Anomaly detection helps against the exploitation of vulnerabilities »Meltdown« and »Spectre«

, Leipzig
  • The cyber security vulnerabilities »Meltdown« and »Spectre« threaten the future of Industry 4.0.
  • Companies need a comprehensive defense-in-depth strategy to secure their networks against exploitation of vulnerabilities.
  • With an industrial anomaly detection, companies can detect attacks which utilize vulnerabilities at any time.

Leipzig, Germany, January 17, 2018 ‒ The announcement of the structural vulnerabilities »Meltdown« and »Spectre« prevalent in almost all IT systems across the world are causing great uncertainty. What happens, if a vulnerability cannot be easily patched through an update and the infrastructure stays open to malware attacks? Particularly "Spectre" is a vulnerability companies will have to live with for quite some time. Hence, the network security and stability is at stake.

Industry 4.0 and KRITIS are affected

This also applies to Industry 4.0 environments and critical infrastructures. Even if the exploitation of the vulnerabilities requires more elaborate skills and means with ARM processors, which are often used in the industrial environment: it is not impossible. In addition, in a networked Industry 4.0 environment, a single vulnerable device is sufficient to gain access to the entire network and inject malicious software. This can even be the simple office printer. Once attackers successfully compromise this single device, they can use the vulnerabilities to query relevant data to venture deeper into the network.

Companies need an effective Defense-In-Depth strategy

Companies must deal with the reality that classic (defending) IT cybersecurity systems can be underminded. They should focus on the implementation of a defense-in-depth strategy that is not limited to securing the periphery of their networks.

»If legitimate gates can be opened on the network peripherals and end-point devices due to »Spectre« and »Meltdown«, there is no firewall or virus scanner to help«, warns Martin Menschner, CTO at Rhebo. »The guards become blind and deaf. And we can assume that in the next few years further structural vulnerabilities will become public, which cybercriminals and other actors may already exploit today. The level-1-safeguarding with firewall and co. needs a safety net that identifies the incidents to which this first instance is ineffective. In industrial environments such as automation, process, energy, and water industries, an industrial anomaly detection can form this level-2 safety net.«

After all, a malicious software that has been penetrated a network via a vulnerability can be detected by its communication, e.g. requests, port scans and data transfers. An industrial anomaly detection detects this communication as a deviation in an Industrial Control System and reports it in real-time to the administrator. Successful invaders and communication changes in the system that are undetectable for the periphery guards firewall & co. are made visible within the network before they can cause serious damage. This level-2 protection ensures that operators of industrial networks can respond adequately and efficiently to all eventualities.

For more information on the inner workings of an anomaly detection


About Rhebo

Rhebo is a German technology company that is specialized in ensuring the operational reliability of industrial control systems by monitoring control communications. Rhebo provides hardware, software and services to secure networked industrial control systems and Critical Infrastructures as well as to increase productivity.
Rhebo is listed as one of the 30 top providers for industrial security in Gartner’s »Market Guide for Operational Technology Security 2017«. The company is member of Teletrust – IT Security Association Germany.



Rhebo GmbH
Kristin Preßler (Head of Marketing)
Spinnereistr. 7
04179 Leipzig

Tel. +49-341-393-790-180
Mobile: +49-162-1002085