The whole world knows what happened with CrowdStrike and how 8.5 million Microsoft Windows machines were impacted last month. Many security teams experienced it firsthand. A hospital on the east coast had to halt surgeries completely because of the outage. Major airlines suffered damages estimated at hundreds of millions of dollars as well as financial institutions, retail stores, emergency services were greatly affected as well. The total revenue lost by customers is challenging to pinpoint, but given the scope of the impact, it’s beyond substantial. It will be several months before we really know what the cumulative damage looks like.
SAN NewsBites author, Gal Shpantzer, said “It might make sense to consider this a friendly ransomware incident and revisit roads to resilience in the face of compromise.” This is a wake-up call and reminder to all organizations to review resiliency strategies to ensure they are ready and are more prepared for similar disruptions in the future.
Many organizations use CrowdStrike or other endpoint detection and response (EDR) solutions as a frontline of defense for security breaches, threats and incidents. This is the technological front-line because the endpoint is the element closest to “fingers on the keyboard”. It is critical that the EDR agents balance observability with resource utilization, and resiliency constantly driving these objectives with significant constraints:
Protect an entire system…
BUT don’t use too many resources.
Watch for malicious files that
BUT don’t use too much memory.
Check every process that is running …
BUT don’t use too many CPU cycles.
Be ready for the latest attack…
BUT don’t cause problems.
Something had to give.
The CrowdStrike incident serves as a stark reminder of the vulnerabilities that exist even with advanced security measures in place. As the aftermath unfolds and organizations tally the substantial losses, it’s clear that resilience is not just a buzzword but a critical necessity. This event should prompt every organization to re-evaluate and strengthen their resiliency strategies, ensuring they are prepared to face and swiftly recover from similar disruptions in the future – whether caused by a cyber attack or any other reason. Let this be a wake-up call to build stronger, more adaptable systems that can withstand the inevitable challenges ahead.
This incident also underscores the crucial need for visibility within an organization’s network and endpoint environments. Without comprehensive visibility, security teams are left in the dark, unable or slow to detect and respond to threats effectively. Visibility allows for real-time monitoring and rapid identification of anomalies, which is essential in mitigating the impact of breaches and outages. As organizations work to bolster their resiliency strategies, investing in tools and technologies that provide clear, actionable insights into their systems is imperative. Visibility is the foundation upon which robust security and resilience are built, ensuring that teams can swiftly navigate and neutralize threats before they escalate.
