So, by now you have heard that a flaw present in most modern Computer Processing Units (CPU) produced in the last decade will require operating system (OS) kernels and system firmware to be overhauled. This flaw is easily exploitable to obtain information from databases, applications and processes running on the system due to the way the CPUs pre-process instructions and access system memory.
The immediate fix is to update the different OS kernels and applicable firmware. However, some security experts are
suggesting that the only real fix is to replace all CPU’s as the only mitigation. In any case, this presents a serious operational challenge to all organizations, including cloud service providers. For example, Azure, AWS and Google have notified customers of major ongoing security updates in the upcoming weeks related to this issue.
And not all devices can be updated. All Apple devices are vulnerable at this time but the kernel fixes will only apply to the latest IOS, macOS and tvOS operating systems. Devices that cannot run the latest OS versions will remain vulnerable.
It is also important to note that there are some needed changes in antivirus tools to properly inspect virtual memory and access. In addition, organizations must now continuously monitor their environments to ensure they are running the latest OS kernel and firmware combinations.
So now what?
First of all, reports indicate that no known exploits have been found at this time. But that just means that none have been detected or seen by security companies or organizations. In fact, the disclosures include proof-of-concept code that is probably being tested by bad actors as you read this.
Second, OS kernel changes will be a software level change, meaning that the underlying hardware will likely remain vulnerable unless firmware patches are released by the hardware manufacturers and OEMs. In fact, security analysts fear that many cheap IoT devices will never be updated.
This will remain a critical issue for months or years to come because of the sheer amount of hardware that needs to be properly inventoried, updated, monitored and potentially replaced to really enact a proper remediation. Visibility will be key in knowing not only what clean-up has been done, but also what remediation is still needed.
DigitalEra partner Trapezoid offers tools to help. Here’s how:
1) Trapezoid’s Firmware Integrity Verification Engine (FIVE) is designed to continuously monitor the firmware regardless of manufacturer or OEM.
2) Trapezoid FIVE can maintain an inventory of hardware platforms and firmware revisions over time to detect whether your systems are threatened by this critical vulnerability, and others like it.
3) Trapezoid can leverage multiple integrity measurement technologies from different OEM’s to identify changes that could be indicators of compromise, and remotely attest to the integrity of your systems.
For more information on these threats and Trapezoid solutions, contact us at email@example.com.
Some links for additional information on Meltdown and Spectre:
Effective this month, compliance with NIST 800-53 and 800-53A applies to all types of organizations at all levels. This includes state, local, and tribal governments as well as all industry and academia. Your organization will be expected to comply.
DigitalEra is bringing together firmware experts José González and Michael Dyer for this timely presentation to review the requirements and share new firmware protection technologies to help you be prepared.
There are two sessions to choose from:
Tuesday, March 14th at 2:00 p.m., ET and Thursday, March 16th at 10:00 a.m. ET.
This 60 minute presentation covers:
- The NIST Rule: Why it now affects you
- Case Studies: The breaches that led to the ruling and how you’re at risk
- NIST Compliance: What you need to know now to comply
- Advanced Technologies for protecting your organization
Find out what you need to do to comply with NIST Regulations and see new technologies for protecting your firmware. Register now.
Guest blog | José González, CEO – Trapezoid, Inc.
Would you secure your windows and doors but leave the basement door wide open?
Well, that’s what organizations are doing with firmware.
Simply put, firmware is the unmonitored and unprotected layer at the bottom of the computer code stack. While existing security tools have a done great job focusing on application and operating system levels, firmware has been overlooked. Exacerbating the problem: Firmware has the most permissions of any code on your system, which increases the impact of an attack.
Firmware is everywhere; from the largest data center to the smallest networked LED light bulb. It is the most powerful code on any system because it controls how other code on a device interacts with its hardware (keyboard, screen, storage, network).
Compromised firmware can corrupt or steal data, spy on your environment or even destroy the system it is controlling.
How firmware gets compromised
Compromised firmware takes two forms: bad actors installing malware posing as legitimate firmware on systems, or manufacturers discovering vulnerabilities in their firmware and publishing updates.
Compromised firmware can shut down your operations by taking out your critical infrastructure. Unmonitored firmware exposes enterprises to an unacceptable level of risk for devastating financial harm to businesses and life-threatening consequences for consumers.
You don’t have to look far for examples of firmware attacks and breaches – they’re in the news daily. From devastating attacks on global routers and national powergrids, to vulnerabilities in medical devices, government and business networks, home computers and devices, smartphones and handheld devices…virtually anything that is part of the “Internet of things”.
Because this is a very real risk, all the major cybersecurity and compliance frameworks include controls dictating best practices around firmware patch management, and many include controls for continuous monitoring of firmware integrity.
Why do so many organizations leave firmware out of their cybersecurity program?
Some do not know these controls exist and apply directly to them. Others mistakenly believe their existing security tools (e.g. AV or file integrity monitoring) already address firmware integrity and related controls. Still others understand the risk, but lack commercially available tools to effectively monitor firmware.
The reality is that regardless of your industry sector, if your aim is to follow cybersecurity and compliance best practices, then you do need a continuous firmware integrity monitoring solution.
While traditional security tools do not address this space, Trapezoid’s Firmware Integrity Verification Engine (“T-5”) is expressly designed to help you protect the integrity of your firmware.
The next generation of firmware protection is here
T-5 closes the “basement door” while providing you visibility into an area previously uninspected. It continuously monitors and alerts on changes in firmware integrity, quickly identifies systems that need patching – and provides threat updates for you to stay on top of newly discovered vulnerabilities. T-5 acts like a firmware DVR to forensically prove to auditors the state of the integrity of your infrastructure from the time T-5 begins monitoring. Because it integrates with existing security tools, T-5 brings visibility of the firmware space, which those tools currently cannot see. Moreover, T-5 meets cyber security compliance controls such as HIPAA, HITRUST, NIST CSF, FISMA/FedRAMP, PCI-DSS, ISO/IEC 20001 and the FFIEC Cybersecurity Assessment Tool.
One thing is clear, the proliferation of the connected devices is not slowing down, and neither are hackers. T-5 is the advanced level of firmware integrity protection you need for all your assets that support your operations, systems, information, finances, revenue streams and people.
For more information on firmware risks and Trapezoid5, visit Trapezoid.com.