by Andrew Lerner | January 16, 2018 | Submit a Comment
Spectre and Meltdown
are security vulnerabilities that impact all modern microprocessor vendors and most computing devices. Many enterprise IT teams are running around like crazy trying to get a handle on impact.
So far, most of the early talk about these vulnerabilities has been focused on servers and cloud providers. However, these vulnerabilities impact networking products, particulary L4-7 networking appliances, like Application Delivery Controllers
and WAN Optimization Controllers
. This represents both
a security concern and a potential performance hit. We have in-depth research on this coming soon, with Joe Skorupa
leading the networking guidance. That said, we wanted to provide a snippet of the research, including our high-level guidance to networking teams:
First things first, don’t over-react. Your vendors may recommend immediate code upgrades. Don’t upgrade without a clear business need, even if your vendor tells you that patches are available. Dedicated appliances that do not allow you to run 3rd party software are lower-risk. Open virtualized platforms that support 3rd party software (WOCs, ADCs and some data center switches) are at greater risk.
Prioritize upgrades for internet-facing systems. Develop a risk-based roll-out plan for patching open platforms, recognizing that in the short term performance may suffer. Baseline the performance of installed appliances in order to understand how much margin exists in these systems. Be sure to examine historical data to ensure peak load periods are well understood. Pay special attention to devices that already exhibit high-performance thresholds. To deal with performance degradation, work with your procurement organization to develop a strategy to deal with suppliers whose products no longer meet their published specifications. Recognize that their claims were made in good faith.
Finally, this is a moving target. Intel continues to release updates; motherboard providers are updating firmware and OS, and appliance vendors are updating to reduce risk and minimize performance impact. The only certainty is that it will take some number of months for the dust to settle. In the meantime, be prudent. Focus on high risk assets and even then, only upgrade when there is a clear need/benefit. More details will be provided in the upcoming report.
Regards, Andrew (& Joe)
note: I’ll post the full link when the research publishes
Category: adc in-the-news just-published networking woc