The industry has been racing to fix Meltdown and Spectre, but aside from writing custom SQL queries or by manually checking each system, how do we face the daunting challenge of determining what systems have the compatible Eraser Engine and which ones do not?
The industry has been racing to fix Meltdown and Spectre, but aside from writing custom SQL queries or by manually checking each system, how do we face the daunting challenge of determining what systems have the compatible Eraser Engine and which ones do not?

.

Meltdown and Spectre are critical enough vulnerabilities that need to be patched quickly, however, many organizations using Symantec Endpoint Protection continue to struggle identifying whether they have the right Eraser Engine version updates installed to protect their systems.

 

If you applied that security update to systems in your network running SEP, it is possible your systems experienced a Blue Screen (BSOD) STOP error MEMORY_MANAGEMENT (0x1a) because the Microsoft patch conflicts with Symantec’s ERASER (Expanded Remediation And Side Effect Repair) engine.

 

Essentially, this means that your systems will be vulnerable to any Meltdown/Spectre attacks until:

1. The SEP Eraser Engine is updated to version 117.3.0.358 or greater

2. The Windows Security Updates have been applied

 

Customers who use SOLVE for SEP are able to quickly and efficiently create dashboards to report on their entire SEP deployment displaying what systems were ready for the Meltdown/Spectre Security Update and which systems needed the Eraser Engine updated first.

.

Here is an example of a SOLVE dashboard we were able to build in less than 30 minutes using live data, so we can keep track of the progress instantly.

 

We divided the dashboard by region for the Americas, Europe, and Asia. On the left, we used donut charts to show the Eraser Engine version distribution. On the right side, we used number boards to display the systems that were running a version of the Eraser Engine older than the compatible version required (117.3.0.358).

 

SOLVE dashboards are interactive, so we are able to perform detailed drill-downs on each slice of the donut chart and on the number board in order to get a complete list of the systems. SOLVE for SEP has an integrated scheduler which allows our customers to submit the details to a ticketing system on a regular basis for the appropriate staff to resolve. One of our large enterprise customers explained,

“With SOLVE for SEP, we can now ‘see’ our data and it has saved us countless hours of manual research!”

.

Detailed drill-down in SOLVE for SEP
Here is a sample of the detailed drill-down

 

In order to determine the full magnitude of Spectre/Meltdown and prioritize remediation, it is important to have actionable intelligence and comprehensive real-time visibility across the environment to identify and inventory all known and unknown endpoints to improve your security posture.

 

Stay tuned for future updates, recommendations, and best practices related to Meltdown and Spectre, and for information about how SOLVE can help.

This year will present a time of change for the IT world.   Of course, that is to be expected ever since Moore’s Law was accepted in the tech sector as the mark of processing power doubled every 18 months.   The theory dates back to 1965 yet has been proved correct for five decades and while there has been some drift in those numbers, Moore’s prediction has long been said to be responsible for most of the technological advancements we see in today’s digital age.  We won’t see true death of that theory until quantum computers become a reality. With the rapidly approaching reality of quantum computers, we may finally see Moore’s Law hit its limit.

 

How does this translate to cybersecurity?

 

Data centers and corporate networks have the ability to process information exponentially faster   – meaning more efficient and powerful encryption techniques. However, this processing power is also at the disposal of nefarious actors giving rise to bigger, more detrimental malware and breaches.  Some have estimated that a quantum computer could theoretically improve the efficiency of a brute-force crypto attack significantly. As the future arrives faster every day, we need to be prepared to wield and defend against this double-edged sword.

 

Here is our prediction for the top cybersecurity trends in 2019.

 

 

Reporting and Monitoring

In 2018, we noticed a trend of organizations actively working to improve their reporting and detection capabilities in their environment.  By utilizing tools that query and cross reference information from different systems, these organizations are able to break out of their team silos and see a larger, more comprehensive view of their network.  With the increased speed and diverse nature of attacks that IT security teams are currently attempting to prevent, the ability to centralize, normalize and correlate the data from all of your various security tools in a single pane of glass is not just a “nice to have”, it is an absolute must.

 

All too often software is deployed into an environment with a “set it and forget it” method to merely to fulfill an audit requirement.  Security teams should look beyond just fulfilling minimum standards and proactively protect their environments by leveraging the data that already exists in the environment.

  

Internet of Things

From smart lighting to refrigerators with web browsers to game consoles – “smart devices” have invaded our homes. While these items may be new, trendy and convenient, the security of these devices are questionable and can lead to compromised systems.

 

Several years ago, it was home internet routers being compromised as part of a botnet that could be used as part of a DDoS attack.  Today, they are being compromised to generate Bitcoin or other forms of cryptocurrency.

 

Not only is it impossible to believe that the average user can manually patch all of their appliances and lightbulbs on a regular basis, but most of the time, security patches are not even released for these “smart devices.” While consumer grade security is ranked as low priority because most items are considered novelty or disposable, consumers actually tend to keep these items on their home network for multiple years.  With Amazon, Google, and Apple entering into a market that is always listening, people are learning and starting to demand accountability.    Tech companies need to take responsibility and treat the security of their consumer’s homes just as seriously as they do their own corporate network – even if it is just a fridge with a browser.

  

Artificial Intelligence

We have not yet seen a major breach or malware threat that utilizes AI.  However, as AI becomes more commonplace, it is easy to see how the speed it offers will be very attractive to nefarious agents.

 

Because of the vast resources required, the first attacks will likely be state-sponsored for use in intelligence gathering.   However, as the technology matures and becomes easier to use on a microlevel – the random user will have access to intelligent agents, (though not as comprehensive), that can be deployed from their own home computers.   At this point, we will see a rise of random AI malware.

 

Though I’m not sure if 2019 is the year we see the birth of AI malware, I’m sure it is on the horizon and we will need to take a comprehensive approach to defend against.

 

 

Legacy Systems

As a consultant, every year I am tasked with helping companies tackle legacy systems in their environment.    Figuring out how to segregate, harden, and limit functionality on legacy systems is an on-going issue that almost all companies deal with.   Because these systems are no longer patchable, they present major security concerns for organizations because the software they use is considered “indispensable.” They remain in environments because they are fulfilling a function that cannot yet be replaced, whether due to function or cost. However, the longer they remain on the network, the cost of maintenance and operation continues to rise.

 

Since 2014, organizations have been working to remove the last remnants of Windows XP from their environment.   While most have seen success, the latest thorn in our sides is Windows 7.

It has been predicted by the end of this month, Windows 10 will finally surpass Windows 7 for overall global installations.  With support for Windows 7 ending in 2020, this year we are going to see a major push towards discontinuing the Legacy System cycle that has continues since Windows XP was retired in 2014.   Luckily, many businesses learned their lesson with XP and are taking a proactive approach this time around.

 

 

What Does This Mean for the Future?

We all need to work together.   We need communicate between teams and figure out how we can help each other.   We need to climb out of the idea that one team or another is more important in the corporate culture for securing the network and data center.   We need to be cohesive.  If we work towards that, then maybe we can truly have a great new year.

 

by: Brent Gueth, Principal Security Consultant