January 15, 2018

Forcepoint Updates on Spectre and Meltdown

Liem Nguyen

The year 2018 has gotten off to a tough start with the news of the Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) vulnerabilities. This is a broad industry problem that affects almost everyone, everywhere. Processors from Intel, AMD, and ARM are all potentially vulnerable to at least one variant of Spectre or Meltdown which can be implemented within Apple, Linux and Windows environments. However, currently we are unaware of active exploits of this in the wild.

Forcepoint is working with our industry partners to examine these issues carefully and analyze the potential impact to our products, customers and resellers. While updates to systems may be required, due to the way our appliances and cloud operate, we can report today that our exposure is limited, as only our own trusted code should be running on these devices. As soon as patches are made available, Forcepoint will rigorously test these in our performance laboratory and will carefully assess the safest and most pragmatic way to proceed for our customers and partners.

It is important to note for someone to make use of the Spectre/Meltdown attacks requires malicious code to be executed on the target system. This is not a trivial point as the attack path is more complex than a simple phishing attack, for example.

We will continue to update our Forcepoint Security Labs and Insights blogs as well as our Knowledge Base technical articles as new information becomes available.

For the latest information on how this issue affects Forcepoint security products, please see the technical bulletin: Meltdown and Spectre Vulnerability.

Forcepoint Resources on Spectre and Meltdown

Article from Forcepoint chief scientist Dr. Richard Ford: Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Forcepoint Security Labs initial analysis: The Looming Spectre of a Meltdown
Master Forcepoint Knowledge Base Article 000014933: Meltdown and Spectre Vulnerability
Product updates to Forcepoint Knowledge Base Article:
- Forcepoint Web Security (https://support.forcepoint.com/KBArticle?id=000014948)
- Forcepoint NGFW (https://support.forcepoint.com/KBArticle?id=000014989)
- Forcepoint SMC Appliances (https://support.forcepoint.com/KBArticle?id=000014991)
- Sidewinder (https://support.forcepoint.com/KBArticle?id=000014992)

Liem Nguyen

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Learn more about Forcepoint

Forcepoint Updates on Spectre and Meltdown

Liem Nguyen

About Forcepoint

Sign up for the latest from our research and development team

To the Point Cybersecurity

X-Labs

Get insight, analysis & news straight to your inbox

You are here

Liem Nguyen

About Forcepoint

Sign up for the latest from our research and development team