Marinos Roussos

Performance impact assessment on NetWitness HW appliances with new kernel patch (CVE-2017-5753, CVE-2017-5754, CVE-2017-5715)

Discussion created by Marinos Roussos on Feb 14, 2018
Latest reply on Feb 23, 2018 by Marinos Roussos

Now that RSA have released the Red Hat kernel patches for side-channel analysis attacks (also known as Meltdown and Spectre), I would like to know the performance impact that these kernel changes could potentially have.


This is regarding Netwitness for Logs & packets (Security Analytics 10.6.x)  on physical appliances.


There are plenty indications and evidence that some patches for these vulnerabilities can cause CPU performance degradation and/or unexpected reboots. So my main question is whether this has been tested against and what would be the remediation should we discover that the hardware appliances are not fit for purpose anymore, after installing the kernel patch?


For example, both Series 4S and 5 physical Log Decoder can handle 30K EPS sustained and much higher peaks with minimal parsers&feeds enabled. What are the figures post-patching?


I'm looking for some technical feedback and not a link to DSA-2018-027: RSA Security Analytics Security Update for multiple embedded component vulnerabilities     that I'm querying about.