Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits

3,177 views

Published on

As you've likely heard, Meltdown and Spectre are vulnerabilities that exist in Intel CPUs built since 1995. Hackers can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include passwords stored in a password manager or browser, photos, emails, instant messages and even business-critical documents.

Join us for a technical webcast to learn more about these threats, and how the security controls in AlienVault Unified Security Management (USM) can help you mitigate these threats.

You'll learn:

What the AlienVault Labs security research team has learned about these threats
How to scan your environment (cloud and on-premises) for the vulnerability with AlienVault USM Anywhere
How built-in intrusion detection capabilities of USM Anywhere can detect exploits of these vulnerabilities
How the incident response capabilities in USM Anywhere can help you mitigate attacks

Watch the On-Demand Webcast here: https://www.alienvault.com/resource-center/webcasts/meltdown-and-spectre-how-to-detect-the-vulnerabilities-and-exploits?utm_medium=Social&utm_source=SlideShare&utm_content=meltdown-spectre-webcast

Hosted By
Sacha Dawes
Principal Product Marketing Manager
Sacha joined AlienVault in Feb 2017, where he is responsible for the technical marketing of the AlienVault Unified Security Management (USM) family of solutions. He brings multiple years of experience from product management, product marketing and business management roles at Microsoft, NetIQ, Gemalto and Schlumberger where he has delivered both SaaS-delivered and boxed-product solutions that address the IT security, identity and management space. Originally from the UK, Sacha is based in Austin, TX.

Published in: Technology
  • Be the first to comment

Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits

  1. 1. Jeff Olen, Senior Product Manager, AlienVault Kate MacLean, Senior Product Marketing Manager, Cisco Sacha Dawes, Principal Product Marketing Manager Meltdown and Spectre – How to Detect the Vulnerabilities and Exploits
  2. 2. 2 In this Webcast What are Meltdown and Spectre, and their impact? Detecting and Protecting your Environments with AlienVault® USM Anywhere™ USM Anywhere Live Demo Ask Us Questions!
  3. 3. 3 The News Since Jan 3rd 2018
  4. 4. 4 Timeline Google informs affected companies of Spectre flaw June 2017 Google informs affected companies of Meltdown flaw July 2017 Vulnerabilities made public Jan 2018 First CPUs susceptible to Spectre/Meltdown shipped Jan 1995
  5. 5. 5 Comparing Meltdown & Spectre Meltdown Spectre Affected CPU Types Intel, Apple Intel, Apple, ARM, AMD Attack Vector Execute Code on the System Execute Code on the System Method Intel Privilege Escalation & Speculative Execution (CVE-2017-5754) Branch Prediction & Speculative Execution (CVE-2017-5715 / -5753) Exploit Path Read Kernel Memory from User Space Read Memory Contents from Other Applications Remediation Software Patches Software Patches Source: “A Simple Explanation of the Differences Between Meltdown and Spectre (Jan 3 2018)”, Daniel Miessler, https://danielmiessler.com/blog/simple-explanation-difference-meltdown-spectre/
  6. 6. 6 What Have AlienVault Labs Seen? • Meltdown or Spectre are not known to have been used to steal data  That said, compromise can be difficult to detect • AlienVault Labs has seen samples of malware attempting to exploit the vulnerabilities  Most are variants of the samples provided by the disclosing teams Source: https://otx.alienvault.com/pulse/5a50d6d41f9dd76baa10458c
  7. 7. 7 Are Software Patches Available? • Yes – Early software patches exist for:  Devices: Apple devices, Surface & Surface Book, Android devices  OS: Windows, various Linux distributions (CentOS, Red Hat, Fedora and Ubuntu)  Cloud providers (AWS, Azure, Google) indicate they’ve patched • GitHub* has the latest status on patches • When applying patches, some have seen  System slowdowns  System crashes Source: https://medium.com/implodinggradients/meltdown-c24a9d5e254e * https://github.com/hannob/meltdownspectre-patches
  8. 8. 8 Decrease Your Risk from Meltdown and Spectre • Evaluate and fully test the available patches for your different systems  Apply those patches where possible • Apply the same protections for any malware or ransomware  Evaluate need for services (e.g. SMB), and disable those that are not required  Architect your environment to include network segmentation, and a least-privilege model, to limit ability for any ransomware to traverse the network  Train your organization on how to watch for phishing attempts, and how to report and protect your organization if they think they’ve become infected  Implement a backup plan with offline backups • Deploy AlienVault USM Anywhere to detect vulnerabilities and threats that could be Meltdown/Spectre sourced across your cloud, on-premises & hybrid environments
  9. 9. 9 Vulnerability Assessment Know where the vulnerabilities are to avoid easy exploitation and compromise Behavioral Monitoring Identify suspicious behavior and potentially compromised systems Intrusion Detection Know when suspicious activities happen in your environment SIEM Log Management Correlate, analyze, and report on security event data from your network Asset Discovery Know who and what is connected to your cloud or on-premises environments at all times AlienVault USM Anywhere: A Unified Approach to Threat Detection & Response
  10. 10. 10 Actionable Threat Intelligence Powered by AlienVault Labs Security Research • AlienVault researches emerging threats–so you don’t have to • Continuous Threat Intelligence updates built into your USM Anywhere include: • Correlation directives • IDS signatures • Vulnerability audits • Asset discovery signatures • IP reputation data • Data source plugins & AlienApps • Incident response guidance Supplemented by the AlienVault Open Threat Exchange™ (OTX) • The world’s first truly open threat intelligence community • Collaborate with 65,000+ global participants to investigate emerging threats in the wild • Pulses created within minutes of the first detection of an in-the-wild attack • Subscribe to threat research updates from 73 public groups and other OTX contributors • Leverage the latest OTX threat intelligence directly in your AlienVault USM environment Optimize Threat Detection & Response
  11. 11. 11 Automate & Orchestrate Containment Cloud InfrastructureProductivity Apps IT VirtualizationIT OperationsIT Security A Growing “Galaxy” of AlienApps Respond Automate and orchestrate your threat responses for efficiency Monitor AlienApps collect and enrich data from your environment Detect USM Anywhere uses that data to detect threats and alerts you
  12. 12. 12 It’s Demo Time!
  13. 13. 13 Decrease Your Risk from Meltdown and Spectre • Evaluate and fully test the available patches for your different systems  Apply those patches where possible • Apply the same protections for any malware or ransomware  Evaluate need for services (e.g. SMB), and disable those that are not required  Architect your environment to include network segmentation, and a least-privilege model, to limit ability for any ransomware to traverse the network  Train your organization on how to watch for phishing attempts, and how to report and protect your organization if they think they’ve become infected  Implement a backup plan with offline backups • Deploy AlienVault USM Anywhere to detect vulnerabilities and threats that could be Meltdown/Spectre sourced across your cloud, on-premises & hybrid environments
  14. 14. 888.613.6023 ALIENVAULT.COM CONTACT US HELLO@ALIENVAULT.COM Test Drive USM Anywhere in our Online Demo: Get instant access, no download, no install https://www.alienvault.com/products/usm-anywhere/demo Try it for Free in your Environment : Start detecting threats in less than an hour https://www.alienvault.com/products/usm-anywhere/free-trial Review Pricing and Get a Quote: Multiple tiers available, low annual subscription pricing https://www.alienvault.com/products/usm-anywhere/pricing Questions?

×