linux (Android included) and Mac OS X are affected (including cellphones)
• Cloud service vendors such as AWS, Azure, Google, and AliCloud are affected

What now?
Identify, Remediate, Protect, Respond

Identify
First, identify what exactly you have within your network. Inventory your environment and understand the total exposure (devices ‘at risk’). If you need assistance with this process, TIG advisory services can help you identify your organizations inventory and what needs to be done to tighten up your cybersecurity defenses through follow-on services:
• External and Internal Vulnerability Assessments
• External and Internal Penetration Tests
• Web Application Security Assessments
• Cybersecurity Design Assessments (looking at your environment holistically)
• Cybersecurity Subject Matter Expert (provides a non-vendor specific evaluation)

Remediate
Once you know what you have within your network and understand ‘what’ needs to be done to improve your cybersecurity posture, TIG Implementation Services can help you ‘do’ the work. TIG’s certified engineering team has deep experience in all aspects of your infrastructure, from the endpoint to the cloud and everything in between.

Protect
Many IT Teams do not have a cybersecurity specialist on staff, TIG can help protect corporate resources through a 24x7 staffed Security as a Service (SOCaaS) with ThreatWatch. ThreatWatch allows TIG to analyze environment data and logs from cybersecurity and critical infrastructure resources using a proprietary artificial intelligence (AI) and behavior analysis engine. Our SOC service is staffed with certified Cyber Analysts who review alerts and only notify you when there is a verified threat. This relieves your organizations from reviewing thousands of false positive alerts and possibly miss the ‘real’ threat.

Respond
TIG Cybersecurity Incident Triage Service can help you through the critical time right after a breech or intrusion is detected. The Incident Triage Service will walk customers through diagnosis of the issue, report on everything that was found with recommendations on how to fix what was found and how to prevent reoccurrence, and to help our customers meet their protection goals for their cybersecurity resources and their business.

Summary
Meltdown and Spectre Side-Channel is a serious vulnerability that needs everyone’s attention. While there isn’t an immediate need to panic, urgent diligence should be used to address plausible exposure. TIG stands ready to help our current as well as new customers through this challenging situation. Below are some of the latest notices from vendors as well as cybersecurity organizations:

US-CERT (Center for Emergency Readiness Team): https://www.us-cert.gov/ncas/alerts/TA18-004A
SANS ISC InfoSec Forums: https://isc.sans.edu/forums/
TechTarget SearchSecurity: http://searchsecurity.techtarget.com/news/
Intel Security Advisory: https://security-center.intel.com/advisory
CNET: https://www.cnet.com/how-to/how-to-fix-meltdown-spectre