Vulnerabilities give headaches to security teams. RSA aims to improve the user experience and minimize the time of response to these types of attacks. When publishing the Meltdown / Spectre vulnerability, Microsoft released updates to be installed on all Windows operating systems.
However, we have created an Instant Indicator of Compromise (IIOC) to perform validation if the update was installed on each endpoint regardless of the version of the operating system.
When the IIOC does not detect this update on the endpoint, it will trigger:
IIOC configuration:
For your convenience, you can download this IIOC below.
Great content!
It would be good to know if Netwitness for Endpoint would flag Netwitness for Logs & Packets Hardware appliances as vulnerable if these were scanned.