Meltdown and Spectre: If you aren’t monitoring your firmware, now would be good time to start.
So, by now you have heard that a flaw present in most modern Computer Processing Units (CPU) produced in the last decade will require operating system (OS) kernels and system firmware to be overhauled. This flaw is easily exploitable to obtain information from databases, applications and processes running on the system due to the way the CPUs pre-process instructions and access system memory.
The immediate fix is to update the different OS kernels and applicable firmware. However, some security experts are
suggesting that the only real fix is to replace all CPU’s as the only mitigation. In any case, this presents a serious operational challenge to all organizations, including cloud service providers. For example, Azure, AWS and Google have notified customers of major ongoing security updates in the upcoming weeks related to this issue.
And not all devices can be updated. All Apple devices are vulnerable at this time but the kernel fixes will only apply to the latest IOS, macOS and tvOS operating systems. Devices that cannot run the latest OS versions will remain vulnerable.
It is also important to note that there are some needed changes in antivirus tools to properly inspect virtual memory and access. In addition, organizations must now continuously monitor their environments to ensure they are running the latest OS kernel and firmware combinations.
So now what?
First of all, reports indicate that no known exploits have been found at this time. But that just means that none have been detected or seen by security companies or organizations. In fact, the disclosures include proof-of-concept code that is probably being tested by bad actors as you read this.
Second, OS kernel changes will be a software level change, meaning that the underlying hardware will likely remain vulnerable unless firmware patches are released by the hardware manufacturers and OEMs. In fact, security analysts fear that many cheap IoT devices will never be updated.
This will remain a critical issue for months or years to come because of the sheer amount of hardware that needs to be properly inventoried, updated, monitored and potentially replaced to really enact a proper remediation. Visibility will be key in knowing not only what clean-up has been done, but also what remediation is still needed.DigitalEra partner Trapezoid offers tools to help. Here’s how:
1) Trapezoid’s Firmware Integrity Verification Engine (FIVE) is designed to continuously monitor the firmware regardless of manufacturer or OEM.
2) Trapezoid FIVE can maintain an inventory of hardware platforms and firmware revisions over time to detect whether your systems are threatened by this critical vulnerability, and others like it.
3) Trapezoid can leverage multiple integrity measurement technologies from different OEM’s to identify changes that could be indicators of compromise, and remotely attest to the integrity of your systems.
Some links for additional information on Meltdown and Spectre:
Trackback from your site.