cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kaity
Community Manager

ALL THINGS CrowdStrike - July 2024 Incident

Hi all! There are so many great discussions about CrowdStrike going on in this Community, but we want to bring them together in one place, so that folks can share and discuss efficiently! 

54 Replies
JoePete
Advocate I

Worth the read, but I take issue with the article's assertion:
"It’s pretty neat, and Crowdstrike’s Falcon has been instrumental in blunting the efforts of cyber-meanies for over a decade… but to do what it needs to get done, it requires deeper/more privileged access to the operating system than most programs would need, so when something does go wrong, boy can it go wrong!"

 

Whether you worship at the altar of "least privilege," "Zero Trust," or elsewhere, you should cringe at this statement. The core problem is that Crowdstrike tries to make chicken salad out of someone else's chicken poop and to do that, yes, it needs kernel-type access. This is the model that infests corporate IT. Rather than starting with secure systems, configured securely, and used in a secure manner, we ignore those things and purchase "magic bullet" software meant to compensate. Sometimes that magic bullet is really good, but we end up spending a lot of money and building a massive single points of failure because we are not doing the necessary work at the purchasing and provisioning stage. Failure is not only an option, it is inevitable. Yet with every passing year, we heighten the stakes of failure. Crowdstrike today, AI tomorrow, etc. We either refuse to follow what we already know, or, more likely, we fail to communicate that knowledge to decision-makers.

Caute_cautim
Community Champion

@JoePeteA lot of companies have may a lot of Billionaires over the years, due the model they propose - in some cases by putting an interface on the front end like a web proxy, which protects the back-end systems, without which they would be exposed to all sorts of horrible things.  But the clients then get blase because the web proxy protects them and gives them leeway to other things.   Falsehoods arise everywhere, and yet we do not challenge them or if we do we are either shutdown or told to keep quiet - whilst the Billionaires carry on make money.  And we simply accept it normally.

 

And then someone states is a shared responsibility issue .....  shared maybe in fact we let them in the door in the first place to do their thing.

 

Regards

 

Caute_Cautim

dcontesti
Community Champion

So many of us remember or still hear M$ stating that they will no longer support an aging operating system.

 

I found this comical that basically the only airline in the US stayed operational on July 19th while other major airlines were taken out of service.

 

https://www.digitaltrends.com/computing/southwest-cloudstrike-windows-3-1/

 

d

 

JKWiniger
Community Champion

I must have something wrong, I was under the impression that under SOX any publicly traded company was required to only use operating systems that were still supported by the vendor. I have not seen anything stating that Microsoft was still supporting these system. Has the government just turned a blind eye to some companies? What am I missing here?

 

John- 

dcontesti
Community Champion

Agreed 

ericgeater
Community Champion

* putting on my skeptical spectacles *

 

There are hundreds of articles claiming that SWA is running Windows 3.1, but I can't find a link which corroborates this claim.

 

But to be fair, let's accept the possibility that they're not affected because maybe they're not Crowdstrike customers.

-----------
A claim is as good as its veracity.
dcontesti
Community Champion

That makes a lot of sense.  Thank you.

dcontesti
Community Champion

You are probably correct, they may not be running the software.  I know Air Canada stayed up and running and ARE NOT using CrowdStrike.  Porter Airlines in Canada was affected.

 

Just found this on the Net:

 

Some airlines, including Southwest and Alaska, do not use CrowdStrike, the provider of cybersecurity software whose faulty upgrade to Microsoft Windows triggered the outages. Those carriers saw relatively few cancellations.

 

So it seems that the original article may be a piece of false news which explains a lot.

 

 

mikefenton112
Newcomer I

It's interesting to see how older technology can still play a crucial role in modern operations. The resilience of Southwest Airlines' system, despite its age, highlights the reliability and robustness of some older software. It's a bit of a paradox when you think about how companies like Microsoft push for constant upgrades, yet a 1992 Windows version can still handle critical tasks effectively.

 

On a related note, just as this old software is still proving its worth, GM Stock has shown similar resilience and adaptability in the ever-evolving automotive industry. It's a testament to how some things, no matter their age, can still perform exceptionally well when needed.

ericgeater
Community Champion

Not sure about the relationship of stock to a cybersecurity posture.  can you explain it without a link, please?

-----------
A claim is as good as its veracity.