{"id":1228,"date":"2018-01-12T11:00:27","date_gmt":"2018-01-12T15:00:27","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1228"},"modified":"2018-02-23T11:31:04","modified_gmt":"2018-02-23T15:31:04","slug":"neil-weitzel-cygliant","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/","title":{"rendered":"Neil Weitzel of Cygliant Discusses Meltdown and Spectre"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1229\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg\" alt=\"weitzel interview metldown spectre \" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Intel\u2019s <a href=\"https:\/\/solutionsreview.com\/endpoint-security\/intel-confirms-long-standing-microprocessor-chip-hacking-vulnerability\/\" target=\"_blank\" rel=\"noopener\">announcement<\/a> of long-standing microprocessor security flaws\u2014nicknamed Meltdown and Spectre\u2014have sent panic through the cybersecurity world. The revelation that speculative execution\u2014the process by which microprocessors anticipate future operations and pre-run them accordingly\u2014 left nearly every computer and endpoint vulnerable to malicious code accessing their memory banks opened a floodgate of questions from all sides.<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/security-information-event-management-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_VM_SB.jpg\" alt=\"Download Link to SIEM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To help us make sense of the severity of this news, we spoke with Neil Weitzel, Director of Security Research at Boston-based <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/top-6-siem-vendors-watch-2018\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">SIEM vendor<\/span><\/a><span style=\"font-weight: 400\"> Cygilant. Here\u2019s a transcript of our conversation, edited for readability: \u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><b>Solutions Review: Intel has been downplaying the severity of Meltdown and Spectre as threats. Do you agree with them that the dangers are being over-exaggerated? Or is this far more serious than Intel wants to admit?<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Neil Weitzel: While a critical vulnerability, the likelihood of an exploit occurring is low. Most attackers would need to be state-sponsored or highly technical\u2014think stuxnet. <\/span><\/p>\n<p style=\"text-align: justify\"><b>SR: Intel and other microprocessor manufacturers are refusing to call this a design flaw. Is it, in your opinion? Should these issues have been discovered much sooner than they were?<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">NW: This is a design flaw because our unprivileged processes are address and access privileged processes or cache. These issues may have been known for some time, but this is the first public disclosure to this magnitude. Just because a vulnerability is made known to the public one day doesn\u2019t mean it hasn\u2019t been available or used previously.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yes, this should have been discovered and steps toward remediation should have been taken sooner.<\/span><\/p>\n<p style=\"text-align: justify\"><b>SR: Patches are being released daily to alleviate Meltdown and Spectre. What do you make of these patches? Will they be enough to solve the problem?<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">NW: The patches address the hardware vulnerability from a software perspective. This means the design flaw and vulnerability are still available; the software is merely treating a symptom, not the actual problem.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The patches mitigate the Meltdown ability by removing much of the addressable, privileged processes address from the userspace. Spectre is being patched by attempting to isolate branch predictions to one process, but this is a bit trickier.<\/span><\/p>\n<p style=\"text-align: justify\"><b>SR: There have been <a href=\"https:\/\/solutionsreview.com\/endpoint-security\/microsoft-halts-amd-meltdown-patches-after-complaints-of-frozen-endpoints\/\" target=\"_blank\" rel=\"noopener\">increasing reports<\/a> that the patches released aren\u2019t integrating with anti-virus software. Does this foretell of future security problems, or is this a minor issue? <\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">NW: This is because many anti-virus programs run in privileged processing space; changing how the operating system or applications utilize memory and processes may cause the anti-virus software to create a system malfunction. Similarly, the major anti-virus vendors are working with the vendors that are patching applications and software to ensure their products will work properly after an update.<\/span><\/p>\n<p style=\"text-align: justify\"><b>SR: How do you foresee the discovery of Meltdown and Spectre changing the way microprocessors are manufactured? Or how anti-malware\/endpoint security\/SIEM solutions are designed in the future?<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">NW: We will likely need to take these types of vulnerabilities into account when we design systems. We need to keep sensitive workloads on machines and systems [separate from] non-sensitive workloads. Similarly, we need to educate end-users on how they may introduce these exploits by accidentally running nefarious code or applications\u2014through unsolicited attachments and portable media storage, for example.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">As for SIEM, [it will be about creating] a whitelist of known-good processes and connections\u2014web access, application services\u2014and [using] it to audit what is currently running on your systems. Anti-virus and malware solutions may attempt to monitor process sharing and reading in future iterations, much like how mobile intents are handled in Android.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Thanks again to Neil Weitzel for speaking with us! You can find out more about Cygilant <\/span><a href=\"https:\/\/www.cygilant.com\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">here<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n<p>Neil Weitzel has 10 years of professional technology experience. In addition to being an expert application penetration tester Weitzel is also an excellent instructor and leader: outside of Cygilant, he is an active member of the security community by delivering lectures at DEF CON, OWASP and Denver Security Meet-ups.<\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>Intel\u2019s announcement of long-standing microprocessor security flaws\u2014nicknamed Meltdown and Spectre\u2014have sent panic through the cybersecurity world. The revelation that speculative execution\u2014the process by which microprocessors anticipate future operations and pre-run them accordingly\u2014 left nearly every computer and endpoint vulnerable to malicious code accessing their memory banks opened a floodgate of questions from all sides. \u00a0 [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1229,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1,3,43],"tags":[95,447,145,86,511,21,22],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Neil Weitzel of Cygliant Discusses Meltdown and Spectre<\/title>\n<meta name=\"description\" content=\"we spoke with Neil Weitzel, Director of Security Research at Boston-based SIEM vendor Cygilant about the severity of Meltdown and Spectre.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Neil Weitzel of Cygliant Discusses Meltdown and Spectre\" \/>\n<meta property=\"og:description\" content=\"we spoke with Neil Weitzel, Director of Security Research at Boston-based SIEM vendor Cygilant about the severity of Meltdown and Spectre.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-12T15:00:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-23T15:31:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/\",\"name\":\"Neil Weitzel of Cygliant Discusses Meltdown and Spectre\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg\",\"datePublished\":\"2018-01-12T15:00:27+00:00\",\"dateModified\":\"2018-02-23T15:31:04+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"we spoke with Neil Weitzel, Director of Security Research at Boston-based SIEM vendor Cygilant about the severity of Meltdown and Spectre.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"weitzel interview metldown spectre\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Neil Weitzel of Cygliant Discusses Meltdown and Spectre\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Neil Weitzel of Cygliant Discusses Meltdown and Spectre","description":"we spoke with Neil Weitzel, Director of Security Research at Boston-based SIEM vendor Cygilant about the severity of Meltdown and Spectre.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/","og_locale":"en_US","og_type":"article","og_title":"Neil Weitzel of Cygliant Discusses Meltdown and Spectre","og_description":"we spoke with Neil Weitzel, Director of Security Research at Boston-based SIEM vendor Cygilant about the severity of Meltdown and Spectre.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2018-01-12T15:00:27+00:00","article_modified_time":"2018-02-23T15:31:04+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/","name":"Neil Weitzel of Cygliant Discusses Meltdown and Spectre","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg","datePublished":"2018-01-12T15:00:27+00:00","dateModified":"2018-02-23T15:31:04+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"we spoke with Neil Weitzel, Director of Security Research at Boston-based SIEM vendor Cygilant about the severity of Meltdown and Spectre.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/microprocessor-2-mod.jpg","width":800,"height":400,"caption":"weitzel interview metldown spectre"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Neil Weitzel of Cygliant Discusses Meltdown and Spectre"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1228"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1228"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1228\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/1229"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}