In early January, two attack scenarios – Spectre and Meltdown – were disclosed that exploit a vulnerability in the hardware architecture of most processor types. Attackers can use this vulnerability to read data from local memory.
Since the vulnerability is located in the hardware, securing systems is a complex task that requires security patches for operating systems, drivers and browsers.
The following Intel products are vulnerable:
- All Intel Core CPUs (as of 2008)
- Intel Atom series C, E, A, x3 and Z
- Celeron and Pentium series J and N
For more detailed information, see the Intel website.
We recommend running the cognitix Threat Defender on Intel CPUs. In doing so, we are convinced that the Threat Defender is not at risk from Spectre and Meltdown. The Threat Defender runs independently as a server while Spectre and Meltdown use client software (browser) to target the local client hardware.
Furthermore, there are no active administrator accounts on the Threat Defender that can be accessed from the outside.
Also, the frameworks used for the server component are up-to-date.
Only in virtual environments, there is a risk of attack if the virtual environment is not secure. In this case, the Threat Defender may be attacked by another VM running on the same host if the host is attacked. Never trust a security system if you cannot trust its underlying structure. Consult the provider of your virtual environment in this matter.
To further protect the Threat Defender against Spectre and Meltdown, we are improving our product. Currently, we are validating and integrating the available patches for operating systems. Although we do not expect any performance losses for the analytics engine, we are also re-evaluating the performance values.
We are planning to release these improvements with the next Threat Defender version at the turn of the month (January/February 2018).You can find further information on Spectre and Meltdown here.