Who hasn’t heard about the recent global outage impacting everyone? Concerns about our digital environment and the impact of a single piece of software are widespread.
Details:
Microsoft complied with EU anti-trust rules by allowing other malware tools to be present in their OS kernel. In contrast, Apple avoided this, and it’s likely they’ll face EU scrutiny again. Apple’s approach keeps third-party cybersecurity tools outside the OS kernel, accessing them at the API layer instead.
Microsoft signs the drivers released by CrowdStrike, which are essentially configuration files for updates. This is common practice, with responsibility for driver releases shared between the software vendor and the recipient. Due to the privileged state of CrowdStrike Falcon Sensor (the offending software), it could cause a Blue Screen of Death. Imagine the threat if malware were embedded in the configuration file.
Without changes to this process and CrowdStrike having kernel access like Microsoft’s Defender program, issues during kernel execution will persist.
At CMIT, we are researching various EDR (Endpoint Detection and Response) software options. We will also compare features like ease of rollbacks and fixes.
More to come.
For a comprehensive inventory discovery of your endpoints and checks on privileged access, please schedule a 30-minute device assessment. We’ll identify vulnerabilities, solutions, LAN/WAN integration, and product security.
Incidents will always happen; the key is having a robust incident response plan. This plan is crucial for addressing various points of failure and ensuring quick recovery.
Please contact me directly at 512.691.1954 or leave a message with my live reception at 512.520.2766. Email: [email protected].
