iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Following an outage that impacted companies all over the world, cyber security firm CrowdStrike has revealed a full revamp of its testing procedures.
CrowdStrike’s Senior Vice President, Counter Adversary Operations, Adam Meyers, has outlined the company’s response to a catastrophic global outage that saw retailers, airlines, broadcasters, and more taken offline or disrupted in July this year after a faulty update was rolled out to its Falcon cyber security platform.
Meyers appeared before the Committee on Homeland Security’s Subcommittee on Cybersecurity and Infrastructure Protection on September 24.
However, before going into detail on CrowdStrike’s response to the incident, he offered a sincere apology for the disruption.
“On behalf of everyone at CrowdStrike, I want to apologise. We are deeply sorry this happened and are determined to prevent it from happening again,” Meyer said in a prepared statement.
“We appreciate the incredible round-the-clock efforts of our customers and partners who, working alongside our teams, mobilised immediately to restore systems and bring many back online within hours. I can assure you that we continue to approach this with a great sense of urgency.”
Meyers also reiterated that the incident was not a cyber attack and that most systems had been rapidly restored.
“More broadly, I want to underscore that this was not a cyberattack from foreign threat actors. The incident was caused by a CrowdStrike rapid response content update,” Meyers said.
“We have taken steps to help ensure that this issue cannot recur, and we are pleased to report that, as of July 29, approximately 99 per cent of Windows sensors were back online.”
After outlining CrowdStrike’s security operations, how its Falcon platform works, and the details of how the faulty update was able to roll out to systems around the world, Meyer went into detail on the measures CrowdStrike has taken to ensure a similar incident is not repeated.
“We have successfully deployed critical detection and preventions over the past decade, validated and tested by our processes, to protect organisations against millions of threats from sophisticated adversaries without such an incident,” Meyer said.
“Since July 19, 2024, we have implemented multiple enhancements to our deployment processes to make them more robust and help prevent recurrence of such an incident – without compromising our ability to protect customers against rapidly-evolving cyber threats.”
CrowdStrike has rolled out new validation checks to ensure that the expected inputs between sensors and their associated rules match, alongside enhanced testing procedures “to cover a broader array of scenarios”.
Customers have also now been given more control over how updates are configured and deployed, while also introducing a more graduated rollout of updates so that any issues can be caught and remediated before becoming a widespread issue.
The company has also introduced more runtime checks and is continuing to work on enhancing its quality assurance techniques. Finally, CrowdStrike has brought in third-party vendors.
“We have engaged two independent third-party software security vendors to conduct further Falcon sensor code and end-to-end quality control and release processes reviews,” Meyers said.
Meyers finished by broadly outlining the nature of the current threat landscape, from hacktivists and nation-state actors to cyber criminals, before talking up the company’s ongoing commitment to its clients.
“We have long focused on protecting the resiliency of critical organisations and infrastructure against sophisticated adversaries,” Meyers said.
“Going forward, we will build upon our longstanding contributions to cybersecurity by continuing to share our lessons learned on ecosystem resiliency.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
