Understanding Spectre and Meltdown: The Facts, How to Mitigate, Where We Go from Here

Webinar Registration

The reason Spectre and Meltdown are so unique and getting so much attention is because they are basically hardware vulnerabilities, not bugs in software, and you can’t patch hardware like you can with software.

And the impact is catastrophic: the attacker can read data from any place in physical memory including passwords, password hashes, encryption keys and so on from other processes or even the kernel itself. Also, since Spectre and Meltdown happen at the hardware level you can’t detect them very easily, or at all in some cases, with software.

But none of this means that we are suddenly powerless against attackers. First, OS vendors are adding additional checks and restrictions to their software that, for a performance penalty, attempt to address some of the risks.

In this webinar, I’ll explain these two attacks at a level that makes sense for technical infosec pros. That means we’ll be getting into things like:

  • Technical background on race conditions, side-channel attacks, and virtual memory
  • Recap what’s affected by these exploits, which are not exclusive to Intel processors
  • Hardware implications for vendors like Intel, and the OS implications for companies like Microsoft, Apple and Linux
  • The price you pay in terms of performance

Finally, we’ll assess the real world risk of these exploits and what user organizations can do to protect themselves. And there’s a lot we can do. As an example, think about this: these exploits are just another set of arbitrary and malicious instructions and we know how to combat arbitrary code attacks. Spectre and Meltdown should be treated like zero-day attacks that don’t get patched. That means implementing compensating controls.

Please join us for this real training for free event.

First Name:   
Last Name:   
Work Email:  
Job Title:  
Zip/Postal Code:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources