https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Security Roundup

Security Roundup: Side-Channel Attacks, Trend Micro, Extreme Networks

  • Written by Edward Gately
  • May 17, 2019
Dubbed ZombieLoad, the side-channel attack made big headlines this week.

A newly discovered security flaw in Intel processors allows attackers to steal any data that’s been recently accessed by the processor.

Dubbed ZombieLoad, the side-channel attack made big headlines this week. The flaw affects nearly every Intel chip since 2011, according to TechCrunch.

So what is a side-channel attack and why are they so dangerous? We spoke with Dmitriy Ayrapetov, SonicWall‘s executive director of product management, and Paul Ducklin, senior technologist at Sophos, to find out.

Side-channel attacks rely on the exploitation of hardware/processor architectural components to “listen in” on information that they’re not supposed to see, Ayrapetov said.

SonicWall's Dmitriy Ayrapetov

SonicWall’s Dmitriy Ayrapetov

“By listening in and performing precise timing, they can infer the information stored in parts of the processor cache that they shouldn’t be privy to, and therefore pull off a ‘side-channel’ attack,” Ayrapetov said. “These are different from traditional malware and exploit attacks that rely on corrupting and exploiting software to increase privilege to do something bad, or perform malicious tasks such as encryption, data theft, etc.”

In seeking ever-faster processing speeds, “we’ve been willing to take the risk of leaving the CPUs’s internal security checks until the last possible nanosecond, hoping that we’ll always be able to cancel the side effects of any prohibited data access before any hints leak out,” Ducklin said.

“But transient execution attacks like ZombieLoad remind us that what happens in Vegas doesn’t always stay in Vegas,” he said. “Sometimes, it causes ghostly ripples than can be picked up elsewhere.”

Side-channel attacks are proof-of-concept attacks that have yet to be weaponized, at least according to what’s been made public, Ayrapetov said. The reason why side-channel, and generally processor architectural vulnerabilities, are a big deal is due to their ubiquity (all PCs/servers) and their severity (data theft), he said.

“Many are now coming to light because Meltdown/Spectre ushered in a new era of security research which focused on the previously overlooked layer of computing: the hardware and the processor,” he said. “Now that there’s attention being paid to this area that is difficult to patch and to re-architect, we have inspected and have observed an increasing number of such vulnerabilities being published. The question is — when is this going to become weaponized for mass information stealing?”

Phishing attacks and higher-level software bugs give much bigger, faster and cheaper returns than side-channel attacks, Ducklin said.

Sophos' Paul Ducklin

Sophos’ Paul Ducklin

“Nevertheless, the fact that transient execution attacks aren’t mainstream malware techniques right now doesn’t mean we can ignore them,” he said. “Attacks only ever get faster and smarter, so we should be using flaws such as Meltdown, Spectre and ZombieLoad as a long-term reminder that we need to put at least as much value on security as we do on performance.”

The organizations that should be most concerned about side-channel attacks are those that …

  • Page 1
  • Page 2
  • Page 3
Tags: MSPs Business of Security Cloud and Edge MSSP Insider Network

Related


  • Social Engineering
    How Are Your Clients Handling Social Engineering? Chances Are, Not Well
    New research from MSP Electric shows where COVID-19-fueled threats are especially problematic.
  • Malware alert
    It's Raining Malware: Understanding and Protecting Against Today's Threats
    From using VPNs to heightened security awareness, companies must work harder to stop attacks as people work from home.
  • Threat protection
    Critical Threat Protection Steps MSSPs, Other Partners Must Take Now
    In this second installment in our series on threat protection, vendors discuss what partners have to do this year.
  • Zero Trust Security
    3 Strategies for Selling Zero Trust in the Channel
    Switching to a zero-trust security approach reduces exposure to potential data breaches and helps drive down fixed costs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • IT Facing Major Security Issues, But Cloud Security May Be Most Immense
  • Despite SIEM Software Adoption, Threat Coverage Comes Up Short
  • Secureworks Debuts New MSSP Partner Track, Analytics Platform
  • Cybercriminals Now Targeting Unemployment Benefit Claims

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

RT @Channel_Expo: A HUGE thank you to our amazing #CPVirtual sponsors and exhibitors! 👏 @ATTBusiness @DellTech @8x8 @lumentechco @telarus @…

March 5, 2021
ChannelFutures

.@okta acquiring rival @auth0 in $6.5 billion all-stock transaction. #security dlvr.it/Rtzwdp https://t.co/4LvHCJuwsR

March 4, 2021
ChannelFutures

.@MicrosoftTeams features are coming to @MSFTDynamics365, the company announced at @MS_Ignite. #MicrosoftIgnite… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@PreciselyData acquired by Clearlake Capital, @TAAssociates. #digitaltransformation dlvr.it/RtzbKg https://t.co/1rNYnTScxq

March 4, 2021
ChannelFutures

Thanks for attending #CPVirtual. Here's a Day 3 wrap and a look ahead to #CPExpo Homecoming in November!… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@Veeam announces six annual Impact Partner Awards, with @SHI_Intl, @LogicalisUS, more. #cloud… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

#XDR can improve operational efficiency for #MSPs. @TrendMicro #security #endpoint #AI #threatintelligence… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@IBM adds two senior execs to leadership team at infrastructure IT spinoff, NewCo. @IBMNews @IBMPartners… twitter.com/i/web/status/1…

March 4, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X