{"id":1242,"date":"2018-01-18T10:21:15","date_gmt":"2018-01-18T14:21:15","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1242"},"modified":"2018-02-23T11:31:03","modified_gmt":"2018-02-23T15:31:03","slug":"dr-eric-cole-discusses-meltdown-spectre","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/","title":{"rendered":"Dr. Eric Cole Discusses Meltdown and Spectre Flaws"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1243\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg\" alt=\"eric cole meltdown spectre interview\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\">Here at Solutions Review we\u2019ve been providing <a href=\"solutionsreview.com\/endpoint-security\/intel-confirms-long-standing-microprocessor-chip-hacking-vulnerability\/\" target=\"_blank\" rel=\"noopener\">extensive<\/a> <a href=\"solutionsreview.com\/endpoint-security\/microsoft-halts-amd-meltdown-patches-after-complaints-of-frozen-endpoints\/\" target=\"_blank\" rel=\"noopener\">coverage<\/a> of the Meltdown and Spectre revelations and the <a href=\"solutionsreview.com\/security-information-event-management\/living-spectre-fallout-meltdown-spectre\/\" target=\"_blank\" rel=\"noopener\">fallout<\/a> from them. We even spoke to <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/neil-weitzel-cygliant\/\" target=\"_blank\" rel=\"noopener\">Neil Weitzel<\/a>, Director of Security Research at SIEM vendor Cygilant, about what these flaws might mean for the future of cybersecurity.<\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/security-information-event-management-vendor-map\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_VM_SB.jpg\" alt=\"Download Link to SIEM Vendor Map\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\">We\u2019ve been lucky to also speak with InfoSec expert Dr. Eric Cole about these vulnerabilities, and he offered his own opinions on the matter. Think of this interview as a companion piece to our first interview, offering a different perspective and best practices in the wake of these discoveries.<\/p>\n<h4 style=\"text-align: justify\"><strong>Solutions Review: Intel has been downplaying the severity of Meltdown and Spectre as threats. Do you agree with them that the dangers are being over-exaggerated, or is this far more serious than Intel wants to admit? <\/strong><\/h4>\n<p style=\"text-align: justify\">Dr. Eric Cole: All threats are serious, but as I\u2019ve said many times the severity of a threat or data breach is all about how much data was compromised. At this point, there\u2019s no evidence that Spectre or Meltdown have resulted in serious losses of data. Don\u2019t get me wrong, they certainly could, and this is why it\u2019s important for individual consumers and enterprises to apply the patches the vendors are providing.<\/p>\n<p style=\"text-align: justify\">Also, you need to look at this from a couple of different perspectives. As an individual owner of a Mac or PC, these threats won\u2019t affect me any more or less than any other threat if I don\u2019t do anything stupid \u2013 and by that, I mean click on suspicious links or attachments. Neither Meltdown nor Spectre can be remotely activated without some code injection. So, if that code never makes it onto a user\u2019s machine, they\u2019ll be fine.<\/p>\n<p style=\"text-align: justify\">The real concern is with cloud service providers whose servers house the data of multiple customers. If servers get compromised using these exploits, then the damage could be widespread.<\/p>\n<h4 style=\"text-align: justify\"><strong>SR: Should these issues have been discovered much sooner than they were? <\/strong><\/h4>\n<p style=\"text-align: justify\">EC: Technologically, we wouldn\u2019t be where we are today without the amazing advances in chip processing speed. Companies like Intel, AMD and ARM have been on the forefront of chip design.<\/p>\n<p style=\"text-align: justify\">As for their \u201cdiscovery\u201d \u2013 the features that enable Meltdown and Spectre have been around for nearly 20 years. The real discovery is that they can be exploited to extract data, and that\u2019s a function of the increasing sophistication of the hacking mind, although it\u2019s important to note that these issues were discovered by Google engineers and not by malicious actors.<\/p>\n<h4 style=\"text-align: justify\"><strong>SR: Patches are being released daily to alleviate Meltdown and Spectre. What do you make of these patches? Will they be enough to solve the problem?<\/strong><\/h4>\n<p style=\"text-align: justify\">EC: Once any vulnerability has been exposed, the race begins to patch and mitigate it. Patches may not be enough to solve the problem, especially since Spectre is truly embedded in the chip design. But as with any vulnerability, patches are essential to slowing down the adversary. The good news with both these exploits is that they still rely on injecting malicious code into the target. So, if machines are protected from malware, the threat of these chip-based side channel attacks is mitigated.<\/p>\n<h4 style=\"text-align: justify\"><strong>SR: There have been increasing reports that the patches released aren\u2019t integrating with anti-virus software. Does this foretell of future security problems? <\/strong><\/h4>\n<p style=\"text-align: justify\">EC: This is largely a result of Microsoft\u2019s announcement that anti-virus software must conform to Microsoft\u2019s Meltdown\/Spectre fixes to allow future security updates. This is largely for corporate customers running commercial-grade anti-virus programs.<\/p>\n<h4 style=\"text-align: justify\"><strong>Thanks again to Dr. Eric Cole for his time and expertise! <\/strong><\/h4>\n<p style=\"text-align: justify\">Eric Cole, PhD, is an industry-recognized security expert with over 30 years of experience in consulting, training, public speaking, and expert witness testimony. The founder and CEO of Secure Anchor Consulting, Dr. Cole\u2019s career has spanned industry and government roles including CTO at McAfee, Chief Scientist for Lockheed Martin, and member of the Commission on Cyber Security for the 44th President, Barack Obama. He is most recently the author of <em>Online Danger: How to Protect Yourself and Your Loved Ones from the Evil Side of the Internet<\/em> available on <a href=\"https:\/\/www.onlinedanger.com\" target=\"_blank\" rel=\"noopener\">www.onlinedanger.com<\/a> or on Amazon.<\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>Here at Solutions Review we\u2019ve been providing extensive coverage of the Meltdown and Spectre revelations and the fallout from them. We even spoke to Neil Weitzel, Director of Security Research at SIEM vendor Cygilant, about what these flaws might mean for the future of cybersecurity. \u00a0 We\u2019ve been lucky to also speak with InfoSec expert [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1243,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1,3,43],"tags":[95,145,521,112,281,21,57],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Dr. Eric Cole Discusses Meltdown and Spectre Flaws<\/title>\n<meta name=\"description\" content=\"We spoke with InfoSec expert Dr. Eric Cole about the Meltdown and Spectre security vulnerabilities and best practices moving forward.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dr. Eric Cole Discusses Meltdown and Spectre Flaws\" \/>\n<meta property=\"og:description\" content=\"We spoke with InfoSec expert Dr. Eric Cole about the Meltdown and Spectre security vulnerabilities and best practices moving forward.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-18T14:21:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-23T15:31:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/\",\"name\":\"Dr. Eric Cole Discusses Meltdown and Spectre Flaws\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg\",\"datePublished\":\"2018-01-18T14:21:15+00:00\",\"dateModified\":\"2018-02-23T15:31:03+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"We spoke with InfoSec expert Dr. Eric Cole about the Meltdown and Spectre security vulnerabilities and best practices moving forward.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"eric cole meltdown spectre interview\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Dr. Eric Cole Discusses Meltdown and Spectre Flaws\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dr. Eric Cole Discusses Meltdown and Spectre Flaws","description":"We spoke with InfoSec expert Dr. Eric Cole about the Meltdown and Spectre security vulnerabilities and best practices moving forward.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/","og_locale":"en_US","og_type":"article","og_title":"Dr. Eric Cole Discusses Meltdown and Spectre Flaws","og_description":"We spoke with InfoSec expert Dr. Eric Cole about the Meltdown and Spectre security vulnerabilities and best practices moving forward.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2018-01-18T14:21:15+00:00","article_modified_time":"2018-02-23T15:31:03+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/","name":"Dr. Eric Cole Discusses Meltdown and Spectre Flaws","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg","datePublished":"2018-01-18T14:21:15+00:00","dateModified":"2018-02-23T15:31:03+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"We spoke with InfoSec expert Dr. Eric Cole about the Meltdown and Spectre security vulnerabilities and best practices moving forward.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/01\/nuclear-warning-mod.jpg","width":800,"height":400,"caption":"eric cole meltdown spectre interview"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/dr-eric-cole-discusses-meltdown-spectre\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Dr. Eric Cole Discusses Meltdown and Spectre Flaws"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1242"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1242"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1242\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/1243"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}