The recent disclosures of the Spectre and Meltdown vulnerabilities underscores the need for cloud computing customers to fulfill their role in the cloud shared responsibility model, embraced by AWS Security, Azure and Google Cloud. This blog serves to provide an overview of these vulnerabilities, their impact on cloud service providers, and details the steps RedLock has taken to protect our customers and the RedLock infrastructure.
Spectre and Meltdown, vulnerabilities discovered and disclosed recently by Google researchers, are different variants of the same fundamental vulnerability targeted at computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Technically, there are three variations, each given its own CVE number. Two of those variants are grouped together as Spectre and the third is dubbed Meltdown, described as:
- Meltdown: The impact is a process running in user space is able to view the contents of kernel memory. The software mitigations for Meltdown are referred to as KAISER (KPTI), which aim to improve separation of kernel and user memory pages.
What is the Potential Impact to AWS, Microsoft Azure, and Google Cloud?
Multi-user and multi-tenant systems such as public cloud computing environments are at risk. Malicious actors could potentially rent, or otherwise gain access to, cloud compute services and attack other customers using the same host. As such, major cloud service providers such as Amazon, Microsoft, and Google have taken measures to protect against these exposures.
How is RedLock Mitigating these Vulnerabilities for the RedLock Infrastructure?
Customer security is the top priority at RedLock. Our incident response team has been actively monitoring and addressing these vulnerabilities. RedLock has applied all known fixes and patches to the RedLock Cloud 360™ platform to guard against these vulnerabilities, specifically:
- RedLock leverages Amazon Web Services, as well as Google Cloud, and reaps the benefits from the measures applied by the respective cloud service providers.
- All applicable software mitigations have been applied to the RedLock infrastructure to address these vulnerabilities. This included updating anti-virus software to ensure that Microsoft security updates are being received and applied.
- RedLock personnel workstations and web browsers have been updated with the latest patches to prevent exploitation.
- The RedLock DevOps team is actively monitoring the RedLock Cloud 360 platform, and scaling infrastructure as necessary to mitigate any performance impact.
Leveraging RedLock to Secure Your Environment
RedLock customers can leverage the RedLock Cloud 360 platform to identify vulnerable hosts within their environments. You can easily create an alert policy, supported through our vulnerability management integrations with Amazon Inspector and Tenable.io. By ingesting these feeds in real-time and correlating them with host information, RedLock can identify any hosts that have been affected.
Creating a specific policy to look for CVE-2017-5754 (Meltdown) and CVE-2017-5753, CVE-2017-5715 (Spectre) in your environment is a snap. And RedLock goes far beyond basic vulnerability identification by providing additional context. For example, the following screenshot shows a RedLock query that is looking for the Spectre and Meltdown CVEs AND workloads that are Internet facing, running a database application, and are consistently receiving malicious traffic from public internet.
After this query is created, it can easily be converted into a policy, as shown below.
Further, once the policy is in place, RedLock will generate an alert if a cloud workload is discovered with those vulnerabilities.
While Meltdown and Spectre are likely to fade from the headlines, enterprises should continuously monitor their cloud computing workloads in order to maintain a secure environment. RedLock’s ability to ingest and correlate data from multiple sources provides real-time insights, informing of both what can go wrong, but more importantly, what is going wrong now, how it occurred, and what impact it has on your organization.
Learn More About Vulnerability Management in Public Cloud Environments
You're invited to join RedLock's live webinar on March 29th at 10 AM PT/ 1 PM ET.
We'll discuss why your current standalone on-premise vulnerability management tools were not designed for public cloud architectures and identify vulnerable hosts and implement mitigations in your public cloud environment.