Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kaity
Community Manager
Community Manager
‎07-22-2024 11:24 AM
‎07-22-2024 11:24 AM

ALL THINGS CrowdStrike - July 2024 Incident

Hi all! There are so many great discussions about CrowdStrike going on in this Community, but we want to bring them together in one place, so that folks can share and discuss efficiently! 

Reply
54 Replies
JoePete
Advocate I
‎07-21-2024 06:37 PM
‎07-21-2024 06:37 PM

Worth the read, but I take issue with the article's assertion:
"It’s pretty neat, and Crowdstrike’s Falcon has been instrumental in blunting the efforts of cyber-meanies for over a decade… but to do what it needs to get done, it requires deeper/more privileged access to the operating system than most programs would need, so when something does go wrong, boy can it go wrong!"

 

Whether you worship at the altar of "least privilege," "Zero Trust," or elsewhere, you should cringe at this statement. The core problem is that Crowdstrike tries to make chicken salad out of someone else's chicken poop and to do that, yes, it needs kernel-type access. This is the model that infests corporate IT. Rather than starting with secure systems, configured securely, and used in a secure manner, we ignore those things and purchase "magic bullet" software meant to compensate. Sometimes that magic bullet is really good, but we end up spending a lot of money and building a massive single points of failure because we are not doing the necessary work at the purchasing and provisioning stage. Failure is not only an option, it is inevitable. Yet with every passing year, we heighten the stakes of failure. Crowdstrike today, AI tomorrow, etc. We either refuse to follow what we already know, or, more likely, we fail to communicate that knowledge to decision-makers.

Reply
Caute_cautim
Community Champion
‎07-22-2024 01:32 AM
‎07-22-2024 01:32 AM

@JoePeteA lot of companies have may a lot of Billionaires over the years, due the model they propose - in some cases by putting an interface on the front end like a web proxy, which protects the back-end systems, without which they would be exposed to all sorts of horrible things.  But the clients then get blase because the web proxy protects them and gives them leeway to other things.   Falsehoods arise everywhere, and yet we do not challenge them or if we do we are either shutdown or told to keep quiet - whilst the Billionaires carry on make money.  And we simply accept it normally.

 

And then someone states is a shared responsibility issue .....  shared maybe in fact we let them in the door in the first place to do their thing.

 

Regards

 

Caute_Cautim

Reply
dcontesti
Community Champion
‎07-22-2024 06:22 AM
‎07-22-2024 06:22 AM

So many of us remember or still hear M$ stating that they will no longer support an aging operating system.

 

I found this comical that basically the only airline in the US stayed operational on July 19th while other major airlines were taken out of service.

 

https://www.digitaltrends.com/computing/southwest-cloudstrike-windows-3-1/

 

d

 

Reply
JKWiniger
Community Champion
‎07-22-2024 07:00 AM
‎07-22-2024 07:00 AM

I must have something wrong, I was under the impression that under SOX any publicly traded company was required to only use operating systems that were still supported by the vendor. I have not seen anything stating that Microsoft was still supporting these system. Has the government just turned a blind eye to some companies? What am I missing here?

 

John- 

Reply
dcontesti
Community Champion
‎07-22-2024 08:18 AM
‎07-22-2024 08:18 AM

Agreed 

Reply
ericgeater
Community Champion
‎07-22-2024 08:41 AM
‎07-22-2024 08:41 AM

* putting on my skeptical spectacles *

 

There are hundreds of articles claiming that SWA is running Windows 3.1, but I can't find a link which corroborates this claim.

 

But to be fair, let's accept the possibility that they're not affected because maybe they're not Crowdstrike customers.

-----------
A claim is as good as its veracity.
Reply
dcontesti
Community Champion
‎07-22-2024 03:27 PM
‎07-22-2024 03:27 PM

That makes a lot of sense.  Thank you.

Reply
0 Kudos
dcontesti
Community Champion
‎07-23-2024 08:45 AM
‎07-23-2024 08:45 AM

You are probably correct, they may not be running the software.  I know Air Canada stayed up and running and ARE NOT using CrowdStrike.  Porter Airlines in Canada was affected.

 

Just found this on the Net:

 

Some airlines, including Southwest and Alaska, do not use CrowdStrike, the provider of cybersecurity software whose faulty upgrade to Microsoft Windows triggered the outages. Those carriers saw relatively few cancellations.

 

So it seems that the original article may be a piece of false news which explains a lot.

 

 

Reply
mikefenton112
Viewer II
‎07-23-2024 08:53 AM
‎07-23-2024 08:53 AM

It's interesting to see how older technology can still play a crucial role in modern operations. The resilience of Southwest Airlines' system, despite its age, highlights the reliability and robustness of some older software. It's a bit of a paradox when you think about how companies like Microsoft push for constant upgrades, yet a 1992 Windows version can still handle critical tasks effectively.

 

On a related note, just as this old software is still proving its worth, GM Stock has shown similar resilience and adaptability in the ever-evolving automotive industry. It's a testament to how some things, no matter their age, can still perform exceptionally well when needed.

Reply
0 Kudos
ericgeater
Community Champion
‎07-23-2024 12:45 PM
‎07-23-2024 12:45 PM

Not sure about the relationship of stock to a cybersecurity posture.  can you explain it without a link, please?

-----------
A claim is as good as its veracity.
Reply
0 Kudos