How we managed Meltdown and Spectre to protect our customers

On January 3rd, 2018, the public was notified about two security vulnerabilities dubbed Meltdown and Spectre by researchers, that affected any Intel, AMD or ARM processor created in the last 20 years. These vulnerabilities could potentially allow an attacker to obtain access to sensitive information.

Spectre attacks take advantage of a CPU's branch prediction capabilities. The impact is that a process may leak sensitive data to other processes on a system. Spectre may also allow one part of an application to access other parts of the same process memory space that would otherwise not be permitted.

Meltdown leverages out-of-order execution capabilities in modern CPUs. The impact of Meltdown is that a process running in user space can view the contents of kernel memory.

This is likely the largest security breach in history, so it’s absolutely crucial that organisations are able to deal with these security issues effectively, with minimum disruption to its customer’s operations.

contactSPACE had received the alert about the vulnerabilities on the night of January 3rd and by 11 am January 4th, all our systems were patched and protected. The process involved moving all our systems from infrastructure that were vulnerable, over to infrastructure that had been patched for us by Amazon Web Services (AWS). Our quick response time and a robust networking system meant that the entire process had a very short impact period of only 2 minutes total downtime when other companies would be down for days.

Aside from downtime, it’s been widely reported that the patched systems would suffer a performance degradation of between 30-100%, due to the many additional system processes being implemented by vendors in addressing this issue, however, contactSPACE has recently invested a lot more resources with AWS and doubled the processing power, so this type of performance degradation doesn’t affect our customers.

This experience has highlighted the importance of continuously improving your vulnerability management processes and investing in resources to minimise the impact of significant security issues.

Learn more about Meltdown and Spectre:

https://meltdownattack.com/meltdown.pdf

https://spectreattack.com/spectre.pdf

https://googleprojectzero.blogspot.com.au/2018/01/reading-privileged-memory-with-side.html

contactSPACE is a cloud-based contact centre solution which helps organisations improve the outcomes of their client interactions as well as eliminating the operational complexities which have plagued call centres for decades. The customers' reliance on costly I.T. infrastructure has been eliminated as contactSPACE requires little more than an internet connection and a headset. contactSPACE has successfully shifted the focus from the technology to the operations of contact centres.

L9, 1 Chandos Street
St. Leonards NSW 2065
AUSTRALIA
info@contactspace.com
www.contactspace.com

This release was published on openPR.