Xavier Trepanier-Taupier

Meltdown / Spectre patch validation with NetWitness for Endpoint

Blog Post created by Xavier Trepanier-Taupier Employee on Jan 23, 2018

Vulnerabilities give headaches to security teams. RSA aims to improve the user experience and minimize the time of response to these types of attacks. When publishing the Meltdown / Spectre vulnerability, Microsoft released updates to be installed on all Windows operating systems.

 

However, we have created an Instant Indicator of Compromise (IIOC) to perform validation if the update was installed on each endpoint regardless of the version of the operating system.

 

When the IIOC does not detect this update on the endpoint, it will trigger:

 

 

IIOC configuration:

 

 

For your convenience, you can download this IIOC below. 

Outcomes