Information Security
Should a software update process encounter failure, it could result in severe outcomes, as evidenced recently with the widespread occurrence of blue screens of death attributed to a faulty update by CrowdStrike
19 Jul 2024
•
,
2 min. read
Security in the digital realm often hinges on swiftness; a malevolent threat actor devises a malicious attack tactic or code, security firms respond to the emerging threat, and if required, tweak and implement methods to detect the threat. Adapting might entail updating cloud detection systems and/or upgrading endpoint devices to ensure the necessary protection against the threat. The agility in response is key since the security sector is tasked with safeguarding, identifying, and counteracting threats in real time.
The update procedures that security firms establish to prevent clashes between an update and the operating system or other products tend to be substantial, involving automated testing environments that replicate real-world scenarios encompassing diverse operating systems and variations of system drivers among other aspects.
In some instances, human oversight may be necessary for a final approval, ensuring adherence to all processes and protocols without any conflicts. Moreover, third parties, like an operating system provider, might conduct independent tests over and above the security vendor’s assessments to avert any major downtime, as observed presently.
In an ideal scenario, a security team would subject the update to rigorous trials within their own environment, ensuring compatibility. Once confident about the update’s integrity, a phased rollout would commence, potentially segmenting by departments, thus minimizing the risk of operational disruptions.
However, for cybersecurity product updates, this meticulous process is impractical; deployment needs to match the pace at which threats are disseminated, usually almost instantaneous. A failed update process could prove catastrophic, as exemplified by the current situation involving a software update from CrowdStrike, causing blue screens of death and widespread infrastructure failures.
An issue like this does not necessarily denote incompetence on the part of the vendor; it could simply be an unfortunate series of events, a perfect storm of updates or configurations leading to the incident, unless foul play by a malicious actor is involved, which seems not to be the case here.
Key Takeaways from this Episode
Primarily, all security vendors are likely reassessing their update protocols to iron out any flaws and enhance their robustness. An essential lesson to draw from this situation is that when a company attains a significant market position, its dominance can precipitate a quasi-monopoly event, where a single issue can have far-reaching repercussions.
Cybersecurity professionals often emphasize terms like ‘defense in depth’ or ‘layers of defense,’ denoting the utilization of multiple technologies and, in many cases, multiple vendors to thwart potential attacks, as well as emphasizing resilience in the architecture, instead of relying solely on a single vendor.
It’s crucial not to lose sight of the root cause when incidents like this occur; without cyber threats orchestrated by cybercriminals and state-sponsored attackers, the need for real-time protection would not be as imperative.
About Author
