I was thinking that it will be very useful for the Indeni customers to receive an alert if they have network equipment affected by the popular Meltdown and Spectre vulnerabilities. This bug has been described as the “worst ever CPU bug” and could let attackers steal sensitive data.
I see that all the main network vendors (e.g. Fortinet, Checkpoint, Juniper etc) have already published announcements for this major vulnerability which are updated daily.
I did an investigation on the Cisco announcements and in particular to the Cisco Nexus family.
Cisco has officially published several Cisco Nexus models which are affected by these CVEs. Besides, there are two more categories. One category with no affected products and one more which is under investigation and is updated daily.
More info can be found below: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
Indeni could get the Nexus model and SW version metrics of each device, compare these metrics based on current documentation values and based on the alert rule could be provided the updated remediation steps and best practices for this issue.
I believe it would be great advantage of Indeni to react instantly to such major IT issues such as the Metldown & Spectre taking into account that this issue cannot be tracked by any other logging or SNMP based Monitoring tool.
It would be also very useful the statistics info collected by the indeni insight about this issue and any correlation with other metrics such as increase to CPU usage.
I joined a workshop session at DELL-EMC and appeared that this issue has major effect to the IT market taking into account that the applied current patches for this problem have severe impact to the CPU utilization with an increase up to 30%!
What do think?