Evolving Solutions Response to Meltdown and Spectre Vulnerabilities

Posted on

Patching your OS to alleviate the latest “Side-Channel CPU” vulnerabilities in Industry Standard CPUs.

Many of Evolving Solutions’ clients are being inundated with emails, theories, and questions regarding the three closely related vulnerabilities involving the abuse of speculative execution in modern CPUs that went public on Tuesday, January 2, 2018.  These vulnerabilities have now been named and classified on CVE (cve.mitre.org/):

  • CVE-2017-5753: Known as Variant 1, a bounds check bypass
  • CVE-2017-5715: Known as Variant 2, branch target injection
  • CVE-2017-5754: Known as Variant 3, rogue data cache load

These have been grouped into two branded vulnerabilities: Meltdown (Variant 3), and Spectre (Variants 1 and 2).  They are also now being called a “Side-channel attack” in the cryptology world.

These vulnerabilities are NOT limited to Intel CPUs.  AMD, IBM Power Systems and some ARM processors will also need to be addressed.

Operating System and Hypervisor Vendors are releasing patches while Hardware OEMs are scrambling to release their “Official Statements” and guidance.  Some OEMs are recommending following the OS / Hypervisor Vendors Guidance, while other are releasing Firmware and / or BIOS updates to be applied along with the OS Patches.

There is a copious amount of information and recommendations that can be found via a web search on the subject, some of it contradictory.  Everything from CERT saying you must “throw away” the CPU to assure removal of the exploit possibility to other internet experts saying this is a lot of to do about nothing.  Yes, both Chicken Little and Pollyanna are weighing in on this one.

Information is also circulating  that the aforementioned patches which separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI will result in some degree of a performance hit.

But what should you do?  What is the proper response for your organization?

Evolving Solutions recommends that you follow the Hardware Vendor and OS Vendor’s guidance.  Additionally, you should understand the vulnerabilities and any fixes in context to your data center, applications and workloads.  It’s important to do your own due diligence and lab or dev environment testing, and have a back out plan.  It’s also important for you to make your own decision on roll out schedule in light of your unique security and business requirements.

We are recommending a cautious approach for several reasons:

  • The vulnerabilities may have a reduced effect on non-outward facing systems that are properly protected
  • The patches have the potential to effect performance and the impacts will likely vary based on workload characteristics.

Included below are links to many of Evolving Solutions’ Partner’s Advisories, Guidance and Patches.

Both the Evolving Solutions technical team and Account Executives are available to provide guidance and help with an approach. Please don’t hesitate to contact them to schedule a conversation or assessment.

Here are some links to help guide you through this:

Vulnerability Descriptions:

OS and Hypervisor Vendor Security Advisories:

Hardware Vendor Advisories and Guidance:

Evolving Solutions Named to 30 Most Innovative Companies List

Posted on

CIO Bulletin includes Minneapolis-based technology solutions provider in its 2017 honor roll.

November 14, 2017 – Evolving Solutions has been recognized by CIO Bulletin in the publication’s 30 Most Innovative Companies 2017 list.

Each year, CIO Bulletin compiles a top 30 list of US companies that are forward thinkers and leaders in innovation.  This year, Evolving Solutions was named to the list for its commitment to providing leading technologies and expert talent.

“Evolving Solutions was founded with the purpose of creating enduring relationships with clients,” said Jaime Gmach, President and CEO. “Key to this purpose is helping clients simplify technology, while staying true to our core values: do the right thing, be a team play and be humbly confident.”

It is this mantra that has led Evolving Solutions through 22 successful years of business. Serving as a different type of technology partner to its clients, Evolving Solutions focuses on creating best of breed industry solutions designed to help clients exceed their business objectives.

“At the heart of our success is our service-centered mentality,” said Gmach. “Having local expertise in the markets we serve is vitally important. We have the right talent in the right place at the right time, and it is a key differentiator for us.”

With technology at the center of every business, Evolving Solutions continues to grow and embrace the evolution of its industry.

Read CIO Bulletin’s full article on “Evolving Solutions: Leading Technologies, from Expert Talent”.

Evolving Solutions Earns Certification for IBM z Systems Mainframes

Posted on

IBM z System Mainframes create enterprise infrastructure for cognitive businesses.

Minneapolis, MN, October 25, 2016 – Evolving Solutions is now an IBM z Systems Mainframe business partner.  Evolving Solutions enters a select group of IBM business partners that offer the powerful z Systems infrastructure. This new certification will allow Evolving Solutions to better serve its clients in today’s mobile, cloud-based world.

IBM z Systems enterprise solutions offer the most robust, secure and scalable solutions for the enterprise.  They enable enterprises to create outstanding customer experiences through mobile and analytics, deliver agility and efficiency through cloud, and ensure always on service and data protection, allowing businesses to take cognitive computing further. IBM z Systems mainframe has been ranked as the most reliable server for the past eight years.

According to IBM, organizations utilize z Systems to build greater business value, reduce cost and create competitive advantage by providing fast, reliable, and continuous service. In fact, the world’s largest retailer uses IBM z Systems to serve 250 million people a week and 92 of the largest 100 banks run on z Systems.  IBM z is the world’s leading cloud platform for enterprise transactions, systems of record and application workloads and provides the necessary power to crunch data to drive real-time insights.

“The z Systems partnership allows us to engage clients with a powerful IBM infrastructure product and service,” said Jaime Gmach, President, Evolving Solutions. “This is especially significant because many businesses utilize a mainframe to run their most mission critical business applications.”

Leading client z Systems solution development for Evolving Solutions will be Scott Rudin, z Systems Sales Executive. Scott has over 25 years of experience with z Systems and will guide clients through the next stage in their cognitive business strategy.  Contact Evolving Solutions today to learn more.