A few weeks ago, a faulty update caused one of the largest IT outages in history. Since then, CrowdStrike has released a Root Cause Analysis (RCA) report detailing what happened. In this article, we’ll break down what lead to the major CrowdStrike outage and why millions of people received the Windows blue screen of death.
What is CrowdStrike?
CrowdStrike is a cybersecurity software company that offers threat detection, security solutions, and cyberattack response services. Companies will employ CrowdStrike’s software to proactively protect their networks from hackers.
What Happened
The issue began with a February update to CrowdStrike’s Falcon sensor, designed to improve detection of attack techniques by leveraging AI. When an update was released in July, it was supposed to update the Windows sensor, however, there was a bug that resulted in a system crash.
The Fallout
Since the incident, CrowdStrike has faced significant backlash, including a lawsuit from investors and criticism from major clients like Delta Air Lines, which reported $500 million in losses. The RCA report aims to address these concerns by explaining what went wrong and outlining steps to prevent future issues.
Key Findings and Actions
Enhanced Testing Procedures:
CrowdStrike will update its Content Configuration System test procedures, including automated tests for all existing Template Types.
Additional Deployment Layers:
The company will implement canary testing and rollback mechanisms, allowing for staged deployments to catch issues before wide-scale release.
Increased Customer Control:
Customers will now have more control over the deployment of Rapid Response Content updates, helping to prevent similar outages.
Validation Improvements:
CrowdStrike will prevent the creation of problematic files by implementing validation for the number of input fields and enhancing bounds checking.
Third-Party Reviews:
Two independent software security vendors will review the Falcon sensor code and quality control processes.
Moving Forward
CrowdStrike has announced their focus on using the lessons learned from this incident to enhance its services and better protect its customers. For more insights and assistance in strengthening your cybersecurity posture, contact radius180 today!