Key Elements to Navigate Security for Meltdown and Spectre
January 5, 2018 | Best practices
Ben Banks Director, Information Security
The world is waking up to the extent of the various computer processor related security issues.
Like many other organisations, Ensono is actively working on its response to Meltdown and Spectre to ensure we maintain the highest level of protection for the systems we look after.
Here are some of the key elements we have identified as critical in shaping our organisational response.
Maintain organisational focus and coordinate. The issues that have been identified are serious both in terms of the potential information they could expose and the number of technology platforms they effect.
Making sure that the right teams are focused on these issues, coordinated and that they stay engaged as the situation develops will be critical in ensuring the impact is managed effectively. We have set up a prioritised global team to work on these issues and are making extensive use of collaborative technology to ensure all of our key stakeholders are working together effectively.
Identify your critical business systems, information and areas of technical debt. With a wide-scale issue like this, it pays to know how to prioritise organisational efforts. Business-critical systems hosting sensitive information should be the focus of attention.
Also identifying technical debt (i.e. knowing where there are systems that can’t be secured because of other technology constraints) gives security teams a clear picture of where alternative steps need to be taken to monitor unusual behaviour.
Defence in depth. Defending an organisation’s information assets requires layers of controls to be in place. At a high-level, making sure that all of the security controls in your environment are updated with the latest detection patterns and that they are active is crucial.
These controls – firewalls, intrusion detection systems, anti-malware, vulnerability scans, and browser configurations – can either stop an attacker getting to vulnerable systems in the first place, stop them exploiting the issues or, at the very least, provide a warning so that incident response teams can act.
Be prepared. Although no known exploits for these vulnerabilities are ‘in-the-wild’ that can only be a matter of time. Making sure that you are prepared for any incident before it happens should be a priority. Keep your incident teams on standby. Make sure that they know what to do if there is a suspected problem – identify the issue, contain the impact systems, eradicate the attack and recover back to normal operation.
Don’t rush. One of the things that is particular to the remedial patches applied to systems for Specter and Meltdown is that they can impact system performance. Whilst it is important to deploy patches as quickly as possible they should still be assessed and tested to make sure that they don’t introduce an unacceptable latency into critical systems. If they do, then explore the use of all the other security controls available to mitigate the risk.
Engage. There are many internal and external stakeholders impacted by these issues – clients, suppliers, manufacturers, colleagues and any number of other interested parties. There is no substitute for clear, concise and timely communications. Keeping a regular cadence of updates for all those that need to know the situation ensures that everyone remains informed.
Aligning your team and stakeholders as the situation progresses will ensure proper management and resolution of the vulnerabilities at hand.