Meltdown and Spectre are read-only attacks or disclosure attacks. In other words, these exploits do not directly force code execution in the OS kernel, in other virtual machines or other programs. However, one could possibly use information gathered from these attacks to feed it into a code execution attack. The primary risk is in stealing information versus controlling a system.
- These are local attacks. Someone would have to first compromise the affected system at the operating system or application level to leverage the exploit to gain system level access. Luckily, most of us are already in the habit of trying to keep the ‘bad guys’ out of our systems.
- The principal threat is to shared hosting environments where multiple users are capable to run code on a single system. AWS and Azure have already deployed mitigation strategies for their cloud environments (as much as can be done at this time), but individual systems have an inherent lower risk because to execute the malicious code, the attacker has already compromised the single system and then you have “bigger fish to fry” anyway.
- Mitigating Meltdown will have a variable performance impact. In a nutshell, the mitigation efforts for Meltdown involve better separating user space programs from the OS kernel. As a result, context switches between the user space and the kernel will get more expensive in terms of processor time. However the actual performance impact of this process is going to vary with the workload and the CPU architecture, but could be as much as 30%.
- The Security ramifications of Spectre and the mitigation approach is still unclear. Spectre represents a new type of attack and is not fully understood so we don't know what we don't know about how to fully mitigate it just yet. Stay tuned to the affected vendor websites for updates.
- Use this article and others to understand the facts around these vulnerabilities and become the trusted advisor to your customers. There is a lot of speculation right now and it’s important that you understand exactly what the issues are so you can propose and provide the right options to your customer.
- Take advantage the opportunity to ensure that your customers have a robust patch management strategy in place. With all of the existing and new security threats, it’s more important than ever that companies stay current on their OS and application patches. At Tech Data, we offer several great patch management solutions including IBM BigFix Patch and MicroFocus Server Automation, to name a few. Ask your Tech Data sales representative for more information about these offerings.
- Look for upcoming opportunities for server and device sales, as many customers will opt to buy new equipment to replace critical infrastructure that can’t be trusted to an OS patch that “may” work. It will take time for the processor vendors to design and release new chips that don’t have this hardware flaw, but when they do, new devices will likely be in high demand.
- Invest in building or expanding a security practice. Customers need your help now more than ever. For an attacker to exploit Meltdown or Spectre, they need to be on your network and have access to a machine to execute the malicious code. It is critical that your customers have solid network security along with endpoint and server security to slow down the bad guys. Tech Data offers security solutions from many of the top vendors in the market and we would be glad to help you build a security practice and form a business plan around how and what to sell to help secure your customers. In addition, Tech Data offers a Security Managed Service called Recon™ that allows channel partners to resell a 24x7 security monitoring solution to ensure that their customers stay on top of their security posture.