If any more evidence was needed that perimeter protection alone is not enough to keep a business secure, the recent Meltdown and Spectre vulnerabilities should put the issue to rest. These vulnerabilities are at the core of how the CPU operates, and investment needs to be shared equally between protection, detection, response and intelligence in order to mitigate the threat.
We now know that patching against Meltdown can slow down machines by almost a third, while the only solution against Spectre is to replace your machines with a redesigned CPU which could take years. The latter solution may sound extreme, but that’s what US-CERT recommends.
Remember anything else you buy today will have the same vulnerabilities and any ‘nextgen vendor’ claiming to have the silver bullet is just selling snake oil.
Research shows most organisations spend 85 per cent of their security budgets on perimeter protection, while only 1 per cent detected a threat via logs in the past 12 months. This shows limited budgets are being wasted on ineffective controls that could never hope to achieve what is promised in marketing materials.
So, what does this mean for the future? Well, we don’t expect any IOT devices vulnerable to these flaws to ever be patched, but we do expect far worse CPU level threats to be discovered in the coming years. This is because the veil has been lifted and researchers now know where to look, shifting their focus from software to hardware.
Just like ransomware was an endless tide last year, a tsunami of hardware vulnerabilities is looming in the coming years.
Given the presence of these vulnerabilities in virtually all machines, it is essential to focus on post-compromise responses instead of hoping for perimeter defences to do what they’ve never been able to do. The LMNTRIX Active Defense approach to detection and response applies across the entire breadth and width of the Kill Chain, as well as the MITRE ATT&CK Matrix. By taking an end-to-end view of the attack cycle, Active Defense provides holistic coverage against a range of delivery mechanisms, including those in these hardware-based attacks. Although definitive protection will occur once Intel updates their processors, LMNTRIX’s multi-layer approach is well-positioned to stop a targeted attack leveraging these new exploits before any damage or loss occurs.