Protect Your Systems from Meltdown and Spectre Attacks | GBAF

Protect Your Systems from Meltdown and Spectre Attacks | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > MELTDOWN AND SPECTRE, HOW YOU CAN BE PREPARED

MELTDOWN AND SPECTRE, HOW YOU CAN BE PREPARED

Published by Gbaf News

Posted on January 18, 2018

7 min read

Last updated: January 21, 2026

Digital asset custody concept showcasing secure digital transactions - Global Banking & Finance Review — An illustration representing digital asset custody within the financial sector, highlighting security and management of digital assets, including cryptocurrencies and tokenization.

Josh Harriman, VP of Professional Services Ziften explains

A key area where we work with customer on battling Meltdown and Spectre, is monitoring for data exfiltration.

Josh Harriman, VP of Professional Services Ziften

Josh Harriman, VP of Professional Services Ziften

As these attacks are taking data they shouldn’t have access to, we believe the first and easiest methods to protect yourself is to take all confidential data off your systems. This data might be passwords, login credentials or even security keys for SSH or VPN access.

Our system will throw up alerts as it monitors processes that do not normally make network connections but start exhibiting this unusual behavior. From these alerts, users can quarantine systems from the network and / or kill processes associated with these scenarios.

How am I Vulnerable?

Let’s look at areas we can monitor for vulnerable systems. Our solution can easily and quickly find Operating Systems that need to be patched. Even though these exploits are in the CPU chips themselves (Intel, AMD and ARM), the fixes that will be available will be updated to the OS, and in other cases, the browser you use.

In Figure 1 below, you can see one example of how we report on the available patches by name, what systems have successfully installed each patch, and which have yet to install. We can also track failed patch installs. The example below is not for Meltdown or Spectre, but the KB and/or patch number for environment could be populated on this report to show the vulnerable systems.

aosp1

Figure 1: Tracking operating system patch installs in Ziften Zenith

The same holds true for browser updates. We monitor for software versions running in the environment. That data can be used to understand if all browsers are up to date once the fixes become available. Speaking of browsers, one area that has already picked up steam in the attack scenarios is utilizing Javascript. A working copy is shown here (https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript).

Products like Edge browsers do not use Javascript anymore and mitigations are available for other browsers. Firefox has a fix available here (https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/). A Chrome fix is coming out this week.

What Can I Do Now?

Once you have identified vulnerable systems in your environment you certainly want to patch and fix them as soon as possible. Some safeguards you need to take into consideration are reports of certain Anti-Virus products causing stability issues when the patches are applied. Details about these issues are here (https://www.cyberscoop.com/spectre-meltdown-microsoft-anti-virus-bsod/) and here (https://docs.google.com/spreadsheets/u/1/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true).

We also have the capability to help patch systems. We can monitor for systems that need patches and direct our product to apply those patches for you and then report success/failure and the status of those still needing patching. Since the Zenith backend is cloud-based, we can even monitor your endpoint systems and apply the required patches when and if they are not connected to your corporate network.

Monitor – How is Everything Running?

Lastly, there could be some systems that exhibit performance degradation after the OS fixes are applied. These issues seem to be limited to high load (IO and network) systems. Our platform helps both security and operational teams within your environment. What we like to call SysSecOps

We can help uncover issues such as application crashes or hangs, and system crashes. Plus, we monitor system usage for Memory and CPU over time. This data can be used to monitor and alert on systems that start to exhibit high utilization compared to the period before the patch was applied. An example of this monitoring is shown in Figure 2 below (system names intentionally removed).

memory and cpu usage by system

Figure 2: System Memory and CPU Usage over time

These ‘flaws’ are still new for the public, and much more will be discussed and is covered for days / weeks / months to come. My company will continue to monitor the situation and how we can best educate and protect our customers and partners.

Josh Harriman, VP of Professional Services Ziften explains

A key area where we work with customer on battling Meltdown and Spectre, is monitoring for data exfiltration.

Josh Harriman, VP of Professional Services Ziften

Josh Harriman, VP of Professional Services Ziften

As these attacks are taking data they shouldn’t have access to, we believe the first and easiest methods to protect yourself is to take all confidential data off your systems. This data might be passwords, login credentials or even security keys for SSH or VPN access.

Our system will throw up alerts as it monitors processes that do not normally make network connections but start exhibiting this unusual behavior. From these alerts, users can quarantine systems from the network and / or kill processes associated with these scenarios.

How am I Vulnerable?

Let’s look at areas we can monitor for vulnerable systems. Our solution can easily and quickly find Operating Systems that need to be patched. Even though these exploits are in the CPU chips themselves (Intel, AMD and ARM), the fixes that will be available will be updated to the OS, and in other cases, the browser you use.

In Figure 1 below, you can see one example of how we report on the available patches by name, what systems have successfully installed each patch, and which have yet to install. We can also track failed patch installs. The example below is not for Meltdown or Spectre, but the KB and/or patch number for environment could be populated on this report to show the vulnerable systems.

aosp1

Figure 1: Tracking operating system patch installs in Ziften Zenith

The same holds true for browser updates. We monitor for software versions running in the environment. That data can be used to understand if all browsers are up to date once the fixes become available. Speaking of browsers, one area that has already picked up steam in the attack scenarios is utilizing Javascript. A working copy is shown here (https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript).

Products like Edge browsers do not use Javascript anymore and mitigations are available for other browsers. Firefox has a fix available here (https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/). A Chrome fix is coming out this week.

What Can I Do Now?

Once you have identified vulnerable systems in your environment you certainly want to patch and fix them as soon as possible. Some safeguards you need to take into consideration are reports of certain Anti-Virus products causing stability issues when the patches are applied. Details about these issues are here (https://www.cyberscoop.com/spectre-meltdown-microsoft-anti-virus-bsod/) and here (https://docs.google.com/spreadsheets/u/1/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true).

We also have the capability to help patch systems. We can monitor for systems that need patches and direct our product to apply those patches for you and then report success/failure and the status of those still needing patching. Since the Zenith backend is cloud-based, we can even monitor your endpoint systems and apply the required patches when and if they are not connected to your corporate network.

Monitor – How is Everything Running?

Lastly, there could be some systems that exhibit performance degradation after the OS fixes are applied. These issues seem to be limited to high load (IO and network) systems. Our platform helps both security and operational teams within your environment. What we like to call SysSecOps

We can help uncover issues such as application crashes or hangs, and system crashes. Plus, we monitor system usage for Memory and CPU over time. This data can be used to monitor and alert on systems that start to exhibit high utilization compared to the period before the patch was applied. An example of this monitoring is shown in Figure 2 below (system names intentionally removed).

memory and cpu usage by system

Figure 2: System Memory and CPU Usage over time

These ‘flaws’ are still new for the public, and much more will be discussed and is covered for days / weeks / months to come. My company will continue to monitor the situation and how we can best educate and protect our customers and partners.