Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
The Aftermath of Meltdown and Spectre: Now What?
The recent unveiling of the widely reported Meltdown and Spectre attacks, which exploit critical vulnerabilities in modern processors, sent many within and outside the security industry into a tizzy. In the days following their public announcement, companies are struggling to understand the scope of the issue, their vulnerability and what they can do about it.
My colleague’s recent post on the matter focuses on one the first concerns for most organizations in the wake of the news: patch your systems. In this case, patches will be needed across a vast array of operating systems, and many of these patches are still to be developed and released. While alarming, this discovery also offers the opportunity for every organization to prepare for the next crisis, which is imminent in today’s threat landscape.
The immediate question most business, IT and security leaders ask when trying to prepare for the next “big one” is: “Where do I begin? I have to do something!” My response to this question, in the immortal words of Douglas Adams, is, "Don't panic!" This is the unknown of the unknowns, and it’s human nature to panic in situations like these. Remember that making decisions while in this state of mind will usually end badly.
Once your blood pressure has come down, then what? My recommendation is to ensure you have two critical processes in place as part of a robust information security program:
These processes will help minimize the vulnerability’s potential impact to the business, and they are invaluable to show during internal reviews and external audits from regulators. In particular, the threat component of threat and vulnerability management requires that you have the ability to keep a constant awareness of new threats and vulnerabilities as they arise. This can be accomplished by leveraging paid threat subscriptions and public threat exchanges so you can properly assess the impact of those threats to your organization and determine what should be done about them.
While the scope of the recent Meltdown and Spectre vulnerabilities may be huge, the fundamental challenges for organizations are the same as with every other major vulnerability announced over the years. The key when faced with these situations is to take a step back and keep in mind that managing a security program is not and never will be a one-time effort. Tomorrow there will be a new challenge to face. But having a strong plan and solid processes in place will make what feels like a daily grind more manageable and effective.
February 04, 2016
Reduce your information risk through better vendor management.
Let us know what you need, and we will have an Optiv professional contact you shortly.