AV and NGAV will not be able to defend against Spectre and Meltdown vulnerabilities explicitly but may be able to detect and stop malware attempting to exploit these vulnerabilities.

Spectre and Meltdown vulnerabilities can be used by hackers to read privileged memory. One such use case is to leverage this as part of a privilege escalation exploit in order to take over the affected systems. Spectre can also be leveraged as part of remote exploitation scenario. For example, an attacker can leverage Spectre in order to read the entire address space of a browser process remotely by crafting malicious javascript code, note that in order to fully exploit the browser another unrelated vulnerability will be needed.

Multi-Layered Security: To complement pre-infection defenses, like NGAV, we suggest deploying post infection protection capabilities, like enSilo’s endpoint security agent. enSilo software has full kernel level visibility on the endpoint and can malware threats, that utilize Spectre and Meltdown vulnerabilities, in a real-time basis.

enSilo had early access to the Windows patch released by Microsoft on January 4, 2018  and had been thoroughly testing it during the past month. No updates are required to the existing enSilo platform in order to be protected from attacks that are leveraging this vulnerability. Matrix42’s Automated Endpoint Security by #enSilo pre and post infection prevention capabilities can fully protect against malware like #Spectre and #Meltdown.

Product infoMore infoFree trialFree trial