Morphisec Cybersecurity Blog

System Gap Protection During Patching Gaps

Written by Tom Bain | January 22, 2018 at 5:18 PM

The recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise.  Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its own set of problems. 

Users are still scrambling to patch systems with an extremely complex mixture of OS, firmware, and application updates. Organizations are encountering slowdowns, blue screens, and reboot problems in their rush to avoid security problems. The entire stack of Spectre and Meltdown fixes have not yet been properly tested and will take time to reach anything resembling stability. 

What is the role of third-party security technology in all of this confusion? These solutions should be protecting endpoints not just from threats, but from the gap in between deploying these patches. It should come as no shock, however, that the majority of antivirus technology could not deliver that capability. Further, being patch-compatible just isn’t enough, and doesn’t protect companies while they are completing the patching process. 

Best practices indicate companies should properly assess, test, and carefully implement updates as they are made available, but what if you are hit with a zero-day during that timeframe? What if malicious code is executed that antivirus engines simply cannot catch, because they are not yet patch-compatible, or there isn’t a signature that exists for a threat they can’t prevent? 

The Patch Gap Problem

While the Meltdown and Spectre vulnerabilities are in a class of their own, protection gaps are nothing new and an ongoing issue for organizations. The window between vulnerability disclosure and patch implementation carries enormous risks for companies. It essentially becomes a race between the hackers and IT teams. And most security solutions offer little protection during this period. 

During major OS updates, just about every antivirus solution requires updates themselves, causing customers to experience a major lag in protecting endpoints just when they are most susceptible to advanced attacks and zero-days. 

Even when patches exist, most companies take an average of 100-120 days to patch vulnerabilities. In the case of Meltdown/Spectre, where there is still no full mitigation available, we don’t know how long the risk window will extend.

It’s All About the Exploits

In order to exploit the vulnerabilities, attackers need to be able to inject and run malicious code on your system. Meltdown requires the attacker to drop and execute an executable on the system; this could be through a variety of attack vectors including web browsers, email, or through the network via exploitation or social engineering. 

Spectre could be exploited using a JavaScript sandbox bypass or attacks on other sandboxed applications such as Office or Acrobat. Expect to see such exploits become part of the standard attacker toolkits. 

So when no fixes are available yet, or they are too unstable to safely apply, what should companies do to protect themselves from the exploits to come?

SYSTEM Gap Protection from Morphisec

Morphisec System Gap Protection puts companies in a uniquely advantageous position against any advanced attack launched during this patch gap. Organizations are protected from potential exploits during any operating system vulnerability patch cycle because Morphisec does not need updating, and is not reliant on the operating system patch or its process. 

Additionally, Morphisec’s solution, unlike all antivirus technology, does not require prior knowledge of a threat to fully prevent attacks targeting the memory layer in unpatched systems. Morphisec is constantly changing what the application memory structures look like to attackers so zero-days and advanced attacks cannot find the resources that they are trying to exploit. 

The Meltdown and Spectre vulnerabilities are a case in point. Morphisec is the only technology that can effectively stop the code execution to leverage the Spectre vulnerability. Morphisec prevents attackers from executing code that targets the memory, rendering data exfiltration and other malicious activity impossible.

How is Your SYSTEM Gap Protection?

How vulnerable is your organization to attack during patching gaps? We’re offering a free System Gap Protection Assessment to help you evaluate your risk. With a better understanding of your security posture, you’ll be able to develop a more effective patching mitigation strategy.