As many of you have read or heard in the news recently, the Meltdown and Spectre vulnerabilities are a large concern for many organizations and Technology Managers. The issue is not specific to any one vendor and takes advantage of techniques commonly used in most of the modern processor architectures. This means that a large range of products are affected, from desktops and laptops to servers and storage, even smartphones. You should note, and as Intel reports in their FAQ, researchers have only demonstrated a proof of concept.
Here are some suggestions that you and/or your organization can take to help mitigate the risks from the Meltdown and Spectre Vulnerabilities:
- Update the Operating Systems of your desktops, laptops, servers or physical appliances to the latest available security patches regularly
- Update your Anti-virus software regularly, or install anti-virus software on your desktops and servers if you do not currently have any installed
- Update your web browser to the latest version
- Update Java to the latest version
- Update the software on your cellphone or mobile device if an update is available
- Check with the manufacturer of your servers, storage, switches, firewalls, routers, desktops, laptops, etc., for any firmware updates to their processors or BIOS
- Update your software based systems like your virtual environment hypervisor, exchange server, etc.
At CloudSAFE, we are aware of the side-channel analysis vulnerabilities (known as Meltdown and Spectre) affecting many modern microprocessors and we are adopting measures as they become available to ensure the security and reliability of our services . In response to the potential Meltdown and Spectre Vulnerabilities, CloudSAFE continues to take the following precautionary steps to ensure the security of our customers and their data:
- CloudSAFE continues to practice good security and compliancy hygiene. This includes ensuring devices are updated with the latest patches, employing anti-virus updates and advanced threat protection solutions, as well as encrypting data.