The recent disclosures of the Spectre and Meltdown vulnerabilities underscores the need for cloud computing customers to fulfill their role in the cloud shared responsibility model, embraced by AWS Security, Azure and Google Cloud. This blog serves to provide an overview of these vulnerabilities, their impact on cloud service providers, and details the steps RedLock has taken to protect our customers and the RedLock infrastructure.
Spectre and Meltdown, vulnerabilities discovered and disclosed recently by Google researchers, are different variants of the same fundamental vulnerability targeted at computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Technically, there are three variations, each given its own CVE number. Two of those variants are grouped together as Spectre and the third is dubbed Meltdown, described as:
What is the Potential Impact to AWS, Microsoft Azure, and Google Cloud?
Multi-user and multi-tenant systems such as public cloud computing environments are at risk. Malicious actors could potentially rent, or otherwise gain access to, cloud compute services and attack other customers using the same host. As such, major cloud service providers such as Amazon, Microsoft, and Google have taken measures to protect against these exposures.
How is RedLock Mitigating these Vulnerabilities for the RedLock Infrastructure?
Customer security is the top priority at RedLock. Our incident response team has been actively monitoring and addressing these vulnerabilities. RedLock has applied all known fixes and patches to the RedLock Cloud 360™ platform to guard against these vulnerabilities, specifically:
Leveraging RedLock to Secure Your Environment
RedLock customers can leverage the RedLock Cloud 360 platform to identify vulnerable hosts within their environments. You can easily create an alert policy, supported through our vulnerability management integrations with Amazon Inspector and Tenable.io. By ingesting these feeds in real-time and correlating them with host information, RedLock can identify any hosts that have been affected.
Creating a specific policy to look for CVE-2017-5754 (Meltdown) and CVE-2017-5753, CVE-2017-5715 (Spectre) in your environment is a snap. And RedLock goes far beyond basic vulnerability identification by providing additional context. For example, the following screenshot shows a RedLock query that is looking for the Spectre and Meltdown CVEs AND workloads that are Internet facing, running a database application, and are consistently receiving malicious traffic from public internet.
After this query is created, it can easily be converted into a policy, as shown below.
Further, once the policy is in place, RedLock will generate an alert if a cloud workload is discovered with those vulnerabilities.
While Meltdown and Spectre are likely to fade from the headlines, enterprises should continuously monitor their cloud computing workloads in order to maintain a secure environment. RedLock’s ability to ingest and correlate data from multiple sources provides real-time insights, informing of both what can go wrong, but more importantly, what is going wrong now, how it occurred, and what impact it has on your organization.
You're invited to join RedLock's on-demand webinar.
We discussed why your current standalone on-premise vulnerability management tools were not designed for public cloud architectures and identify vulnerable hosts and implement mitigations in your public cloud environment.