Security News > 2024 > July > Some good may come out of the CrowdStrike outage
Estimated financial losses due to the recent massive IT outage triggered by the faulty CrowdStrike update are counted in billions, but the unfortunate incident is having several positive effects, as well.
As CrowdStrike was forced to explain, in great detail, how they roll out updates for its Falcon Sensors, what testing they perform beforehand, and how they plan to improve the whole process to prevent similar accidents from happening in the future, other cybersecurity vendors - such as Fortinet, Secureworks, and Bitdefender - have spelled out their own software and content update release processes.
David Weston, VP of Enterprise and OS Security at Microsoft, has penned a post explaining why security vendors leverage a kernel driver architecture: for system-wide visibility, to detect bootkits and rootkits, for faster data collection and analysis, and for tamper resistance.
Security vendors can use minimal sensors that run in kernel mode for data collection and enforcement limiting exposure to availability issues. The remainder of the key product functionality includes managing updates, parsing content, and other operations can occur isolated within user mode where recoverability is possible," he said, and outlined Windows' user mode protections vendors can use to protect their key security processes and maintain event visibility.
Based on publicly available data, UpGuard has compiled a list of companies that have been affected by the CrowdStrike Falcon incident - and it's long.
On Thursday, CrowdStrike said that over 97% of its Windows Falcon Sensors were back online.
News URL
https://www.helpnetsecurity.com/2024/07/29/crowdstrike-outage-positive-effects/