Statement Regarding Meltdown and Spectre Vulnerabilities
SilkRoad is committed to keeping customer information secure. With the surge in interest around the vulnerabilities associated with Spectre and Meltdown, we wanted to provide customers a more complete overview of the steps we’ve taken to address these vulnerabilities. Unlike other threats, these vulnerabilities are unique because they affect how the underlying operating system processes data, and they impact the way hardware addresses and processes data. This is causing hardware manufactures to also release patches to mitigate the vulnerabilities.
As part of our ongoing security reviews, SilkRoad identified all systems currently impacted by Spectre and Meltdown. We ensure the integrity of all patches provided by SilkRoad’s third-party vendors through a rigorous vetting process. This ensures the integrity of customer processing systems.
All newly released software patches from Microsoft are being evaluated in our test environment. However, during testing Intel released a statement alerting their customers to a potential fault in their patch. We have paused this process as of January 22, 2018, but will resume once Intel has provided new information or a new patch.
The SilkRoad security team monitors industry websites for vendor updates, and when the vendors release updated patches, the newly released patches will be vetted in our test environment to ensure the integrity of the patch before applying the patch to production systems.
How are we protecting your data in the meantime?
SilkRoad has taken the following steps while waiting for updated vendor patches:
- Updated the detection and prevention signatures on the Intrusion Protection appliance(s)
- Removed Internet access from the customer database servers
- Increased vulnerability scanning to weekly for all production systems
- Configured the SEIM to alert if suspicious Spectre or Meltdown activity is detected
Based on our security review, we believe the risk level to our customer information is low, and we continue to be on top of completing the patching process. As stated before, we take this vulnerability very seriously and are dedicated to ensuring that SilkRoad data is thoroughly patched and continuously monitored for any malicious activity.
If you have any questions, please reach out to your account manager.