Spectre & Meltdown: A Use Case in Endpoint Security

By: Absolute Security | 3/27/2018

While software vulnerabilities are more prevalent, hardware flaws aren’t anything new. And, they are back in the news again with more vulnerability disclosures at the processor level, this time impacting AMD chips.

Most organizations have at least a few legacy machines still churning away, either because it’s a dusty relic of a long-passed merger, it’s simply been forgotten about, or because it still works and budgets are tight. Logical, sure, but we forget old machines usually mean out dated – and therefore sorely ineffective – security measures. As was the case with the Spectre and Meltdown emergency earlier this year, new vulnerabilities at even the lowest and most fundamental level do happen. Chip manufacturers work diligently to address the bugs as they become known but the fix doesn’t come quick or easy at the hardware level. Adding to this is the massively widespread deployment numbers… which only slows down the remediation process.

As manufacturers fight the good fight to keep their products secure, you, their user, must also be vigilant. If you feel like you’ve heard this message before, you absolutely have. But it’s worth repeating because patching remains one of the most important and effective security tactics in your cybersecurity arsenal. Hackers are persistent in their search for a way in; and hardware and software have holes. Those are the facts. It’s your job to put up defenses to minimize the potential damage that can be done when those issues are found.

We could debate the who-knew-what-when topic at length when it comes to vulnerabilities becoming public knowledge and patches getting deployed. But in the end, all of that is out of our control. What is in our control is getting our endpoints, both hardware and software, patched in a timely manner when those updates become available. Which brings up another interesting question – do you really know how many endpoints you have and where they reside? It doesn’t matter if your endpoint sits on the boss’ desk in company headquarters or it travels with a third party contractor who relies on coffee shop Wi-Fi and a home office network. If it has a way to access your organization and its data, cyber thieves are interested in exploiting it.

Reaching Out to Take Control of Your Endpoints

Every organization faces the challenge of endpoint visibility. At Absolute, we have built a business around helping customers with this very issue. For example, we have a global IT staffing and services consultancy customer that must manage their own endpoints as well as the thousands of devices that are contracted to their customers. When news of Spectre and Meltdown broke, they needed a fix fast.

To assess and then push out the software updates required by Spectre and the hardware fixes needed by Meltdown across their customer base, the consultancy turned to Absolute Reach. Starting with their customer inventory list and relying on management queries from Absolute, the firm knew what was out there either by domain or by device. Some endpoints resided on the network, others didn’t. Armed with that information and using the custom query and remediation features of the Absolute platform, their customers could detect all endpoints and deploy automation commands to remediate, with literally just a few clicks.

The process not only remediated the problem on-demand, it provided confirmation the necessary tasks were completed so customers could stay in compliance. The IT consultancy’s customers were safe and their IT services provider didn’t have to pile on a bunch of extra billable hours to address the vulnerabilities. The IT services provider expertly managed the entire situation for their customers which of course was a win-win.

While no one can predict the ultimate impact of Spectre Meltdown, or the announcements of future vulnerabilities, we do know more vulnerabilities are out there, as are breached endpoints. If you’re looking to get a better handle on your endpoints so that you’re better prepared for the next wave, you can start with our quick risk assessment. We’d love to spend some time showing you just how powerful Reach, and the Absolute platform can be.

Financial Services