Written By Josh Harriman And Presented By Chuck Leaver
Ziften is aware of the latest exploits affecting virtually everybody who deals with a computer system or digital device. While this is a huge statement, we at Ziften are working very hard helping our consumers find susceptible assets, fixing those susceptible systems, and keeping track of systems after the repair for potential efficiency issues.
This is a continuous examination by our team in Ziften Labs, where we keep up to date on the current destructive attacks as they progress. Right now, the majority of the conversations are around PoC code (Proof of Concept) and exactly what can in theory take place. This will soon alter as enemies make the most of these chances. The exploits I’m speaking, obviously, are Meltdown and Spectre.
Much has been written about how these exploits were found and what is being done by the market to discover workarounds to these hardware concerns. For more information, I feel it’s appropriate to head over to the source here (https://spectreattack.com/).
What Should You Do, and How Can Ziften Assist?
An essential area that Ziften helps with in case of an attack by either method is keeping an eye out for data exfiltration. Given that these attacks are generally taking data they shouldn’t have access to, we believe the very first and most convenient methods to safeguard yourself is to take this personal data and remove it from these systems. This data might be passwords, login qualifications and even security secrets for SSH or VPN access.
Ziften checks and informs when procedures that normally do not make network connections begin displaying this uncommon habit. From these alerts, users can quarantine systems from the network and / or kill processes connected with these scenarios. Ziften Labs is keeping an eye on the advancement of the attacks that are likely to become readily available in the real world related to these vulnerabilities, so we can better secure our consumers.
Discover – How am I Vulnerable?
Let’s look at areas we can examine for susceptible systems. Zenith, Ziften’s flagship product, can simply and rapidly discover Operating Systems that need to be patched. Despite the fact that these exploits are in the CPU chips themselves (Intel, AMD and ARM), the fixes that will be offered will be upgraded to the OS, and in other cases, the browser you utilize also.
In Figure 1 below, you can see one example of how we report on the offered patches by name, and what systems have actually effectively installed each patch, and which have yet to set up. We can also track patch installs that stopped working. The example below is not for Meltdown or Spectre, however the KB and / or patch number for the environment could be populated on this report to reveal the susceptible systems.
The very same holds true for browser updates. Zenith keeps track of for software application versions running in the environment. That data can be utilized to comprehend if all web browsers the current version once the fixes become available.
Fix – What Can I Do Now?
Once you have determined susceptible systems in your environment you certainly need to patch and repair them as soon as possible. Some safeguards you need to take into account are reports of specific Anti-Virus products triggering stability issues when the patches are used. Information about these issues are here (https://www.cyberscoop.com/spectre-meltdown-microsoft-anti-virus-bsod/) and here (https://docs.google.com/spreadsheets/u/1/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true).
Zenith also has the ability to help patch systems. We can monitor for systems that need patches, and direct our solution to use those patches for you and then report success / failure and the status of those still requiring patching.
Because the Zenith backend is cloud-based, we can even monitor your endpoint systems and use the needed patches when and if they are not connected to your corporate network.
Monitor – How is Everything Running?
Last but not least, there could be some systems that show performance destruction after the OS fixes are applied. These issues appear to be restricted to high load (IO and network) systems. The Zenith platform assists both security and functional groups within your environment. Exactly what we like to call SysSecOps (https://ziften.com/introducing-systems-security-operations-syssecops/).
We can assist discover issues such as hangs or crashes of applications, and system crashes. Plus, we monitor system usage for Memory and CPU with time. This data can be utilized to monitor and notify on systems that start to exhibit high usage compared to the duration prior to the patch was used. An example of this tracking is shown in Figure 2 below (system names intentionally got rid of).
These ‘defects’ are still new to the public, and much more will be discussed and found for days / weeks / months to come. Here at Ziften, we continue to monitor the circumstance and how we can best educate and safeguard our customers and partners.