Event-driven security automation for Spectre and Meltdown

January 16, 2018 - Rhett Glauser

IT Security Vulnerabilities

With the emergence of Spectre and Meltdown our industry is dealing with yet another batch of severe IT security vulnerabilities. The protectors and maintainers of our digital world are scrambling to make sense of it all and many find themselves kicking the tires on traditional security and patch management processes and tools. These Spectre variants are different than what we’ve seen in the past and are notable in complexity and scale, and the impact of these bugs could be substantial if not quickly remediated. Fortunately SaltStack event-driven security automation is built for this job.

SaltStack Enterprise Compliance Solution

The public cloud providers like AWS, Microsoft Azure, and Google Cloud were quick to respond with fixes to keep their customers’ digital infrastructure secure, but they can’t help fix the billions of devices and on-premises systems owned and maintained by all the IT organizations around the world. The pressure is on these IT organizations to quickly remediate Spectre to secure company infrastructure and data.

So how do cloud providers respond so quickly to remediate an inevitable and ongoing parade of security vulnerabilities? No doubt they spend substantial time on their architecture and process and are ready to act immediately as needed. But these organizations typically manage infrastructure at massive scale and no amount of process will make up for good automation.

Regarding the Spectre vulnerabilities, CERT recommends, “Apply updates. Operating system, CPU microcode updates, and some application updates mitigate these attacks.” Depending on the size and diversity of the infrastructure under management, this little sentence from CERT could mean a lot of work and late nights for the folks managing and securing it all.

Gartner suggests, “Prepare for more patches and firmware upgrades during the next 24 months, as incompatibilities are discovered, performance is improved and new types of attacks are disclosed.”

Many large SaltStack customers are telling us there is no way to update their tens of thousands of vulnerable systems in a timely, efficient and effective manner except through SaltStack event-driven security automation. Sneaker net is not an option. Human error potentially creates more problems than solutions. Fortunately a bit of SaltStack security automation has the potential to eliminate a world of hurt.

Learn from Spectre so you’ll be ready for the next one. Get your process in order, take another look at your security posture and architecture, and get event-driven security automation for vulnerability audit, heterogeneous configuration, patch management, remediation and compliance…like Arthur did.

SaltStack command to fix Spectre

To learn how to make Spectre remediation easy watch this recording of Christer Edwards of Adobe and Mark Hopper of SaltStack discuss and demonstrate how to use event-driven security automation and compliance to detect and fix the Spectre and Meltdown vulnerabilities.