Solution providers are witnessing customers invest in everything from endpoint detection and response to hardening production environments to combat the Meltdown and Spectre vulnerabilities.
Sixty percent of partners expect to see an increase in their security business over the next year as a result of Spectre and Meltdown, according to an exclusive CRN survey. CRN conducted an online poll of 190 members of the CRN Channel Intelligence Council, a panel of solution providers representing the broad channel ecosystem in North America.
"I think it's going to be an issue we're facing for a long time," said Michael Lines, VP of strategy, risk and compliance advisory services for Denver-based Optiv, No. 27 on the 2017 CRN Solution Provider 500. "This is going to be very intensive. It's fundamentally a game-changer for clients."
Nearly one-third of partners expect to see an increase of one to nine percent in their security sales due to Spectre and Meltdown, while another 23 percent expect to see an increase of 10 to 19 percent, the survey found. Five percent of survey respondents expect the exploits to drive security sales increases of more than 20 percent over the next 12 months.
"Anytime you have these uber-hyped vulnerabilities that come with their own websites, it raises awareness at the executive level in our client organizations," said Alton Kizziah, vice president of global managed services for Phoenix-based Kudelski Security. "We're getting to the point where the rubber is hitting the road and this can affect our clients."
Those partner sales gains will come as customers ramp up their 2018 security budgets to respond to Spectre and Meltdown. Nearly half of solution providers polled expect to see customer security budget increases of as much as 14 percent in 2018, while 11 percent of partners expect client security budgets to increase by 15 percent or more.
Meltdown and Spectre have heightened demand for endpoint detection and response (EDR) services as clients seek to gain a better understanding of what their exposure is, as well as how to address it, Kizziah said. Customer interest in incident response services has peaked as many clients realize they lack the staff or capability to respond on their own if they're hit, according to Kizziah.
Kudelski can help with both incident response planning as well as the actual response in terms of boots on the ground, Kizziah said.
Although Spectre is relatively new, Kizziah said the delivery mechanisms that take advantage of these vulnerabilities are pretty typical, and include email phishing and third-party compromise. EDR and threat prevention products can detect when a series of executions are taking place due to someone clicking on something they shouldn't have, he said.
Vulnerability scanning, meanwhile, can tell businesses how different machines in their environment would be affected by Meltdown and Spectre, Kizziah said. This will make it possible for companies to effectively prioritize what needs to be patched first and avoid overloading their security teams, according to Kizziah.
Some of Optiv's clients have stepped back and re-evaluated their options due to the performance slowdown and instability associated with the initial batch of Meltdown and Spectre patches, Lines said.
Over time, Lines expects CPU and operating system manufacturers will improve the patches that are released. But for now, he said companies must choose between patching immediately and suffering degradation or implementing other controls to harden their environment and reduce risk.
Businesses have therefore been looking to harden and isolate production environments from the server to eliminate the need for immediate patching and avoid the associated instability or performance degradation, Lines said.
Environments can be hardened by limiting executables and strengthening walls around the exterior, according to Lines, using techniques such as application whitelisting, shutting down unnecessary services, and limiting access via jump-boxing or segmentation.
Organizations with local control over their production environment – even if that takes the form of a virtualized data center – will have more options available to them around hardening their ecosystem, Lines said. But if a large part of a customer's production environment is in the cloud, Lines said the cloud operator is likely going to pursue the implementation of patches.
"You may not have a choice," Lines said. "It's being done for you regardless."
From a solution provider perspective, Lines said Optiv has responded to Meltdown and Spectre by addressing client questions and concerns on a one-to-one basis, writing blog posts and having discussions with media.
Kudelski Security, meanwhile, had been hearing rumors about unnamed vulnerabilities for several days before news of Meltdown and Spectre was officially released, Kizziah said. Kudelski had therefore already put together a team of three or four people to discuss what the company could do right away and had started work on a framework for a security advisory, according to Kizziah.
As a result, Kizziah said Kudelski was pretty-well prepared to write the advisory when news of the vulnerabilities officially came out. From there, Kizziah said the company gave the advisory to its 50 security analysts so that they knew what to do for clients.
"We kind of ramped up as this thing came out," he said.