On Friday (July 19, 2024), CrowdStrike’s 'Falcon' product was sent an automatic remote content update for Microsoft Windows hosts (which it does on a regular basis). Unfortunately, the update had a defect. When uploaded, the defect triggered widescale failures of computers and systems with Microsoft operating systems that were online.
This is being described as the largest IT outage in history.
How has this affected VeroGuard?
The VeroGuard Platform was not affected by the CrowdStrike-caused outage and has continued to operate normally. Our customers using the VeroGuard verification services continue to use our services without interruption.
For any customer whose PCs or laptops were impacted during the period that their devices were compromised as they tried to find workarounds, customers could, nonetheless, continue to use VeroGuard without needing to worry about downstream attacks on their users’ credentials or ID's, because the VeroGuard Platform operates independently of other cloud services and remains vigilant even if a device is compromised.
A shift to stronger identity protection rather than reliance on detection models
CrowdStrike is embedded software detection that works with a computer’s operating system, essentially watching and assessing code to determine if a cyber threat is present. As each new variant of a threat is developed by an adversary, CrowdStrike must identify the threat and update their application.
The VeroGuard Platform works 'out of band' as the guardian rather than the detector. As such, the VeroGuard Platform rarely needs updates, which typically are functional improvements and not a reaction to each new threat. Fundamentally, the VeroGuard Platform is designed and built to defend the primary attack surfaces (over 95% of all attacks), which are identity and credentials.
Regardless of the source or type of attack, VeroGuard will stop the adversary from gaining control or executing actions in a system or network. In practical terms, the majority of cyber breaches over the past two years either started with a credential breach or had lateral movement using credentials acquired inside the network after the breach.
An outage that raises many questions.
CrowdStrike has said that the global outage was not caused by a cyber-attack, but the release of a defective update. The big questions by journalists and industry experts have included:
the nature, robustness and effectiveness of testing procedures for updates and patches on cloud systems;
the risk of concentration of internet services, and the impact when one of them has a major outage; and
the potentially catastrophic impact of a mega cybersecurity breach to critical infrastructure and services.
is a global defect-caused outage better than a global cyber breach? (i.e.: speed to deploy updates)
The World Economic Forum has stated that, in 2023, the economic impact from cybercrime was over US$8 trillion and, by 2027, the impact is forecast to rise to over US$24 trillion.
Time for a new approach
Given the clear unprecedented impact of the CrowdStrike outage and the questions that it has raised around the design, robustness and assumptions underlying global IT infrastructure protection, it is clear that a new approach to cybersecurity is needed.
The new approach needs to:
improve an organisations' and individuals’ security online from credential and ID compromise;
not be largely dependent on centralised detection software and services that are clearly under increasing pressures and can cause major global disruptions to systems and networks when that pressure leads to mistakes;
be able to operate in a distributed way like bank switches, whereby a single failure does not bring down multiple industries and geographies;
protect identity and credentials at all times, regardless of the choice of environment (cloud, on-premise or hybrid) and the status of the applications, network and systems; and
not result in widespread scamming each time a new incident occurs by improving the verification of both parties in all high value transactions.
The VeroGuard Platform addresses these issues.
Want to discuss how VeroGuard can change your organisations cyber-protection profile? Contact Us using the form below.
Commentaires