Idiot’s Guide to Crowdstike – And How Monitoring Software Can Help Prevent the Worst
Idiot’s Guide to Crowdstike
And How Monitoring Software Can Help Prevent the Worst
On July 19th, CrowdStrike, a leading cybersecurity firm, released a software update that inadvertently affected Microsoft Windows systems globally. Here’s a simplified explanation of what happened and its impact:
What Happened?
CrowdStrike issued a software update for its Falcon platform, a cybersecurity tool used to protect against threats. This update unexpectedly caused issues with Microsoft Windows based systems, affecting users worldwide.
Key Details of the Incident
- The Update:
- CrowdStrike released a routine software update to its Falcon platform, intended to improve security features and fix bugs.
- Impact on Microsoft Systems:
- Shortly after the update was deployed, users began reporting problems with their Microsoft systems, including crashes, slow performance, and connectivity issues.
- Microsoft estimated that 8.5 million Windows computers were disabled by the CrowdStrike glitch.
- The problems affected various Microsoft products, such as Windows operating systems, Office applications, and other related services.
- Detection and Response:
- CrowdStrike and Microsoft quickly identified that the update was the source of the issues.
- Both companies immediately started working together to diagnose the problem and develop a solution.
- Resolution:
- CrowdStrike quickly released a temporary workaround (delete a specific file and reboot), but not all users could implement this fix quickly.
- CrowdStrike rolled back the problematic update to prevent further issues.
- A new update was developed and thoroughly tested to ensure it would not cause additional problems before being re-released.
How CrowdStrike and Microsoft Handled the Incident
- Rapid Identification:
- The issues were quickly traced back to the recent CrowdStrike Falcon update.
- Both companies used their monitoring tools and customer reports to pinpoint the cause.
- Collaboration:
- CrowdStrike and Microsoft worked closely to understand the interaction between the Falcon update and Microsoft systems.
- This collaboration was essential in developing a fix and ensuring a smooth resolution.
- Communication:
- Both companies communicated promptly with their customers, providing updates on the situation and instructions for mitigating the impact.
- CrowdStrike issued detailed guidance on how to roll back the update and minimize disruptions.
- Crowstrike’s initial “workaround” guidance for dealing with the incident said Windows machines should be booted in a safe mode, a specific file should be deleted, and then rebooted. This required system admins to physically go to every machine.
- Lessons Learned:
- The incident highlighted the importance of thorough testing, especially when updates could affect widely-used systems.
- It reinforced the need for strong collaboration between cybersecurity firms and software providers to quickly address and resolve issues.
Preventive Measures
- Enhanced Testing:
- CrowdStrike committed to more extensive testing of updates in environments that simulate real-world conditions.
- This includes testing updates on systems running various combinations of software to catch potential conflicts.
- Better Communication Channels:
- Improved communication protocols were established to ensure quicker dissemination of information to affected users.
- This includes setting up dedicated support channels for incident resolution.
- Incident Response Planning:
- Both companies refined their incident response plans to handle similar situations more efficiently in the future.
- This involves regular drills and updates to response protocols.
How RecordTS Could Have Prevented the Worst of Crowdstrike
User Activity Monitoring
Monitoring software can track user activities to detect insider threats or compromised accounts. This includes monitoring privileged accounts that have access to sensitive information.
Example: If an insider threat or a compromised admin account was involved in the CrowdStrike breach, monitoring software could have detected unusual access patterns or unauthorized data access, allowing for timely intervention.
Forensic Analysis
Post-incident, monitoring software can provide detailed logs and records of all activities that occurred on the network. This aids in forensic analysis to understand the scope of the breach, identify vulnerabilities, and develop strategies to prevent future incidents.
Example: Detailed logs could help CrowdStrike identify how the attackers gained access, what data was accessed, and how the breach evolved over time, providing crucial insights for remediation and strengthening defenses.
Compliance and Reporting
Monitoring software helps ensure compliance with various cybersecurity regulations and standards by providing necessary logging and reporting capabilities. This not only aids in preventing breaches but also in demonstrating due diligence in protecting data.
Example: Maintaining compliance with standards like GDPR, HIPAA, or PCI DSS involves regular monitoring and reporting. This could have helped CrowdStrike in maintaining robust security practices and potentially avoiding regulatory fines or penalties.
Click here to learn more about secure remote session recording.