GLENDALE, CA, July 17, 2018 – Although modern existence depends to a high degree on the proper and uninterrupted operation of critical infrastructure such as utilities, transportation, or healthcare systems, a new report from Positive Technologies presents evidence that the vast majority of these critical entities remain highly vulnerable to cyber-attacks. The research findings, the result of penetration tests and security audits performed on behalf of industrial companies, show that 73% of tested corporate information systems have insufficient perimeter protection against external attacks.1 “The report describes a number of scenarios based on common vulnerabilities of large-scale systems,” says James D’Arezzo, CEO, Condusiv Technologies. D’Arezzo, whose company is a world leader in I/O reduction and SQL database performance, adds, “What this really means is that in an age of heightened security threats and challenges, hardware and software providers must continuously release patches and fixes to stay ahead of the curve. These patches tend to degrade performance which then becomes a problem as well.”
Late last year, for example, Windows, Linux, and macOS all received security patches that significantly altered how the system handles virtual memory. In January, it was announced that the patches merely designed to deal with two separate families of exploitable flaws, named Meltdown and Spectre. Both attacks take advantage of the fact that all modern processors perform speculative execution, i.e. they guess what is coming and plug it in to save time. Spectre is a general attack based on a range of speculative execution features. Meltdown uses speculative execution to leak kernel data to regular user programs; the patches work by removing shared kernel mapping, which increases security but can also significantly degrade system performance.2
A new attack this summer involved a variant of Spectre. The difference is that instead of attempting to read an array element that doesn’t exist, it attempts to write an array element that doesn’t exist. This attack method can be tremendously powerful, allowing an attacker to execute a code of their own choosing and completely compromise a buggy application. A range of software fixes for the problem have been devised. The first is to insert a delay between testing to see if an array element actually exists and then using it. The second is to constrain the array elements so that, for example, any attempt to speculatively access an element is always directed at the first element of the array.3
“Hacking and cyber-crime aren’t going to go away,” says Condusiv’s D’Arezzo, “and neither are the efforts of hardware and software developers to thwart them. There will continue to be a flood of patches and fixes, which can both degrade performance and-as we’ve seen with Spectre and Meltdown-create vulnerabilities if the fixes aren’t deployed.”
Between that and the constant need to process more data more quickly, optimizing performance becomes a constant issue. Condusiv Technologies has more than thirty years of experience in this area, offering software to maintain high performance on Windows-based systems. It can improve a storage and server system’s I/O efficiency-the basic determinant of data processing throughput-30% to 50% or more, with no additional hardware cost.
About Condusiv Technologies
Condusiv® Technologies is the world leader in software-only storage performance solutions for virtual and physical server environments, enabling systems to process more data in less time for faster application performance. Condusiv guarantees to solve the toughest application performance challenges with faster-than-new performance via V-locity® for virtual servers or Diskeeper® for physical servers and PCs. With over 100 million licenses sold, Condusiv solutions are used by 90% of the Fortune 1000 and almost three-quarters of the Forbes Global 100 to increase business productivity and reduce data center costs while extending the life of existing hardware. Condusiv Chief Executive Officer Jim D’Arezzo has had a long and distinguished career in high technology.
Condusiv was founded in 1981 by Craig Jensen as Executive Software. Jensen authored Diskeeper, which became the best-selling defragmentation software of all time. Over 37 years, he has taken the thought leadership in file system management and caching and transformed it into enterprise software. For more information, visit https://condusiv.com.
1. Zurkus, Kacy, Most Industrial Networks Vulnerable to Attack,” Infosecurity, May 4, 2018.
2. Bright, Peter, “Meltdown and Spectre: every modern processor has unfixable security flaws,” Ars Technica, January 3, 2018.
3. Bright, Peter, “New Spectre-like attack uses speculative execution to overflow buffers,” Ars Technica, July 10, 2018.
For more information, visit condusiv.com.
Follow us on Twitter and Like Us on Facebook