Side-channel attacks continue to pummel businesses, leading most business and IT leaders to face their worst nightmare. A survey just out from Deloitte suggests that a majority of U.S. executives have “experienced between one and 10 cyber incidents and breaches in the last year alone.” Most IT leaders find themselves at a crossroads. Either stay the course and keep reacting to events or secure your IT stack with advanced technologies that address security vulnerabilities head-on.
We sat down with ORock Chief Architect Matt Plummer to discuss the wave of escalating cyberattacks hitting U.S. companies and why you and your team should consider a Zero Trust security framework to harden your security when planning your cyber strategy. You can download our white paper to learn more about the industry’s most advanced hardened security solution from Lockheed Martin, Intel and ORock.
What are the security and infrastructure challenges that organizations face today?
Side-channel attacks are on the rise and getting more complex. Traditional security technologies have proven ineffective at detecting and preventing side-channel incidents. In addition to keeping cyber security threats blocked, many organizations are struggling to fully satisfy their regulatory/compliance mandates, such as PCI DSS, FISMA, HIPAA, etc.
While many organizations are actively working to address visibility and threat detection challenges within their cloud and network infrastructure, they lack the security operations infrastructure to respond to issues. Without appropriate security controls widely deployed and properly configured, some organizations are incapable of preventing side-channel attacks.
What are side-channel attacks?
A side-channel attack is a security exploit that attempts to extract secrets from a chip or a system. A side-channel attack breaks through cryptography to steal sensitive data. There are various types of side-channel attacks and they include:
- Electromagnetic – when an attacker measures the electromagnetic radiation or radio waves given off by a target device to reconstruct the internal signals of that device
- Acoustic – when an attacker measures the sounds produced by a device
- Power – when an attacker measures the power consumption of a device or system
- Optical – when an attacker uses visual cues to access information about a system
- Timing – when an attacker measures the length of time an operation takes to access information
- Memory Cache – when an attacker targets memory caching to access information that should be blocked
- Hardware – when an attacker targets the hardware’s weaknesses to exploit a system
Suffice to say that side-channel attacks continue to successfully crack the hardware and software implementations of numerous cryptosystems around the world.
What is an example of a side-channel attack?
Spook.js is an example of a recent side-channel attack that allowed intruders to pass through the Google Chrome web browser, evade security and steal sensitive data, such as credentials and personal information.
What is the Zero Trust model and how can it make my enterprise trustworthy?
Zero Trust is rapidly becoming the model of choice for large enterprises. Zero Trust security alters an organization’s security posture by assuming critical computing assets and data are untrusted until they are authenticated. With Zero Trust, you are granting access to resources that are required at the time they are used.
Companies can accomplish Zero Trust by implementing attribute-based security controls. Attribute-based access controls perform cryptographic verification and authentication of critical resources at the time required to execute.
A security architect must also consider how strong the security boundary of the asset is versus other assets. This is where strong virtualization isolation technologies prevent data spills across security boundaries defined by the cryptographically verified attributes.
How can companies prevent side-channel attacks from affecting their IT systems?
The enterprise can strike back and shield their IT systems with ORock Strata with Lockheed Martin Hardened Security for Intel® Processors. This hardened, full-stack security solution utilizes attribute-based controls to isolate and protect virtual machines (VMs) at runtime and allocate compute resources for more consistent performance that creates a Zero Trust environment. This verified solution on 2nd and 3rd Generation Intel® Xeon® Scalable processors simplifies deployments and helps to protect your most valued data at the edge and in the data center.
ORock Strata runs secure workloads on one of the most protected platforms in the industry, from boot through runtime, and address both security and quality of service (QoS) while delivering unique advantages over traditional security systems.
What should an organization do to ensure it reduces the financial impact and lessens business disruption from these attacks?
When planning your 2022 security plan, the best offense is a great defense. Read this white paper to unlock your arsenal of Hardened Security controls and learn which one can be used to combat standard security attacks.
You can’t treat side-channel attacks the same as we did in the past. By making a hardened security investment, you’ll be glad you did. This solution is tailormade to shield your enterprise against side-channel attacks, ensure business continuity and give you peace of mind in the process.
Matt Plummer
Chief Cloud Architect, ORock Technologies
