Metldown-Spectre vulnerabilities & Indeni

Metldown-Spectre vulnerabilities & Indeni
0

#1

I was thinking that it will be very useful for the Indeni customers to receive an alert if they have network equipment affected by the popular Meltdown and Spectre vulnerabilities. This bug has been described as the “worst ever CPU bug” and could let attackers steal sensitive data.


I see that all the main network vendors (e.g. Fortinet, Checkpoint, Juniper etc) have already published announcements for this major vulnerability which are updated daily.


I did an investigation on the Cisco announcements and in particular to the Cisco Nexus family.

Cisco has officially published several Cisco Nexus models which are affected by these CVEs. Besides, there are two more categories. One category with no affected products and one more which is under investigation and is updated daily.

More info can be found below: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel


Indeni could get the Nexus model and SW version metrics of each device, compare these metrics based on current documentation values and based on the alert rule could be provided the updated remediation steps and best practices for this issue.


I believe it would be great advantage of Indeni to react instantly to such major IT issues such as the Metldown & Spectre taking into account that this issue cannot be tracked by any other logging or SNMP based Monitoring tool.


It would be also very useful the statistics info collected by the indeni insight about this issue and any correlation with other metrics such as increase to CPU usage.


I joined a workshop session at DELL-EMC and appeared that this issue has major effect to the IT market taking into account that the applied current patches for this problem have severe impact to the CPU utilization with an increase up to 30%!


What do think?


#2

This would be a great example of an opportunity for automation! You coined it well! I bet your workshop was facinating.


These kinds of vulnerability instances are all too familiar. They affected me and my network-security colleagues a great deal when we were responsible for not only our inhouse equipment but the hundreds of Cisco, Check Point, Palo gear residing offsite at customers, globally. The race against the clock was beyond a endorphine rush. Not only were these advisories about tracking down affected devices, but also about customer support and service management. To notify and update each customer in a timely and eloquent manner was always a challenge. Ensuring them to, "not panic", "we are on it", "we know the status of all your gear", while in the background me and another teammate would be manually connnecting, sometimes hopping over networks to get to the varying devices to produce a report of "what is" and "what will be" and "when" truthfully. Lots of spreadsheets of human data-entry were kept. If we had known right off the bat who to contact about what device at the click of a couple buttons, our customers and management staff would have rested much easier. <sigh>


SAY YES TO AUTOMATION!



#3

Great idea!


#4

I also did not know about the method which you told here, so i decide to go Norton support for help, they told me the way which looking.