Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Avoid Meltdown from the Spectre - How to measure impact and track remediation

3,758 views

Published on

The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible.

During this webcast, Jimmy Graham, Director of Product Management for Qualys Threat Protection and Asset Inventory, showcased solutions that can help you determine the impact of Spectre and Meltdown across your global IT environments.

Understand how:
• To quickly and easily visualize Spectre and Meltdown vulnerabilities within your environment
• To track remediation progress as you patch against Spectre and Meltdown
• The Qualys Asset Inventory and Threat Protection apps will help you automate detection and track remediation progress

Watch the on-demand webcast: https://goo.gl/6FQ6uJ

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Avoid Meltdown from the Spectre - How to measure impact and track remediation

  1. 1. Avoid Meltdown from the Spectre How to measure impact and track remediation Jimmy Graham Director of Product Management
  2. 2. Agenda What are Meltdown and Spectre? What are the risks? What can I do? Patching caveats Spectre/Meltdown Dashboard Demo 2
  3. 3. What are Meltdown and Spectre? 3 Meltdown (CVE-2017-5754) Impacts primarily Intel CPUs Provides access to all physical memory via a user-mode (ring 3) process Results in privilege escalation Spectre (CVE-2017-5753, CVE-2017-5715) Impacts Intel, AMD, and ARM Abuses branch prediction and speculative execution Results in leaking secret data from victim processes Difficult to patch
  4. 4. Is this a big deal? These vulnerabilities are getting attention for a few reasons: They are a new style of attack, difficult to fully remediate, and extremely pervasive This is not the same priority level as EternalBlue / WannaCry — it is lower Organizations should balance operational risk with security risk Understanding impact and having a way to measure the mitigation progress is key 4
  5. 5. What are the risks? 5 Meltdown An attacker could access all physical memory, including kernel memory, resulting in privilege escalation An existing foothold is required for most attacks This vulnerability can be used in chained attacks Spectre The most likely exploit scenario uses JavaScript to escape its sandbox, allowing attackers access to cookies and session keys An attack exploiting Spectre is very difficult because the attacker must first have detailed knowledge of the victim process
  6. 6. What can I do? 6 Meltdown This vulnerability can be almost completely mitigated using KPTI (Kernel Page Table Isolation) via OS patches Linux, Windows, and MacOS patches are available Spectre Patches are available via software updates and processor microcode Intel has released microcode updates Ensuring all browsers are patched will make it very difficult for an attacker to exploit Spectre
  7. 7. Caveats for current Meltdown patches KPTI (KAISER) may cause performance issues for certain workloads Antivirus must be updated on Windows for patches to install Windows Server mitigations are not enabled until a registry key is manually set Does not completely remediate the vulnerability, but makes it very difficult to exploit Microsoft has stopped distributing the patches to AMD systems due to stability issues 7
  8. 8. Caveats for current Spectre patches Microcode updates are distributed via standard repositories for Linux Intel may reissue microcode updates for Broadwell and Haswell architectures due to system reboots Windows users must install an updated BIOS to get the patched microcode (for now?) Software must be recompiled to utilize the protections in the new microcode Browser patches remove high-precision timers, but other methods of creating timers are being developed 8
  9. 9. Recommendations •  Detect vulnerable assets using Qualys VM scans or Agents •  Prioritize patching efforts based on asset risk and exposure •  TEST EVERYTHING •  Make sure 3rd-party antivirus is up to date •  Install browser patches for workstation type-devices •  Patch virtual systems such as Xen, VMWare •  Patch Windows workstations and servers with January patches •  Enable mitigations on servers after testing server workloads •  Install microcode packages for Linux / BIOS updates for Windows 9
  10. 10. How can Qualys help? •  Continuously updated vulnerability detections •  Qualys now has over 75 QIDs to determine patch state for Spectre and Meltdown •  Agentless scanning and Agent-based detections available •  Pre-built Spectre/Meltdown Dashboard for visibility into remediation progress 10
  11. 11. Spectre/Meltdown Dashboard Demo 11
  12. 12. Thank You qualys.com/trial jgraham@qualys.com 12

×