A newly discovered security flaw in Intel processors allows attackers to steal any data that’s been recently accessed by the processor.

Dubbed ZombieLoad, the side-channel attack made big headlines this week. The flaw affects nearly every Intel chip since 2011, according to TechCrunch.

So what is a side-channel attack and why are they so dangerous? We spoke with Dmitriy Ayrapetov, SonicWall‘s executive director of product management, and Paul Ducklin, senior technologist at Sophos, to find out.

Side-channel attacks rely on the exploitation of hardware/processor architectural components to “listen in” on information that they’re not supposed to see, Ayrapetov said.

SonicWall’s Dmitriy Ayrapetov

“By listening in and performing precise timing, they can infer the information stored in parts of the processor cache that they shouldn’t be privy to, and therefore pull off a ‘side-channel’ attack,” Ayrapetov said. “These are different from traditional malware and exploit attacks that rely on corrupting and exploiting software to increase privilege to do something bad, or perform malicious tasks such as encryption, data theft, etc.”

In seeking ever-faster processing speeds, “we’ve been willing to take the risk of leaving the CPUs’s internal security checks until the last possible nanosecond, hoping that we’ll always be able to cancel the side effects of any prohibited data access before any hints leak out,” Ducklin said.

“But transient execution attacks like ZombieLoad remind us that what happens in Vegas doesn’t always stay in Vegas,” he said. “Sometimes, it causes ghostly ripples than can be picked up elsewhere.”

Side-channel attacks are proof-of-concept attacks that have yet to be weaponized, at least according to what’s been made public, Ayrapetov said. The reason why side-channel, and generally processor architectural vulnerabilities, are a big deal is due to their ubiquity (all PCs/servers) and their severity (data theft), he said.

“Many are now coming to light because Meltdown/Spectre ushered in a new era of security research which focused on the previously overlooked layer of computing: the hardware and the processor,” he said. “Now that there’s attention being paid to this area that is difficult to patch and to re-architect, we have inspected and have observed an increasing number of such vulnerabilities being published. The question is — when is this going to become weaponized for mass information stealing?”

Phishing attacks and higher-level software bugs give much bigger, faster and cheaper returns than side-channel attacks, Ducklin said.

Sophos’ Paul Ducklin

“Nevertheless, the fact that transient execution attacks aren’t mainstream malware techniques right now doesn’t mean we can ignore them,” he said. “Attacks only ever get faster and smarter, so we should be using flaws such as Meltdown, Spectre and ZombieLoad as a long-term reminder that we need to put at least as much value on security as we do on performance.”

The organizations that should be most concerned about side-channel attacks are those that …

… run virtualized environments such as public hosting companies, public cloud companies and IT departments that operate private cloud environments that allow for arbitrary virtual machine loads to operate, Ayrapetov said.

“The specific example in which an MSSP can immediately step in to help with side-channel attacks is for their customers that operate private cloud environments,” he said. “What the MSSP should immediately do is assess the processor generations and architectures deployed in their customers’ virtualization environment and immediately apply the vendor-provided patches. Additionally, they can place security technologies such as real-time deep memory inspection (RTDMI) that can scan file transfers against side-channel like attacks.”

Public cloud and private cloud environments are the most susceptible, Ayrapetov said. IT departments running virtual environments that allow arbitrary virtual machine (VM) loads to operate are most in danger, he said.

“If you stop treating cybersecurity as a cost to be minimized and start treating it as a business value in its own right, you open up a lot of mitigations to help you protect against attacks like ZombieLoad, Meltdown and Spectre,” Ducklin said. “You don’t have to wait for the next generation of CPUs to come out if you’re willing to dial performance back a bit right now. At the very least, try it and see; after all, many people used to hate disk encryption ‘because it slows me down,’ only to find that when it was turned on, they couldn’t tell the difference.”

Trend Micro Rolls Out Cloud, Container Protection

Trend Micro has added container security capabilities to Trend Micro Deep Security designed to protect across the entire DevOps lifecycle and runtime stack.

Wendy Moore, Trend Micro’s vice president of product marketing, tells us her company is always trying to enhance and evolve its cloud offerings so that it and its channel partners can grow their market shares in the cloud space.

Trend Micro’s Wendy Moore

“Trend Micro Deep Security provides the opportunity to do just that by boosting container platform protection across platforms like Docker and Kubernetes at runtime of the container,” she said. “This solution also bridges the widespread gap between developers and security teams that can often slow down the DevOps cycle. The solution makes collaboration between the teams more simple and efficient by helping to detect vulnerabilities for early protection at build time while also delivering critical threat protection on premises and at runtime. This in turn relieves typical roadblocks and allows businesses to deliver automated, secured applications to market [more quickly]. Another example of opportunity with the new Deep Security capabilities is that they allow partners to expand their solution offerings to their customers, which gives partners greater revenue opportunity.”

Adding the new container security capabilities to Deep Security gives Trend Micro and its partners a competitive advantage because it combines the many different functions that a customer would need into “one highly automated solution,” Moore said.

“While many of our competitors are providing one-off point solutions that address one piece of the entire DevOps life cycle, Trend Micro Deep Security provides build-pipeline container image scanning and extensive runtime protection,” she said. “This makes everything more streamlined, gives customers full visibility and control, and increases protection across the entire runtime stack.”

Growth Anticipated in Global Cybersecurity

Great news for MSSPs and other cybersecurity providers: The global cybersecurity market is expected to reach …

… nearly $260 billion by 2025, generating a compound annual growth rate of nearly 12 percent.

That’s according to a new report by Allied Market Research. The market totaled $104.6 billion in 2017.

The surge of IoT and BYOD, increasing threats of malware and phishing among enterprises, and increase in demand for cloud-based cybersecurity solutions will facilitate market growth. On the other hand, complexities related to security of devices and budgetary constraints hinder the growth of the market; however, the increase in requirements for strong authentication methods and transformation in antivirus create new growth opportunities, according to the report.

Based on component, the solutions segment accounted for more than two-thirds of total market share, and is expected to continue to dominate in terms of revenue by 2025. This is attributed to the surge in requirements for monitoring external and in-house threats in large, small and medium enterprises. On the other hand, the services segment is expected to grow at the fastest CAGR through 2025. This is due to the rise in adoption of digital technologies across the different industries and need for data privacy and protection.

By deployment type, cloud security is expected to grow the fastest due to demand for cloud-based cybersecurity solutions along with low maintenance and capital costs.

North America is expected to maintain its lead in terms of revenue through 2025, but Asia-Pacific is expected to register the fastest growth rate.

Extreme Networks Unleashes IoT Security

Extreme Networks this week unveiled its ExtremeAI Security application, which uses artificial intelligence (AI) and machine learning to identify and remediate advanced threats against IoT devices.

Extreme Networks’ Abby Strong

ExtremeAI Security delivers visibility and detection of malicious traffic, and real-time monitoring of IoT devices for behavioral anomalies so attackers have nowhere to hide. Through fully automated remediation of suspicious devices and traffic, ExtremeAI Security ensures threats are contained without manual intervention, preventing them from moving across the network.

Extreme’s traffic analytics and visibility capabilities are embedded in this new solution. ExtremeAI Security will be generally available in October.

“Security is top of mind for all of our customers,” said Abby Strong, Extreme’s vice president of product marketing. “They have seen the devastating impact of data breaches across industries and understand that they need to change the way they view security infrastructure. The ability to stop cyberattacks from moving across networks is an absolute necessity to prevent the types of data breaches that can dramatically harm a business. Extreme’s advancements in both security and machine learning will bring added peace of mind and a much-needed extra layer of security for our customers.”